TechSpot

Google search links taking me to random unrelated sites and ads, etc

Inactive
By ihateviruses123
Sep 18, 2010
Topic Status:
Not open for further replies.
  1. Hi guys. My computer was recently hit with the evil Antimalware Doctor virus which I managed to get rid of on my computer but now my internet surfing is messed up! It has slowed down the internet and my google search links direct me to other unrelated sites. Can anyone help? Here is the HijackThis report if it helps:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:23:03 PM, on 9/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [enaxwrcosm.tmp] "C:\DOCUME~1\Others\LOCALS~1\Temp\enaxwrcosm.tmp"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (DHSurveillanceCtrl Control) - http://192.168.1.50/webrec.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E68C89AA-554F-43F3-8D5E-9B36D873081B} (prjOCFTools.OCFTools) - http://www.rogershelp.com/ocf/prjOCFTools.CAB
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

    --
    End of file - 5523 bytes
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help with the malware, but we don't 'screen' with HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, paste the logs for review into your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    One question: Do you have any idea what this file is?
    O4 - HKLM\..\Run: [enaxwrcosm.tmp] "C:\DOCUME~1\Others\LOCALS~1\Temp\enaxwrcosm.tmp"
     
  3. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Hi Bobbye. Thanks for helping me out. I checked for the enaxwrcosm.tmp file you were asking about and was not able to find out what it was...I did a search and even in Run, it didn't even come up with anything.

    Well, now I've run into a major problem. I just ran the TFC, it restarted my computer but it's now taking forever for my computer account to log me in and load the desktop. My desktop is now blank apart from the wallpaper image. I can't do anything! I'm currently posting from another computer...

    Ugh. This is not looking good. :(

    PS - Just to clarify, there is no taskbar, icon, nothing.
     
  4. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Another update...just did System Restore in Safe Mode so I got my desktop back. I'm going to attempt the steps again except I won't do TFC this time as I don't want that headache again...so I'll just post the logs from Malwarebytes, GMER and DDS. Hope that's ok!
     
  5. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Hi. Please find attached the logs as requested! TIA!
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There were several scans by Microsoft Antimalware identifying a threat and naming it. Did you not get any type of alert?

    9/14/2010 3:20:01 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/CeeInject.gen!J&threatid=2147611223 User: MWC-BACKOFFICE\Others Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.1620.0, AS: 1.89.1620.0 Engine Version: 1.1.6103.0

    This malware, VirTool:Win32/CeeInject.gen!J is Microsoft's generic detection for a group of applications often used by malware authors to inject code into other running Windows applications.

    VirTool:Win32/CeeInject.gen!J usually detect files that carry different kinds of payloads that do a number of things without the user's knowledge. The payload is then inserted into other currently running applications, such as an innocuous file download injected into Internet Explorer that actually downloads other malware.
    ===============================================
    Please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =============================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply. OK to use multiple posts if needed.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    TFC should not have caused any problem. It cleans temporary internet files.
    Please do not do any System Restores while I'm helping you.
     
  7. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Bobbye, strangely enough, no I did not get any alert identifying any threat when I ran the Malwarebytes scan. It told me there were 0 infected files.

    Now I'm trying to run the Eset NOD32 Online AntiVirus scan but it's not working for me. When I check off "YES, I accept the Terms of Use." and then click Start, the screen goes grey and there is a little icon in the Status Bar at the bottom that shows a yellow triangle with an exclamation mark and it says "Done, but with errors on page". Can't even run the scan. What should I do now?
     
  8. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    OK, so I consulted their FAQ and it said:

    ESET Online Scanner is unable to run even when using Administrator privileges.
    It is possible, that a third-party security software prevents ESET Online Scanner from running by setting up a so-called “killbit”. To avoid this problem you have to use regedit.exe, where you under

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7530BFB8-7293-4D34-9923-61A11451AFC5}

    delete the value "Compatibility Flags" REG_DWORD 0x00000400.


    Well...I checked and cannot find the {7530BFB8-7293-4D34-9923-61A11451AFC5} number. I do have:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{753AA023-02D1-447D-8B55-53A91A5ABF18}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7584c670-2274-4efb-b00b-d6aaba6d3850}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75C11604-5C51-48B2-B786-DF5E51D10EC9}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75D1F3B2-2A21-11D7-97B9-0010DC2A6243}

    Please advise which one I should use.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    None of the above. What you should not do is make Registry changes while we're cleaning. there is an alternative to Nod:

    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

    If you still have a problem, try running Combofix first, then follow with the online scan.
     
