PC slowing down. Log files attached

By CrashTekk13
Jun 11, 2009
Topic Status:
Not open for further replies.
  1. Hi guys! I hope you can help me.

    Found win32.brontok virus during my scan with Mcafee a few days ago and it was automatically deleted. My PC started slowing down about 5 minutes after a reboot. I also randomly found shalom.exe in one of Application Data directory earlier today. Tried to scan it using Mcafee, PC Tools Spyware Doctor and Ad-Aware but doesn't flag it as a threat.

    Here are my logs.
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Logs look clean except a couple minor wheel spinners that we will get back to!

    But to be sure do the below.

    First cleanup! And deeply!

    Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean. You may have this from the 8 Steps.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install) run analyze the click Clean.

    Then only after above do the below!


    Download ComboFix

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
  3. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    mflynn,

    Thanks so much for the reply. Here's the log from combofix

    Attached Files:

    • log.txt
      File size:
      20.2 KB
      Views:
      6
  4. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike - FYI, combofix was ran after doing the steps you mentioned. Thanks!
  5. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Did you do the HJT before the cleanups??

    Reboot and run the cleanups again in addition to the below!

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    Then do the below..

    Clean and tweak services

    In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.

    Nothing is un-installed or deleted only disabled from running!

    They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

    Disabled uses no memory (RAM) and no CPU cycles.
    Manual uses the RAM but a small amount of CPU.
    Auto and not started they use even more RAM and CPU.
    Auto and started even more RAM and CPU ..

    Now in this case we disabling for trouble shooting purposes. But when we finish if you leave them all off until it is noticed that you need one (not likely for 99%) then it can be enabled.

    Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!

    Distributed Link Tracking Client
    Distributed Transaction Coordinator
    DNS Client
    Fast User switching
    Health Key and Certificate Management Service
    Indexing service
    Messenger
    Net logon
    Net.TCP Port Sharing
    NetMeeting Remote Desktop Sharing
    IPsec services
    QoS RSVP
    Remote Registry
    Uninterruptable power supply
    Universal Plug and play
    Web Client
    Windows media player Network Sharing

    IF you are using a wired network card and "NOT" using wireless on this computer then you can
    also disable

    Wireless Zero configuration

    Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop. Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.

    In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.

    This is not to be confused with Wired Auto Config do not disable that!

    The below bat file will do all of the above.

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.
    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.

    Code:
    @echo off
    sc config Alerter start= disabled
    sc stop Alerter
    
    sc config AeLookupSvc start= disabled
    sc stop AeLookupSvc
    
    sc config ClipBook start= disabled
    sc stop ClipBook
    
    sc config Dfs start= disabled
    sc stop Dfs
    
    sc config FastUserSwitchingCompatability start= disabled
    sc stop FastUserSwitchingCompatability
    
