Please help me help my computer

[Texaus]

I've run the 8 steps in order ans attached appropriate files. Have a look please.

My main gripe is whenever I do an internet search with google, yahoo, etc., it doesn't work like normal. The search seems to happen but any link from the results does not go to the right place. Seems to direct me to random advertisements and such - really don't see much pattern. Also I've notice I don't have access to some websites. The only ones Ive noticed so far are internet security based websites. As and example, some of the links in the 8 steps for software downloads wouldn't work for me(I eventually got all software through download.com).

I should also say that before I found this website ans did your 8 steps I did the following. Removed my old anti-virus software and installed ThreatFire. I ran a scan with ThreatFire and it did find and Quarantine some things. I disabled threatfire while doing your 8 steps. Is ThreatFire a worthy anti-virus program going forward?

 

[kimsland]

I am not familiar with ThreatFire Antivirus software
Seeming you had so many infections removed, it might be best to uninstall it

You could try Free Antivirus like Avast or Avira
And do another full updated scan (just to be certain)

Edit:

Once you have done (just this)
Please let me know if anything else was found

 

[Texaus]

Are you saying my PC is cleaned up now? Just need to choose a better anti-virus going forward?

As far as I can tell ThreatFire is a pretty good anti-virus solution. It is free too. And I am confused as to why it would be best to remove it given it did find and quarantine so many infections. Here's one of many reviews of it: pcmag.com/article2/0,1759,2301045,00.asp

 

[kimsland]

Thanks for the review

It's only because I have not seen it used here. On anyone elses logs I have checked (really lots and lots !)

It may be quite good, but I am positive Avira is an excellent proven Antivirus
Much better that AVG8 as well (on resource and found issues)

I just wondered if you would try this proven product

As for your log I could not see any other Virus\Malware issues

 

[almcneil]

No, your PC is not cleaned up, as you say you still get redirected to the wrong web sites. This is called "web brower hijacking" The spyware takes control of your web browser and redirects it to their own web sites. The anti-spyware utility I use for fixing this is Spybot Search & Destroy (see Download section at this site)

Although I am unfamiliar with ThreatFire anti-virus, I'll presume it's at least good. Anti-virus utilities are a "mature" technology as they have been developed over a very long time (3+ decades) Therefore, you really only need one. All, or at least most, anti-virus utilities today are at least good if not better. I don't really think there is a bad one, even among the freeware ones. It really comes down to personal preference which one you decide to go with. I give most of my customers AVG as its freeware and highly rated. If the person is running a business, especially if it involves the Internet, then I recommend a paid anti-virus as you get extra features that may be useful for a business. Now just because one anti-virus reports something as a potential virus while another doesn't, it's not cut and dry. It depends on what is considered a "potential" virus. That's why some AVs report certain items and others don't. What I'm saying is, it's not about how much it reports.

-- Andy

 

[kimsland]

Texaus are you still being re-directed to other websites?

How is your system presently going?

Regarding your help! almcneil

You need to be able to read the HJT log to help on this type of thread
If you cannot help with these logs, please do not reply here
The Spyware removal programs you have mentioned I do not believe are required

How do you feel Texaus? How is it presently going?

 

[Texaus]

Thanks for replies. I will give the nod to the more well know antivirus program you recommended.

I should also report that the annoying symptoms that I mentioned in my original post are no longer occuring. The procedures that were suggested in the "8 steps" seemed to fix them.

And I apologize if this is redundant, but since there are no issues in my hijackthis log, that does mean my pc is clean now, correct?

 

[kimsland]

Well...

Please reply once you have un-installed your Antivirus program
Installed Avira (plus update and full scan)

I'd be interested to know if anything else is found, especially before installing any other Spyware removal program (which you don't need)

Please reply back then

 

[Texaus]

I uninstalled Threatfire and put on Avira. I ran a full scan, it seemed to pick up 2 additional items. I attached log below. I then proceeded to run throught the 8 step procedure again and am attaching all those new logs too.

Pretty sure I am looking good now. I'll wait for an expert opinion though.

 

[kimsland]

Yes one Trojan found and removed in a temp folder
One Trojan found and removed in System Restore

Well done :grinthumb

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter

* Tick on the checkbox - "Turn off System Restore on all drives"
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Uninstall SuperAntispyware
You can leave this installed, but it's starting with Windows, and I like Malwarebytes better anyway
Please go to Add\Remove Programs and un-install SuperAntispyware

Clean up Temp folders
Please download and run CCleaner

That's about it :grinthumb

Oh Avira has this horrible way of displaying huge Splash screens when an update is finished
Some of these Splash screens say things like "You are not protected, please purchase..." This is false, you are protected, they just want you to purchase the paid version - not required!

