TechSpot

M32.Myzor.Fk@yf virus

By ninjagaiden
Jun 17, 2008
  1. Hi,

    I downloaded an Active X update two days ago and my computer started crashing. The computer lasts only a minute or two after logging in in normal mode. I had taken some advice to uncheck all the start-up items in safe mode and then reboot in normal mode. This made my machine last only a few minutes longer before crashing. Starting up in normal mode after unchecking the start-up items I got an Internet Security pop-up advising me my system was probably infected with the M32.Myzor.Fk@yf virus. I've also tried two previous system restore points, but neither worked. User Route 44 kindly referred me to this forum. Looking up M32.Myzor.Fk@yf at techspot I found user mpzola also had a problem with this virus where his system read 'Boot Failure: System Halted'. My system reads "a driver has overrun a stack-based buffer" on the blue screen. User mpzola was advised:

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.


    Should I do the same?

    Any help is greatly appreciated, thanks,

    Hans
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Actually I don't think that will be necessary. After we get you stable then you may want to go through the instructions

    Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Double-click SmitfraudFix.exe
    • Select 1 and hit Enter to delete infected files.
    • The report can be found at the root of the system drive, usually at C:\rapport.txt


    Attach C:\rapport.txt back here.


    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

    Attach Hijackthis log back here
     
  3. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    rapport and HJT logs

    Hi,

    Here are my rapport and HiJackThis logs.

    Hans
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Once the updates have been installed,exit SuperAntiSpyware.


    Run Smitfraudfix
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    While still in safe mode

    Scan with SuperAntiSpyware
    • Start SuperAntiSpyware.
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.

      It's possible that the program will ask you to reboot in order to delete some files.

      Obtain the SuperAntiSpyware log as follows:
      Click on 'Preferences'.
      Click on the 'Statistics/Logs' tab.
      Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
      It will then open in your default text editor,such as Notepad.
      Attach the notepad file here on your next reply

    Attach both logs here with a fresh Hijackthis ran after reboot to normal mode
     
  5. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    Can't run SuperAntiSpyware

    I'm currently in Safe Mode. I'm writing from another computer. I downloaded HJT and Smitfraud and ran them while in safe mode. I downloaded SuperAntiSpyware in Safe Mode and tried to run it, but I get a "Windows Installer" window that says "The system administrator has set policies to prevent this installation". I was in an admistrator account and I went to manage the user settings in the control panel, but I don't see how to change user priveleges in order to allow this installation.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Read the instructions carefully. You were supposed to download, install, and update superantispyware before booting to safe mode.

    Then after you boot to safe mode you just scan with it.

    Also when you go into safe mode, boot into your normal account not the admin account
     
  7. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    Sorry about the mix up. Here are my logs.

    Thanks,

    Hans
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    can you explain the 017 entries in your log

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
      R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll (file missing)
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
  9. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    Kapersky procedural question

    The OS17 items from HiJackThis all have a usc.edu at the end. I'm guessing they probably have to do with me accessing my student accout at the University of Southern California (USC).

    Kapersky question:
    I used the Kapersky link and clicked accept. I don't see a "Scan Settings" option, only a Settings option and I didn't see "Scan using the following antivirus database". This Settings button at the bottom left has a crossed hammer and wrench icon, is this the Scan Settings you meant? I clicked on My Computer under Scan on the left side of the screen and started the scan. It has been scanning for 5 hours and is 48% finished. Is this normal?
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    the 017 are fine then, just wanted to make sure you were a part of usc.

    kaspersky takes longer the more temp files and infections it has to go through.

    Just be patient with it and attach log when done
     
  11. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    Kapersky Log

    Here are my Kapersky scan results.
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Whatever drive Z:\ is you need to make sure it is accessible. So if it is an external hard drive or thumb drive - connect it before doing the following steps

    Manually clear cache

    • Open an Explorer folder window (for example, double-click My Computer).
    • From the Explorer menu select Tools | Folder Options | View. Make sure that you have checked the box next to "Show hidden files and folders" and uncheck "Hide protected operating system files".
    • Start Internet Explorer and click Tools | Internet Options | General tab | Settings | View Files.
    • IE should have opened up a folder window, typically viewing a folder with the name of C:\Windows\Temporary Internet Files. Put your cursor in the Address area of the folder window and add the name \content.ie5 to the name, so in our example the Address bar would now read c:\Windows\Temporary Internet Files\content.ie5.
    • You should see a series of folders with random eight-character names like ADOZMZS1. Delete each of these randomly named folders. You may get an error that some files are in use, this is normal if you are currently at a web site since those files are in the cache. Hold down the Shift key when deleting the files so they do not go to the Recycle Bin.