    sc config TrkWks start= disabled
    sc stop TrkWks
    
    sc config TrkSvr start= disabled
    sc stop TrkSvr
    
    sc config DNSCache start= disabled
    sc stop DNSCache
    
    sc config ERSvc start= disabled
    sc stop ERSvc
    
    sc config HidServ start= disabled
    sc stop HidServ
    
    sc config PolicyAgent start= disabled
    sc stop PolicyAgent
    
    sc config CiSvc start= disabled
    sc stop CiSvc
    
    sc config IsmServe start= disabled
    sc stop IsmServ
    
    sc config kdc start= disabled
    sc stop kdc
    
    sc config LicenseService start= disabled
    sc stop LicenseService
    
    sc config Messenger start= disabled
    sc stop Messenger
    
    sc config Netlogon start= disabled
    sc stop Netlogon
    
    sc config NetTcpPortSharing start= disabled
    sc stop NetTcpPortSharing
    
    sc config mnmsrvc start= disabled
    sc stop mnmsrvc
    
    sc config NetDDE start= disabled
    sc stop NetDDE
    
    sc config NetDDEdsdm start= disabled
    sc stop NetDDEdsdm
    
    sc config NtLmSsp start= disabled
    sc stop NtLmSsp
    
    sc config SysmonLog start= disabled
    sc stop SysmonLog
    
    sc config RSVP start= disabled
    sc stop RSVP
    
    sc config SSDPSRV start= disabled
    sc stop SSDPSRV
    
    sc config upnphost start= disabled
    sc stop upnphost
    
    sc config WMPNetworkSvc start= disabled
    sc stop WMPNetworkSvc
    
    sc config WmiApSrv start= disabled
    sc stop WmiApSrv
    
    sc config WmdmPmSN start= disabled
    sc stop WmdmPmSN
    
    sc config RemoteRegistry start= disabled
    sc stop RemoteRegistry
    
    sc config RemoteAccess start= disabled
    sc stop RemoteAccess
    
    sc config SCardSvr start= disabled
    sc stop SCardSvr
    
    sc config TlnSvr start= disabled
    sc stop TlnSvr
    
    sc config UPS start= disabled
    sc stop UPS
    
    sc config WebClient start= disabled
    sc stop WebClient
    
    sc config DNSCache start= disabled
    sc stop DNSCache
    
    sc config JavaQuickStarterService start= disabled
    sc stop JavaQuickStarterService
    sc delete JavaQuickStarterService
    attrib -h -s -r /s c:\jqs.*
    del /f /q /s c:\jqs.*
    
    sc config RpcSs start= Automatic
    sc start RpcSs
    
    sc config RpLocator start= Automatic
    sc start RpcLocator
    
    sc config MSIServer start= Automatic
    sc start MSIServer
    exit
    exit
    Reboot and report how system is running!

    Mike
  6. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike,

    I did the cleanup first then created restore point, cleared shadow copies, cleaned and tweak services, reboot, did cleanup again and ran HJT and combofix. Attached are the log files. I'm going to observe the behavior in the next few days.

    Thanks again for your help!

    Attached Files:

  7. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    HI Mike,

    I've created a big DOH!.

    I have gotten a new set of Trojans on my pc but McAfee is saying it's blocking it. How do I use and make sure that the restore point created earlier is ok to use at this point?

    Thanks again for your help.
  8. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Paste following to Run command!
    Code:
    %SystemRoot%\system32\restore\rstrui.exe
    Pick the Point we made and restore.

    When back up immediately Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    and all the steps above again SR gets the registry and some files, but not all the files.

    Better not shortcut this!

    Mike
  9. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike -

    Thanks for all your help in this. Below are the steps i have taken:

    I did system restore and then proceeded with the 8 steps as instructed. During McAfee scan (step 1) it found 11 instances of Artemis!915A05F38394 Trojan and 1 instance of DNSChanger!f trojan. Did CCleaner thriice on cleaner and twice on registry (until no issues were found). I then disabled real time monitoring programs on McAfee and AdAware. Updated and ran MBAM (mbam-log-2009-06-13 (00-15-28).txt), Updated and ran SuperAntiSpyware (SUPERAntiSpyware Scan Log - 06-13-2009 - 00-35-00.log), made sure JRE is up to date and then ran HJT (hijackthisstep7.log).

    I then did deep clean by running CCleaner 3 times on Cleaner and 2 times on Registry (until no issues were found). Ran ATF-Cleaner at least 5 times until no files were found. Ran KCleaner. Downloaded ComboFix and got the log (combofixlog.txt). Ran HJT and got the log (hijackthisaftercombofix.log)

    Thanks again.

    Eugene
  10. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike -

    After the steps in my last post I did the following according to your instructions:

    - created a new system restore point, ran disk cleanup to enable deletion of old restore points.
    - cleaned and tweak services by running the script for the batch file
    - run the cleanups again (ccleaner, ATF-cleaner, KCleaner)
    - ran combofix and HJT (logs attached)

    Thanks again for your help.

    Eugene
  11. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Fantastic job! Everything looks clean!

