also @ TechSpot: Nvidia GeForce GTX 780 Review

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

AVG threat alerts for IDP.Trojan.1C8D1A13 & Crypt.AQLW

Discussion in 'Virus and Malware Removal' started by mwaugh29, May 3, 2012.

Post New Reply

Page 3 of 4

Broni Malware Annihilator Posts: 39,349 +175
You can reinstall AVG at any time.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found IE - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..\Toolbar\WebBrowser: (no name) - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - No CLSID value found. O3 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] http in Trusted sites) O15 - HKLM\..Trusted Domains: contentmatch.net ([ny] https in Trusted sites) O15 - HKLM\..Trusted Domains: kent.edu ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..Trusted Domains: iomega.com ([istorage] http in Trusted sites) O15 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..Trusted Domains: iomega.com ([istorage] https in Trusted sites) O15 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..Trusted Domains: musicmatch.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2771761046-1399984018-4223984257-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} https://iomega-na-en.custhelp.com/rnt/rnw/activex/wspellam.cab (Reg Error: Key error.) O16 - DPF: {755CC1E8-C05A-4A98-8764-132DB2A0472C} https://iomega-na-en--rpt.custhelp.com/rnt/rnw/activex/ColorPickerX.cab (Reg Error: Key error.) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/mail/autocomplete.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) [2005/04/09 00:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

================================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, May 5, 2012

#41
mwaugh29 Newcomer, in training Posts: 36

Broni,

I am not finding the log after rebooting from the OTL fix. Also, upon reboot, I get a message that the OTL file needs permission to run, so I click RUN. I do not have internet connection any longer on the desktop (infected computer). I did before the fix was run. Suggestions?

Thanks,
Matt

mwaugh29, May 5, 2012

#42
Broni Malware Annihilator Posts: 39,349 +175

Re-run the fix from safe mode.

Broni, May 5, 2012

#43
mwaugh29 Newcomer, in training Posts: 36

I have attempted to run the fix in safe mode, but still no result file is generated.

mwaugh29, May 5, 2012

#44
mwaugh29 Newcomer, in training Posts: 36

Also, I have about 15 TMP files now located on my desktop. It looks like some Word docs that are recent in MS Word history and some associated files '~WRL*****' that seem to correspond with the Word docs.

Thanks,
Matt

mwaugh29, May 5, 2012

#45

Broni Malware Annihilator Posts: 39,349 +175

Leave OTL alone for now.

If you still don't have internet connection retry steps form my reply # 32.

Broni, May 5, 2012

#46

mwaugh29 Newcomer, in training Posts: 36

I have internet connection restored, for the time being. Should I proceed with the steps following OTL?

Best,
Matt

mwaugh29, May 5, 2012

#47
Broni Malware Annihilator Posts: 39,349 +175

Yes please.

Broni, May 5, 2012

#48
mwaugh29 Newcomer, in training Posts: 36

Broni,

By the way, I have not yet reinstalled AVG. I ran the Security Check and here are the results:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Java(TM) 6 Update 32
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.5.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

Best
Matt

mwaugh29, May 5, 2012

#49
mwaugh29 Newcomer, in training Posts: 36

Here is the most recent FSS log...

Farbar Service Scanner Version: 30-04-2012 01
Ran by Matthew (administrator) on 06-05-2012 at 00:00:54
Running from "C:\Documents and Settings\Matthew\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
DNE(14) Gpc(6) IPSec(4) IPSECSHM(9) NetBT(5) PSched(7) Tcpip(3) WSIMD(13)
0x0E000000040000000100000002000000030000000C000000060000000700000008000000090000000A0000000B000000050000000D0000000E000000
IpSec Tag value is correct.
**** End of log ****

Thanks,
Matt

mwaugh29, May 6, 2012

#50
mwaugh29 Newcomer, in training Posts: 36

Broni,

Here is the ESET Scan result:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063361.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063450.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063457.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063458.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063460.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063526.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0063582.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\WINDOWS\INF\alchem.inf probably a variant of Win32/Agent.GESWFOG trojan cleaned by deleting - quarantined
Best,
Matt

mwaugh29, May 6, 2012

#51
Broni Malware Annihilator Posts: 39,349 +175

Make sure you reinstall AVG as soon as possible.

Uninstall:
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

Then we have one registry key missing which affects your Security Center function.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Registry Editor will open.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wscsvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Post new FSS log.

Broni, May 6, 2012

#52
mwaugh29 Newcomer, in training Posts: 36

Hi Broni!

After uninstalling Java(TM) SE Runtime Environment 6 Update 1 and Java(TM) 6 Update 2 successfully, I get the following message when attempting to uninstall Java 2 Runtime Environment, SE v1.4.2:

"The feature you are trying to use is on a network resource that is unavailable." Click OK to try again, or enter an alternate path to a folder containing the installation package 'Java 2 Runtime Environment, SE v1.4.2' in the box below:

Does this Java feature need to be removed before performing the other steps in the sequence?

Thanks,
Matt

mwaugh29, May 6, 2012

#53
Broni Malware Annihilator Posts: 39,349 +175

That's fine. Go on....

Broni, May 6, 2012

#54
mwaugh29 Newcomer, in training Posts: 36

Broni,

Please disregard previous message. I searched for the source file, located it, and entered the path in the provided box to remove the Java 2 Runtime Environment, SE v1.4.2 file. It has been uninstalled.

I had re-installed AVG prior to Java features removal and I am proceeding with updating Adobe Flash Player.

Best,
Matt

mwaugh29, May 6, 2012

#55
mwaugh29 Newcomer, in training Posts: 36

Here is the new FSS scan report:

Farbar Service Scanner Version: 30-04-2012 01
Ran by Matthew (administrator) on 06-05-2012 at 16:48:20
Running from "C:\Documents and Settings\Matthew\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Avgtdix(15) DNE(14) Gpc(6) IPSec(4) IPSECSHM(9) NetBT(5) PSched(7) Tcpip(3) WSIMD(13)
0x0F000000040000000100000002000000030000000C000000060000000700000008000000090000000A0000000B0000000F000000050000000D0000000E000000
IpSec Tag value is correct.
**** End of log ****

Best,
Matt

mwaugh29, May 6, 2012

#56
Broni Malware Annihilator Posts: 39,349 +175
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
Broni, May 6, 2012

#57
mwaugh29 Newcomer, in training Posts: 36

Broni,

After running script in OTL and restart, I do not find the log created (once again). Also, my taskbar has a Windows Classic look to it (this comes and goes). Additionally, after the TMP files had disappeared for a while, they are now back again.

Proceed with cleanup?

Thanks,
Matt

mwaugh29, May 6, 2012

#58
Lost Cause Newcomer, in training

[Post removed by Broni]

Lost Cause, May 6, 2012

#59
mwaugh29 Newcomer, in training Posts: 36

Lost Cause,

I have restored internet connection, but at times (> 1 hour), I need to reboot in order to re-connect. I'm not sure what the issue is there.

Broni,
Is the WinSockXPFix something worth trying after cleanup is finished?

Best,
Matt

mwaugh29, May 6, 2012

#60

Page 3 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.