  10. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Here is the Kaspersky Online Scanner report.

    Threats found: 6
    Infected objects found: 10
     

    Attached Files:

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    See if you can run Combofix please:


    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Please paste the results in the next reply.
     
     
  12. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    I am double clicking on the ComboFix icon and then once i click on "Run", nothing happens. All anti-virus and anti malware programs are turned off. What is preventing ComboFix from running?
     
  13. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Any help on this? Thanks!
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It's Sunday! Even God took this day off!

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      :Files  
      C:\WINDOWS\system32\winlogon.exe/C:\WINDOWS\system32\winlogon.exe	
      C:\WINDOWS\Explorer.EXE/C:\WINDOWS\Explorer.EXE	
      C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B6191031-B78E-51F7-3760-451AD64578B7}-setup[1].exe	
      C:\Documents and Settings\Others\Local Settings\Temp\0.26400675772800186.exe	
      C:\Documents and Settings\Others\Local Settings\Temp\google.exe		
      C:\Documents and Settings\Others\Local Settings\Temp\jar_cache2555765763622157024.tmp	
      C:\Documents and Settings\Others\Local Settings\Temp\jar_cache7023295524514201322.tmp	
      C:\Documents and Settings\Others\Local Settings\Temp\Qsk.exe	
      C:\WINDOWS\explorer.exe		
      C:\WINDOWS\system32\winlogon.exe	
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =========================================
    When you finish OTM, reboot the computer and Empty the Recycle Bin

    Click on Start> Control Panel> Java> temporary internet files> Settings> Delete these files.
    Close Java. Empty the trash again.
    Try TFC- if you still can't run it, do a disc cleanup.
    Try Combofix again.

    Do you have the CD for the operating system?
    Do you have a Recovery Console on the system?
     
  15. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    When I click on "MoveIt!", an error pops up and my taskbar and desktop icons disappear. Error message reads:

    Invalid time flag! [C:\WINDOWS\system32\winlogon.exe]

    Do you have the CD for the operating system? --> No
    Do you have a Recovery Console on the system? --> Not sure since this is a work computer
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Then you need to have the IT person for work help you.
     
  17. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Actually, he's not able to fix it. Long story. Anyway, I need to get this issue fixed, work computer or not.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It appears that both the winlogon and explorer executable have been infected by a patched Trojan and are now corrupt. You have no CD for the OS because the system is from work and your IT person can't fix the problem.

    You may have a new file infector that acts in the same way as Virut. If so, the system will be incurable and you will have not choice but to reformat/reinstall. Even if we remove the current files we see, a Backdoor will be on the system and it will be compromised. See if you can run the program below:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :process
      winlogon.exe
      explorer.exe
      srv.exe
      
      :filefind
      srv.exe
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  19. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    I have attached SystemLook file.
     

    Attached Files:

  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please see if this will run:

    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org free on-line scan service
    • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:

      c:\windows\system32\userinit.exe

      c:\windows\explorer.exe

      c:\window\system32\svchost.exe


    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
     
  21. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Here are the three files attached.
     

    Attached Files:

  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Have you been able to get Combofix to run?

    We're running out of options. You have infections but they won't move. I have tried to move explorer.exe and winlogon.exe but they won't move in what runs.

    Maybe you should tell me what the 'long story' is about the IT that couldn't fix the system.
     
  23. ihateviruses123

    ihateviruses123 TS Rookie Topic Starter

    Bobbye, I've sent the comp in for repair. It was doing my head in trying to get rid of such a stubborn virus!! Thank you so so much for all your help and advice. I've learned a lot. Do you guys accept donations?
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome for the help. Sorry we couldn't get it cleaned. I suspect the system will need to be wiped, reformatted and reinstalled. There is some very bad 'stuff' out there! I don't accept donations, although some do. TechSpot doesn't either, but thank you for the offer.

    Save this following to help keep the system clean.
    Note: Some of these programs may not work on Windows 7 or a 64bit OS.

    Tips for added security and safer browsing:
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
      IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
      Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
      [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.