    OK so I don't trust McAfee so to be sure do the below.

    D/L DrWeb Cureit : http://www.snapfiles.com/get/cureit.html

    My thread closing below I highly recommend you read it carefully and do it all, some you already have done so no need to do those again now!

    Thread Closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    Start-Run
    type
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    -------------------------------------------------------------------------------------
    Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean. You may have this from the 8 Steps.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
    -------------------------------------------------------------------------------------
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    -------------------------------------------------------------------------------------
    ERUNT
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    ERUNT http://www.larshederer.homepage.t-online.de/erunt/
    Yes! Even if you use system restore and other backups Registry and Images.
    -------------------------------------------------------------------------------------

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    ----------------------------------------------------------------------------------------
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    http://www.threatfire.com/Download/
    -------------------------------------------------------------------------------------
    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.
    http://www.safer-networking.org/en/download/

    I highly reccomend Hostman: Hostman http://www.abelhadigital.com/2008/07/hostsman-3157-released.html

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

    Mike
     
  12. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike -

    I downloaded and ran DrWeb. However it crashed at about 75% of the way. Im getting Send to MS error- xtu45.exe has encountered a problem and needs to close. I ran McAfee and now detecting Artemis!915A05F38394 trojan with the following details:

    File: C:\WINDOWS\PEV.exe
    Process: C:\DOCUME~1\Eugene\LOCALS~1\Temp\RarSFX0\xtu45.exe
    Process Description: C:\DOCUME~1\Eugene\LOCALS~1\Temp\RarSFX0\xtu45.exe

    Again thanks for your help.

    Eugene
  13. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Eugene

    Ok Update Mcafee, MBAM and SuperAntiSpyware.

    Then boot to Safe Mode only.

    Run first MBAM until clean, I think Quickscan will do it. Run again if it finds and removes anything. We need to see a clean log!

    Then SAS Quickscan also same as MBAM till clean log!

    Then Mcafee followed by Cureit.

    This should give better results.

    If anything above needs a reboot always back to Safe Mode!

    Then back to normal mode and D/L ComboFix again and run and post log.

    Mike
  14. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike -

    I tried running the steps above with no problems at all except for the last part. These are the steps I took:

    - updated copy of MBAM, SAS, McAfee and DrWeb Cureit.
    - rebooted to Safe Mode
    - ran MBAM
    - ran SAS
    - ran McAfee
    - ran DrWeb Cureit
    - all result above were clean
    - rebooted to Normal Mode and downloaded ComboFix
    - ran ComboFix but got an error that my copy of ComboFix has been compromised and I may have gotten a "Virut". McAfee also flag two trojans at the same time.

    I got my copy of combofix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Thanks again for your help and your patience.

    Eugene
  15. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    The two instances found by McAfee are:

    - Detection name: Artemis!915A05F38394 (Trojan)
    File: C:\32788R22FWJFW\pev.exe
    Process: C:\Documents and Settings\Eugene\Desktop\ComboFix.exe
    Process Description: C:\Documents and Settings\Eugene\Desktop\ComboFix.exe

    - Detection name: Artemis!915A05F38392 (Trojan)
    File: C:\Windows\PEV.exe
    Process: C:\WINDOWS\system32\cmd.execf
    Process description: C:\WINDOWS\system32\cmd.execf

    Thanks.
  16. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Oh you don't need that! Virut is a real nasty!

    Get this done asap!

    Download Grisoft Virut remover to desktop.
    http://www.filecluster.com/download-link-0/82078.html

    Next

    Download the below to desktop
    http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixVirut.com

    Then reboot to Safe Mode

    Run rmvirut.exe

    When it finishes run the FixVirut.com on the desktop. If the above requires a reboot then reboot back to Safe mode to run this one.

    Post a new HJT log last!

    Mike

    EDIT:

    When finished reboot to normal, redownload ComboFix (the link is clean) and rename ComboFix to 1cbf then run 1cbf get us the log!
  17. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike,

    Should I turn off Mcafee while i'm downlloading and running any of the scans mentioned above?