You are clean

 

[Texaus]

Thanks for helping me out.

 

[geekygirl63]

FYI:

Threatfire is not an anti-virus program in the traditional sense of the word. It is a program which runs resident and detects virus-like activity which may be attempting to access or download to your computer.

"ThreatFire continually protects your PC against attacks by detecting malicious behavior, such as capturing your keystrokes or stealing your data, instead of only looking for known threats like normal antivirus software. By implementing sophisticated real-time behavioral analysis ThreatFire is able to stop never- before-seen "zero-day" threats solely by detecting their malicious activity."

"ThreatFire's patent-pending ActiveDefense technology offers protection against all types of internet threats - both known and unknown - spyware, adware, keyloggers, viruses, worms, Trojans, rootkits, buffer overflows, and other malware. ThreatFire uses its unparalleled protection to hunt down and paralyze those threats that are either too new or too clever to be recognized by traditional "signature-based" antivirus software."

Clearly if it were as great as it advertises, this techspotters system would not be so infected.

I have found that it is best to use a combination of tools. I use Trend-Micro Internet Security on all my home systems and on my customers systems who opt for a non-free solution. I have had no infections using Trend-Micro.

However, if money is an issue there are good alternatives. I am running several on my test bed now to evaluate. Comodo recently came out with their firewall/antivirus internet security suite. Seems to work quite well.

 

[kimsland]

Thanks for the info

Although I certainly do not wish to create a debate on Antivirus\Spyware or Internet Security softwares, I will mention that Trend Internet Security will slow down a computer considerably. Actually all the Internet Security as of approx ~ 2 years ago, have become bloated

On customer's computers I install Avast or Avira Antivirus, and that is all !
I advise them they can download free Firewalls (such as ZoneAlarm or Comodo) but also advise that Windows already comes with an enabled firewall, to stop all incoming attacks (well none of them can really say all, because there are always new threats happening and discovered every day).

Just thought I'd let you know Internet Security software packages are now bloated

 

[Texaus]

GeekyGirl63,
I understand what you are saying and you may be 100% correct about ThreatFire. I don't have any allegiance to it and only downloaded it because I was already experiencing problems - Part of my problem was the inability to access many known antivirus websites. ThreatFire was simply one website that I ran acrross, that whatever was on my computer was not blocking me from downloading, so I downloaded it.

I don't think it fair that my unclear way of explaining my problem gives ThreatFire a bad rap. I had the infections prior to downloading ThreatFire. Incidentally, before I found this website and did the 8 step removal process, I ran a scan with threat fire and it did locate many threats on my machine. So that's that, hope I was more clear that time.

Now I will talk about the anti-virus that I did have running during the time my machine became infected. It probablly should be avoided since it did not detect/prevent this from happening to me. Yahoo Online Protection by Computer Associates is what I was running when my machine got infected.

 

[geekygirl63]

Kimsland: Yep, well aware of the bloat of those. I don't recommend them for systems that don't have resources to manage them. I am running Trend on systems with no less than 3GB RAM. Of the ones in question, it runs the best (in my opinion and based on experience) and I don't notice the overhead.

For most of my customers it's Avira or Avast. Avira mostly because my users loathe the idea of having to manually scan their systems and Avira gives a scheduled scan option.

In the last three days I have worked on 8 systems running various good antivirus/antispyware packages that are still getting the Fake Antivirus XP 2009. I suggest a forum, maybe under meeting spot where we discuss the various packages advantages and disadvantages. What do you think?



Texaus,

I apologize for any misunderstanding. I was posting the info on threatfire because several didn't know what it was and it was in no way meant to be commentary on you.

I am not familiar with Yahoo Online Protection.

BTW - I just recevied a call from a user running full blown Trend Micro Internet Security that is up to date and the nasty little virus managed to get on her computer too. It has some way of gettting past protection and I woul d have to guess an MS vulnerability that has not yet been patched.

 

[kimsland]

Good idea :grinthumb

I believe that this thread itself is resolved, and therefore no other replies are required.

geekygirl63 please start one with an appropriate (brief but clear) Title
Hopefully we will then use that thread as a reference point (I only wish I had thought of it !)