Unable to install Java, infected files in AVG Virus Vault

Inactive
By greenly
Sep 22, 2010
Topic Status:
Not open for further replies.
  1. Hi,

    I have a virus which I think is preventing me from installing Java. I don't know what my next step from here is and would be grateful to anyone willing to help.

    I have attached a few screen shots.

    The first one pops up after I try installing Java.
    The second shows the my AVG Virus Vault.

    Also I don't see the "AppData" file anywhere on my hard drive, is this because its in the virus vault?

    Does anyone have any recommendations how I can solve this problem and install Java?

    Thank you,

    greenly

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thanks you for the images and Welcome to TechSpot. Let try and resolve this:

    First:
    Click on Start> Control Panel> Java> Temporary internet files> Settings> Delete all these files> Close Java.
    This should clear the exploit.

    Second:
    The Windows Installer appears to be damaged. That probably means your connection to download the Java 6u21 installer was broken before the download could finish.

    Delete the indicated MSI file and the installer you downloaded, if any; clear your browser's cache; then re-download the installer. See if that fixes your problem.

    Easiest way to clear the browser cache is to run TFC:

    TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

    Empty the Recycle Bin

    FYI: "AppData" just means 'application data'> it's not specific.

    See if you can update after the above. Try the update again> be sure to reboot the computer when finished above, before attempting the update again. The check the virus vault and see if the entry is still there- if it is, delete it.

    Let me know your status at this point.
  3. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    Hi Bobbye and thank you for responding.

    This I think seems to be part of the problem because when I go to Control Panel>Java nothing pops up. There is a link there but when I click nothing happens, it won't open.

    Since I can't click on Java, will going to "Internet Properties" and then deleting all "Temp. Internet Files" do the same thing you described in terms of clearing the exploit? -------(see my attached screen shot "1")

    I am sorry maybe its stupid question but where can I find the MSI file so I can delete it? I searched the whole hard drive and only found a folder called
    "jre1.6.0_21", which only contains some .jpg file. Is this the folder I am supposed to delete?

    Do you thing maybe the MIS file (jre1.6.0_21-pfrom20.msi) is in the AVG Virus Vault and that is why I cant find it and delete it? Maybe if I clear out the virus vault that would also delete the file?

    I also ran TFC and rebooted my computer, downloaded the installer, but still the same thing happens as described in my first post. (see attachment "java 1" in first post)

    Thank you again and Bobbye

    greenly

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      106.8 KB
      Views:
      2
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Unfortunately, the Java cache is separate and has to be emptied separately. There is an exploit in it. Strange that AVG won't let you delete it.

    You have a new installer-msi-right? I'd like you to check and see what you have on the system, but using Windows Explorer:
    Windows key + E> My Computer> Double click on Local Drive (C)> Program> look for Java and double click to open. Look on the right screen and let me know what's there. If it's jre6, double click on that and tell me what's there. We need to find out why it isn't displaying in the Control Panel.

    I'd like you to go ahead and run the following. Do the Eset scan first:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Then run our preliminary scanning programs. Please paste all of the logs in, even if you need to use multiple posts. When you open Notebook for the logs, click on Format and uncheck Word Wrap if it's checked:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  5. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    I am doing the scan right now and its taking some some so I thought I could post some questions.

    You asked if I have a new "installer-msi" --------is this the file used to launch the Java download? I am not sure what "installler-msi" is, sorry about that.

    Also in the Java folder in Programs I do have a folder called "jre6" (I took a screen shot of what is in it, see attachment)

    One more thing, yesterday I emptied my AVG Virus Vault thinking if those files are deleted maybe it'll work but still nothing.

    The Eset scan is at 49% and as soon as its done I will post the results here.

    Attached Files:

  6. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    The Eset scan is finished. Everything is clear. No infections were found.

    There is nothing really in the log file but I have attached it anyway.

    Attached Files:

  7. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    Malwarebytes Anti-Malware

    I just finished a Quick Scan using Malwarebytes Anti-Malware and it says everything is clean.

    Here is the log

    Attached Files:

  8. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    Gmer

    I downloaded the setup file for GMER and started the scan. Suddenly the scan stopped working and a window popped up saying there is problem and it has to close. After that I got a blue screen with some numbers and 2 seconds later the computer shut down. I got back on in safe mode, deleted GMER, restarted and here I am now typing this.

    Since GMER can not work with windows 7 64-bit maybe its also having some problems with my Windows 7 32-bit. I will skip GMER becuase it seems its not agreeing with my computer (I am afraid it can cause bigger problems)
  9. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    DDS

    Here are the two files that came up after I ran DDS

    It said to put them in a zip folder so I did

    Attached Files:

  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No, it didn't say to put them in a zip folder. It said to zip the Attach.txt log. You do not need to leave images unless I request one or unless there is no other way to make the point.

    These logs do not appear to have been run in 64 bit so run this in 32 bit:.

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply. You can use more than one post if needed.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
  11. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    Combofix log

     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please check the Combofix logs on your desktop. It looks like part of the heading-which would include the status of the AV and FW, plus a section at the end after the locked Registry files is missing. If you need a second post to paste it all in, it's okay.
  13. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    Hi Bobbye,

    I just checked the log and everything is the same as in my post. Maybe something went wrong with the scan----should I scan again?