    Thanks.
  18. mflynn

    mflynn Newcomer, in training Posts: 2,793

    YES! Definitely!

    Mike
  19. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike,

    I downloaded the two virut remover/utilities and rebooted to safe mode. I ran rmvirut.exe and it did not find any infected files. I ran fixvirut and it also did not find anything. Attached are the HJT and ComboFix log you requested.

    Thanks again for all your help.

    Eugene
  20. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Crash

    Good job!

    Good we do not want to take any chances with Virut!

    Thanks to Touch another member, here are some remainders I missed and that we need to handle

    Create CFScript
    COMBOFIX-Script
    Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Code:
    KILLALL::
    
    File::
    c:\documents and settings\Eugene\Application Data\Apple Computer\socks1.exe
    c:\documents and settings\Eugene\Application Data\Creative\lego.exe
    c:\documents and settings\Eugene\Application Data\Belkin\nomad.exe
    c:\documents and settings\Eugene\Application Data\Ahead\rengo.dll
    c:\documents and settings\Eugene\Application Data\dvdcss\msgdi.dll
    c:\documents and settings\Eugene\Application Data\Adobe\shalom.exe
    c:\documents and settings\Eugene\Application Data\FileZilla\kern.dll
    Then drag this script and drop on top of ComboFix.

    ComboFix will now run a scan on your system.

    It may reboot your system when it finishes. This is normal.

    When finished, it will create a log. Attach the log back to us.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    OK after posting the above ComboFix log and a new HJT log we may be finished so how is the computer running?

    Mike
  21. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike -

    I ran the script for ComboFix and HJT. Logs attached.

    Thanks so much for all your help. I hope this is it :)

    Eugene
  22. mflynn

    mflynn Newcomer, in training Posts: 2,793

    10-4 how is it running now?

    You did a fantastic job!

    Consider the following! Especially threatFire!

    Thread Closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    Start-Run
    type
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    -------------------------------------------------------------------------------------
    Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean. You may have this from the 8 Steps.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
    -------------------------------------------------------------------------------------
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    -------------------------------------------------------------------------------------
    ERUNT
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    ERUNT http://www.larshederer.homepage.t-online.de/erunt/
    Yes! Even if you use system restore and other backups Registry and Images.
    -------------------------------------------------------------------------------------

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    ----------------------------------------------------------------------------------------
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    http://www.threatfire.com/Download/
    -------------------------------------------------------------------------------------
    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.
    http://www.safer-networking.org/en/download/

    I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

    Mike
  23. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike -

    It looks like everything's working ok now. I have downloaded and currently running the utilities you recommended. I will also save all these useful information for future reference.

    Again, thank you so much for all the help.

    Eugene
  24. mflynn

    mflynn Newcomer, in training Posts: 2,793

    You did a great job!

    I enjoyed helping you!

    Note: If you use Hostman and lose access to a site you need then do the below.

    I have clients that call me because they lost access to MySpace for example. Open Hostman click to edit Host file do a search for myspace and delete any line it finds with myspace in it.

    Then in HostMan menu find exclusions and type in myspace.com and save MySpace no longer blocked. Don't forget to update Hostman every couple of weeks.

    After you are used to Threatfire go into settings and Max the Sensitivity Level (looks like cell phone signal strength). This will make TF more wordy as it checkd deeper but once you approve and remember the good ones it will be quite until something bad is found OR and update changes something.

    Mike
  25. CrashTekk13

    CrashTekk13 Newcomer, in training Topic Starter Posts: 20

    Hi Mike,

    I would like to thank you again for helping me through this.

    On a separate and ironic note, my wife's laptop has been infected just as I was finishing cleaning up my desktop. :dead: I will be posting the result of the 8 steps check later on a separate thread. You can now close this thread if you want.

    Thanks again for all your help.

    Eugene
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.