    -------------------------------------------------------------------

    Clear Norton Quarantine or delete everything in the following folder:
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

    Z:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

    --------------------------------------------------------------------

    OTMoveit2 by OldTimer
    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b]Z:\Program Files\SpyHunter\Backup\S42NS.EXE.bak
      Z:\Program Files\BSINSTALL.exe
      Z:\install.cab
      Z:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
      Z:\Documents and Settings\Rosaura\Local Settings\Temp\II22.exe
      Z:\Documents and Settings\Rosaura\Local Settings\Temp\II318.tmp
      Z:\Documents and Settings\Hans\Local Settings\Temp\II22.exe
      Z:\Documents and Settings\Hans\Local Settings\Temp\II4.tmp
      Z:\Program Files\MyWebSearchWB /s
      Z:\Program Files\AWS /s
      Z:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\9RJB9XCE /s
      Z:\Documents and Settings\Rosaura\Local Settings\Temporary Internet Files\Content.IE5\OTMRKLMZ /s[/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    ----------------------------------------------------------------

    Please re-run ATF cleaner

    ----------------------------------------------------------------

    Run one more Hijackthis and attach so we can clean up and secure the system
     
  13. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    OTMoveIt2 problem

    Hi,

    OTMoveIt2
    I ran OTMoveIt2 a few times, but after a while it didn't do anything. Upon pressing CTRL+ALT+DEL I saw that the program was not responding. I rebooted the machine and ran it again with the same result. The folders in the mmddyyyy_hhmmss nomenclature were created, but there are no logs under these folders. I have attached two OTMoveIt2 screen shots so you can see how far I got. Both are from the attempt after rebooting the machine.

    I ran ATF and Hijackthis.
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Try it with the updated script

    OTMoveit2 by OldTimer
    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b][kill explorer]
      Z:\Program Files\SpyHunter\Backup\S42NS.EXE.bak
      Z:\Program Files\BSINSTALL.exe
      Z:\install.cab
      Z:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
      Z:\Documents and Settings\Rosaura\Local Settings\Temp\II22.exe
      Z:\Documents and Settings\Rosaura\Local Settings\Temp\II318.tmp
      Z:\Documents and Settings\Hans\Local Settings\Temp\II22.exe
      Z:\Documents and Settings\Hans\Local Settings\Temp\II4.tmp
      Z:\Program Files\MyWebSearchWB /s
      Z:\Program Files\AWS /s
      Z:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\9RJB9XCE /s
      Z:\Documents and Settings\Rosaura\Local Settings\Temporary Internet Files\Content.IE5\OTMRKLMZ /s
      [start explorer][/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  15. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    OTMoveIt2 Log

    OTMoveIt2 Log:

    Explorer killed successfully
    File/Folder Z:\Program Files\SpyHunter\Backup\S42NS.EXE.bak not found.
    File/Folder Z:\Program Files\BSINSTALL.exe not found.
    File/Folder Z:\install.cab not found.
    File/Folder Z:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll not found.
    File/Folder Z:\Documents and Settings\Rosaura\Local Settings\Temp\II22.exe not found.
    File/Folder Z:\Documents and Settings\Rosaura\Local Settings\Temp\II318.tmp not found.
    File/Folder Z:\Documents and Settings\Hans\Local Settings\Temp\II22.exe not found.
    File/Folder Z:\Documents and Settings\Hans\Local Settings\Temp\II4.tmp not found.
    < Z:\Program Files\MyWebSearchWB /s >
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\History scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\1.bin scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB scheduled to be moved on reboot.
    < Z:\Program Files\AWS /s >
    Folder move failed. Z:\Program Files\AWS\WeatherBug scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\AWS scheduled to be moved on reboot.
    < Z:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\9RJB9XCE /s >
    Z:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\9RJB9XCE moved successfully.
    < Z:\Documents and Settings\Rosaura\Local Settings\Temporary Internet Files\Content.IE5\OTMRKLMZ /s >
    Z:\Documents and Settings\Rosaura\Local Settings\Temporary Internet Files\Content.IE5\OTMRKLMZ moved successfully.
    Explorer started successfully

