Solved Win32/heur sims 2

[Bobbye]

Please uninstall: Java(TM) 6 Update 7
Please update: Mozilla Firefox (3.6.16)

If only using Firewall for ZoneAlarm, okay. Keep the Windows Firewall disabled.

Is all the problem you have now due to the slow connection? You'll have to refresh me on why you couldn't run the Eset scan.

 

[tedus987]

i couldn't run the kasperskie online scan due to low connection.

ok, i'll uninstall java 6 tonight.

how do you update firefox while still keeping your tabs.

 

[Bobbye]

Open Firefox> Click on Help> Check for updates.
The most current for v3.6 is v3.6.19. Going to that shouldn't affect the tabs at all- I've been either doing that or going to Mozilla site for updates> never lost anything..

A NOTE: Firefox is a big memory eater! I've used it since the first full version came out. I had hoped it would get better with each update> it did not. My homepage use to open with 7 tabs, but now I just have the main homepage, no other tabs.

If your connection time is so critical, I suggest you close the tabs. To open a new tab> click on the + sign over a folder in the toolbar. Begin typing the URL in the address bar and the Firefox location feature will show and you click on that URL.

Was the connection the problem originally with the Eset scan?

Good practice before doing any update, download or install is to set a System Restore point first.

 

[tedus987]

no, i founfd out that one of avasts new functions isn't built for XP, once i removed avast everything's back to normal.

the feature scans apps before loading silently in the background, this would cause XP to hang or frize, (exactly like mine)

upgraded to firefox version 4.

i have a redirect blocker and popup blocker, i'm in controll of the number of tabs.

connections been like that since october.

 

[Bobbye]

Description: Avast! 4 Home Edition is a complete and free antivirus ... System : Win 95, Win 98, Millenium, Windows 2000, XP, Windows Vista, Windows 7

Avast! Free Antivirus 6.0.1044 Beta / 6.0.1000: Windows 2K / XP / Vista / 2008 / Vista64 / 7 / 7 x64

??????

corrupted file was a system restore that avast made when it was installed.

 

[tedus987]

it's the none beta version 6 i had installed, avast dosn't offer any of it's older versions.

version 6 of avast has compatability issues with XP.

i'm gonna stick with avg for a while. i need to clarify that my PC is clean and i can start system restore again.

ah, what i mean is, when i had the problem with avast i turned my sustem restore off, when it was being unistalled it forcably turned it back on, i've turned it off cince then.

 

[tedus987]

ok, just noting but i think my hotmail account might have been hacked.

my mum just told me she recived spam e-mail from me and that it went out to sevral of my contacts. at 4 AM in the morning.

i have changed the password so it should be ok.

 

[Bobbye]

I can't do anything about your slow internet connection. The email problem is something else. When you have web-based email like Hotmail, it can be hacked from the internet. It doesn't have to be anything on your system.

Have we resolved the original problem?

 

[tedus987]

yes, thanksfor all your help and advice.

is my PC clean. can i restart system restore?

i changed my e-mail password so it should be ok. when i chenged it i checked to find no sent e-mail so nothing was sent out to inform the hacker of the password change. i've got everyone on standby to tell me if anything else pops up just in case.

 

[Bobbye]

You're welcome. I have been unable to find any mention of Avast conflict with Windows XP. I don't know how or why installing Avast would corrupt System Restore. System Restore should not be turned off. There can be times when the only way into a system is to use System Restore. When you turn it off, it drops all the restore points.
=======================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
SecCenter:: 
{EDC10449-64D1-46c7-A59A-EC20D662F26D}
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Extra::
File::
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Firefox::
Firefox-: - Profile -c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6ndptuax.default\

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No log needed.
=============================================
Be sure the following have the most current updates:
Java Updates
Adobe Reader .
Uninstall any earlier updates as they are vulnerabilities.
============================================
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have anymore questions,

 

[tedus987]

ok, i'll do that as soon as posible.

 

[tedus987]

ok, done, thanks for all the help

 

[Bobbye]

You're welcome. See the following for tips to help you stay clean.

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o]Avast Free Version
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   [o] Temporary File Cleaner
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad links.