    Also, I only have one log log for combofix----is there supposed to be more?


    Edit:

    I have attached an image of what happens when I try clicking on the java link in the contol panel. Some pop up window shows up for half a second and then automaticly closes. I don't know what that is.

    Attached Files:

  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There is only one log for Combofix. There are 2 logs in DDS: DDS.txt and Attach.txt.
    Okay, you did a great job with the images, but they really aren't helping me. The new above is a double exposure of a black DOS screen over a Firefox Google search page>>> no, don't do it again!

    Have you been able to delete the entry in the Virus Vault? Have you tried again? I'm moving some hidden Java related files in Firefo. That might help. Try removing any Java entries in Add/Remove Programs in the Control Panel. Then go to and see if the current Java will download. Check this site Java Updates
    ==================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\programdata\ezsidmv.dat
    DirLook::
    c:\users\252468\New folder
    Extra::
    File::
    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    Firefox::
    Firefox-: - Profile - c:\users\252468\appdata\roaming\mozilla\firefox\profiles\kl5qu4jw.default\
    
    DDS::
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=- 
    "ConsentPromptBehaviorUser"=- 
    
    Driver:
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
  15. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    Hi Bobbye,

    I deleted all the files in my AVG Virus Vault and went to update java. Everything worked perfectly now. The java link now works and it opens to the Java Control Panel without any problems.

    Do you still want me to run your Custom CFScript provided in your previous post?

    Also, I would like a quick recommendation on something unrelated. If that is OK, can I ask here, should I pm you, or open another thread?

    Thank you for all the help,

    greenly
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome. Yes, go ahead and run the script.
    Be sure you go into Java in the Control Panel now and delete any temporary internet files. Run the script first.

    Let's make sure there aren't any bad entries left:

    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  17. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    new combofix log with CFScript

  18. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    HijackThis log

  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    RegLock:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present: Note: Optional removals are in green:
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5">> See Option 1.
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)


    Close all Windows except HijackThis anc click on "Fix Checked."

    Option: The files in green are not malware. They are entries running in the background, probably started on boot. They do not need to be running unless you are using it. They use resources from the system.

    To help, for any you want to keep off of Startup, find the corresponding file on the Startup menu and Uncheck it.
    For any that are started by a Service:
    Start> Run> type in services.msc> double click to open the Service> Change Startup type to Manual. For instance:
    HP Health Check Service
    Cyberlink RichVideo Service(CRVS)
  20. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    ComboFix log

  21. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    virus prevention

    Hi Bobbye,

    I will soon be doing daily online financial transactions over this laptop. I currently only have AVG for virus protection. My question is what would you recommend for virus prevention in the future?

    Do you have any personal recommendation for usful programs, or adivise concerning virus prevention? Also can you recommand any good articles or threads about this topic?

    It seems to me most threads here are about what to do when a computer is infected, but what is best to do to prevent viruses and infections in the future?

    Thank you,

    greenly
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    That's because this is the Virus and Malware Forum! But most of us include a section after removing the cleaning tools with security advice. I will leave yours.

    Did you run the script I had for the locked Registry Files in Reply #19? It was right above the list of entries to remove in HJT. I need those open, so let's do the following.

    First: Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    RegLock:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Second: Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      :Files  
      c:\users\252468\New folder
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    When this is done, I'll have you remove the cleaning tools and logs and give you the security information. Security must be layered to be the most affective. I'll give you that information.
  23. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    OTM log

    Hi Bobbye,

    Yes, I did this ComboFix script yesterday and also removed the given entries in HJT, see my reply #20


    **************************************************************


    Below is the log for OTM


  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, I saw your reply and all the same files are still locked. I can leave them locked and not be sure what's in them. Or you can run the script again.

    If the problems have been resolved, remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Tips for added security and safer browsing:
    (Note: some fo the programs below may not work on Windows 7 or a 64 bit OS)
    1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
      This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
    2. Have layered Security:
      • Antivirus Software(only one):Both of the following programs are free and known to be good:
        [o]Avira Free
        [o]Avast Home
      • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
        [o]Comodo
        [o]Zone Alarm
      • Antispyware: I recommend all of the following:
        [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
      [o]IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
    3. Stay current on updates:
      [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
      [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
      [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
    4. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    5. Do regular Maintenance
      Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribune
      OR
      [o]TFC
      Disable and Enable System Restore:
      [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
    6. Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
  25. greenly

    greenly Newcomer, in training Topic Starter Posts: 17

    ComboFix log (locked files)

    Hi Bobbye,

    Yes, thanks to you everything seems to be working perfectly. Just in case I ran your script from above for ComboFix again and the log is below. I won't delete or unistall anything yet untill you see this log and make sure everything is OK.

    Thank you for the added security tips and program recomandations. I will try and do as you listed. For anti-virus you recommend Avira or Avast, from you expereince are there advantages to them over AVG Free Edition?

    Also this computer is a laptop and I frequently use it outside the house and connect to public wireless networks. If I do online financial transactions over these public networks what would be a few crucial steps I'd have to take to ensure best security? I will follow all your recomandations from above, but is there something you would include for public Wi-Fi or is it enough to do as you advised above?

    Thank you,

    greenly


Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.