Attaching new Kaspersky - Thank you.

Attaching new Kaspersky. Looks as though there's one added.

- Thank you. ST

Avg...

AVG shows c:windows\system32\drivers\etc\hosts change but not virus.



Running ad aware now.

The current infection found by kaspersky is in your recycle bin

C:\RECYCLER\S-1-5-21-507921405-1965331169-839522115-1003\Dc6\SideStepSetup.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.SideStep.g
C:\RECYCLER\S-1-5-21-507921405-1965331169-839522115-1003\Dc6\SideStepSetup.exe WiseSFX:

To remove it simply empty your recycle bin
----------------------------------------------------------------------------------------------------------

Launch Spybot S&D and update it, then click immunize icon, after the green bar goes across once click the green + symbol to immunize your system.

At the top click on Mode, then select advanced, then click on the tools section at the bottom.

Hosts file will be one of the options -> double click it (once you use this program regularly, you can restore your host file to various dates, I have about 10 different dates to choose from on mine) but for now -> click on add Spybot S&D Host list

Then click on the attach icon here (looks like paperclip) and navigate to the following file
C:\windows\system32\drivers\etc\hosts.txt and attach the file here for me to check it

Here it is...in installments.

Board wouldn't accept it as it was so I copied and made a txt file but it was still too big to send so I chopped it.

Your host file is fine.

Go to My computer -> C:\windows\system32\drivers\etc\host.txt and right click on the file, choose properties and ensure that Read Only is checked. If it is close the window. If it is not checked, go ahead and put a check in the box and click OK

That should take care of everything -> just to be safe lets run 1 more scan with kaspersky and ensure that it comes up clean. If so follow below:

:Set correct settings for files:

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
• Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
• If unchecked please check Hide protected operating system files (Recommended)
• If necessary check "Display content of system folders"
• If necessary Uncheck Hide file extensions for known file types.
• Click OK

:clear system restore points:

• 
  This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

Ya a-a-a-a-ay ! Thank you.

So, does this mean that since Kaspersky was able to find the viri and infected files and the other programs weren't so exact, that I should buy Kaspersky?

Does the full version delete the files and viri and not just find them?

Also, since I did the java thing, my firefox won't support my pogo.com word games, saying I don't have the correct java. IE will run tumblebees once and then punk out, saying there is a java problem.

Thank you so much. ST

Different scanners have different definitions, I suggested Kaspersky because Trend Micro Housecall wasn't working, and I saw that Kaspersky had the definitions for some of your infections. Kaspersky has a great Anti-Virus program and if you think you want it - I believe they have a free trial.

In my opinion you will get great anti-virus protection from many free programs such AVG, Avast, or Avira

Also keep a firewall active at all times, I just realized that you removed your firewall and should install one of these ASAP

• Comodo
  Kerio
  Online Armor
  Zonealarm

These are all free good firewall programs

You want to have a combonation of anti-spyware (adaware and spybot is what I keep, update regularly and scan with)
----------------------------------------------------------------------------------------------

For the Java, did you update through the console in control panel or through the link? Also did you remove older versions except java 6 update 5

you get viruses from places like pogo

"I don't go to weird websites."

FYI: places like pogo where you play free online games, get free wallpaper, get free screensavers, send free greeting cards that jump around and sing, get 3 free mp3s for signing up to some music service, get free backgrounds for myspace, etc., are where you get these viruses and trojans.

some of them come in when you download the java applet to run these games, "register" to use the things on the website, use their download manager, etc.

i am not saying that the pogo website is giving you viruses and trojans. i am suggesting that these types of websites are where people will get ya when you download something - they exploit these types of sites. Just FYI.

Thank you. Now my internet is extremely slow.

Now my internet is extremely slow. Firefox takes a long time to load and videos, especially utube are impossible.

Took everything out of start menu, emptied cache, deleted unnecessary programs. Must have deleted something I need when I did housecleaning.

Any suggestions from anyone on what could be slowing my internet? (It's been happening since yesterday but was okay before that.)

Have verizon hi speed and two 75.5 gig hds; AMD Sempron Processor

2800+ 1.60 GHz, 960 MB or RAM

MSWXP Pro 2002 Service Pack 2

Thank you. ST

Am I supposed to be responding to this? you never responded to my last post

I must have clicked the wrong button. I did respond.

I did respond but probably hit the wrong button. Was waiting for an answer from you.

According to my computer, windows has a firewall in place and working.

Is this sufficient protection or should I add another program?

Now have avast antivirus, adaware and spybot, all on automatic updates and scans.

Downloaded Java through link and uninstalled other versions.

Made new restore point and deleted oldies.

Have problem with videos now, especially from utube. Downloads 2 seconds at a time.

Must have done something wrong when I was clearing stuff out or altered a setting I wasn't aware of.

Should I reinstall java and see if the problem is there?

Thank you. ST

You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
Comodo
Kerio
Online Armor
Zonealarm

Let me see one more Hijackthis file and I will see if anything sticks out that would be effecting the videos

I happened again...my post was lost.

Another memo was lost.

This time I'm sure I sent the memo with hijack attached.


Comodo found "New Private Network Detected!" Via Compatable fast ethernet adapter - Packet Scheduler Miniport

What does this mean? Is it my dsl modem?

Also, comodo said hijackthis.exe is trying to modify the contents of C:\windows\win.ini and that I must make sure hijack is a safe application before allowing request. I though hijack just scanned at first.

Thank you. ST

Good you have Defense+ enabled.

This is Normal, check remember this decision and allow

Don't worry about Hijackthis. Basically if you recognize the program it is normally fine.

You will get a lot of warnings at first until Comodo learns your computer and your habits. It is worth it though. It is a great firewall. Over time you wont even realize it is there, except for on occasion.

Hijackthis looks clean but I would remove these ActiveX controls for good measure. You can always resintall them if needed. Since you no longer have these programs.

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
  O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Took off trend housecall, too...

especially since it didn't work anyway. ST

Had to push it a little further with removalT...

See beginning of report for quarantine info.

Thank you. ST

It could be for 100s of different programs I am not sure what yours goes to, if none of your programs have issues with it in quarantine you can remove it

Not sure why the file has been removed, but you might as well remove the entry using Hijackthis:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)

Thank you, thank you, thank you.

Computer isn't slow anymore.

Java notified me for update and that download took care of it.

You're great. ST

Good.

Go to start -> Run -> type in combofix /u
*note the space between
*This will uninstall combofix
*removes vundofix backups
*removes quarentine files
*creates a fresh clean restore point

Remove Hijackthis from Start-> control panel -> add/remove programs
Remove the 3 tools from step 10 (smitfraud, vundofix,virtumondobegone) by dragging to the recycle bin

I recommend you keep
1 anti virus program (AVG not anti spyware)
1 firewall
Spybot S&D, Adaware 2007, AVG Anti Spyware if you want but the version we downloaded is a 30 day trial

keep them updated.

You can also turn on tea timer in Spybot:

• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• check Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

Also under Tools you can double-click System Startup in the right pane and disable programs from running at

startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer

you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on

the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green

though.

Thank you again. ST

Thank you again. ST