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_110719

    Files moved on Reboot...
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\History scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\1.bin scheduled to be moved on reboot.
    Z:\Program Files\MyWebSearchWB\bar\Cache moved successfully.
    Z:\Program Files\MyWebSearchWB\bar\Settings moved successfully.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\History scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\1.bin scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\History scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar\1.bin scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB\bar scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\MyWebSearchWB scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\AWS\WeatherBug scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\AWS\WeatherBug scheduled to be moved on reboot.
    Folder move failed. Z:\Program Files\AWS scheduled to be moved on reboot.
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    How is your computer running? any problems?

    navigate to the following folder and delete them if still present

    Z:\Program Files\AWS
    Z:\Program Files\MyWebSearchWB
     
  17. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    Thank you and a few questions

    Thanks for all your help. I definitely could not have pulled that off regardless of how much I researched on my own. My machine runs fine. Symantec just deletes a trojan horse or some other virus once in a while and it notifies me. Is this OK or normal? You mentioned to delete AWS, that is weather bug, one of my family members uses it a lot to have up to date weather. Is it really bad enough that I should delete it or would it not affect my system a lot if it remained?

    Other questions:
    1. Of the programs that I downloaded for this cleanup process (Smitfraud.exe, HJT, SuperAntiSpyWare.exe, ATFCleaer, and OTMoveIT2) which ones should I keep and how frequently should I run them? I'm guessing I should let the SuperAntiSpyware always run.

    2. I have always been curious about all the process my computer has going on. I currently have 41 processes running. How do I know which ones are ok and which ones I should maybe get rid of?

    3. How did you acquire the knowledge on performing the system clean-up you helped me do? Is this closely related to your profession?
     
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You can leave it, at one time it was adware but has since been cleared so if you don't mind it being picked up as a virus every once in a while, then it is fine. As you can see kaspersky identifies it as bad.

    we are going to eliminate Smitfraudfix and OTmoveit2 on my next post.

    41 processes is normal. My suggestion is to get win patrol also from my next post, or from the link in my signature. After installed right click the scotty dog in your tray and select startup info... and disable anything that you don't use every time you start your computer. You can ask about different things too and I can tell you what there are and if you need them. All it will do is disable them from auto starting, you will still be able to launch them manually.

    There are various schools online that have a learning program for cleaning computers, it has nothing to do with my profession, I actually sell payroll and workers comp insurance. This is just for fun in my spare time, if you wanted training I recommend Geekstogo -> you will meet people through their program that wrote programs like OTMoveit and Combofix, FindAWF and SWReg. Basically all the people that make the tools that we use for removing infections not detected by normal antivirus.

    *Next post will have clean up instructions as this one will go over the limit on words
     
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You should keep SUPERantispyware and ATF cleaner -> atf cleaner will clean up temporary files, which will keep un-needed clutter off your system. Uninstall Hijackthis through add/remove programs (programs and features in vista)


    OTCleanit! by Oldtimer

    • Launch OTMoveit2! and click the green cleanup! button
      This will uninstall OTMoveit2 and Smitfraudfix

    ---------------------------------------------------------------------------

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    1. Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check "Display content of system folders"
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK

      clear system restore points

      • This is a good time to clear your existing system restore points and establish a new clean restore point:
        • Go to Start > All Programs > Accessories > System Tools > System Restore
        • Select Create a restore point, and Ok it.
        • Next, go to Start > Run and type in cleanmgr
        • Select the More options tab
        • Choose the option to clean up system restore and OK it.
        This will remove all restore points except the new one you just created.

    2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialize and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

      See this link for a listing of some online & their stand-alone antivirus programs:

      Virus, Spyware, and Malware Protection and Removal Resources

    4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

      For a tutorial on Firewalls and a listing of some available ones see the link below:

      Understanding and Using Firewalls

    6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.This is done in Vista through control panel -> windows updates.

    7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
     
  20. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    System Restore point problem

    I went to the system restore under Start > All Programs > Accessories > Tools, but the link to it isn't valid. There is a system restore but the icon is that generic one when the computer doesn't recognize the file with a little red and green icon in a page with the top right corner bent. I know I was able to access it when I first had problems with my machine.
     
  21. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Start -> right click computer -> properties -> system protection in left pane

    Can you click Create at the bottom

    This will create a new restore point.

    ---------------------------

    Then click start and in the search bar type cleanmgr after it calculates space then click more options and you can clean up system restore and shadow copies

    That will take out all restore points except the one we just made
     
  22. ninjagaiden

    ninjagaiden TS Rookie Topic Starter

    System Restore Problem

    Hi,

    Sorry to post twice in a row, but do you have any suggestions for my System Restore dilemma?
     
  23. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Did my last post not work?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...