• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
nedb

Tried all I can think of!

5 posts in this topic

I think I have CWS NS3. Have tried to clean with Spy Sweeper, & Spybot. I've also run Hijack this and Buster. I also tries CWSshredder, but it doesn't find anythig, but also won't let me find any updates. I've also read the FAQ and am hoping I'm following all the directions as requested.

 

At any rate...heres a start up log:

 

StartupList report, 07/30/2004, 12:00:36 PM

StartupList version: 1.52

Started from : C:\hijackthis\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\WINDOWS\myCIO\VScan\McShield.exe

C:\WINDOWS\myCIO\Agent\myAgtSvc.exe

C:\WINDOWS\myCIO\Agent\swAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\myCIO\Agent\myagttry.exe

C:\Program Files\RealPopup\RealPopup.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\javanh32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

myCIO.com ASaP = C:\WINDOWS\myCIO\Agent\myagttry.exe

myCIO.com Splash = C:\WINDOWS\myCIO\VScan\Splash.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

javanh32.exe = C:\WINDOWS\javanh32.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

RealPopup = "C:\Program Files\RealPopup\RealPopup.exe" BOOT

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\LOGON.SCR

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\WINDOWS\system32\appou.dll - {A16A74CA-2FA4-7746-A5FB-F309CC45452C}

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[secureObjectFactory Class]

InProcServer32 = C:\WINDOWS\myCIO\Agent\myAsUtil2.7.2.231.dll

CODEBASE = http://virusscanasap.mcafeeasap.com/VS2/So...in/myCioAgt.cab

 

[PopupMenu Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\iemenu.ocx

CODEBASE = file://N:\QWPS\Bin\AmsEforms\iemenu.cab

 

InProcServer32 = %SystemRoot%\System32\msxml4.dll

CODEBASE = file://N:\QWPS\Bin\AmsEforms\msxml4.CAB

 

[ikonic Menu Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\IKMENU.OCX

CODEBASE = file://N:\QWPS\Bin\AmsEforms\ikmenu.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 4,795 bytes

Report generated in 0.031 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

And a hijcak this log:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:04:39 PM, on 07/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\WINDOWS\myCIO\VScan\McShield.exe

C:\WINDOWS\myCIO\Agent\myAgtSvc.exe

C:\WINDOWS\myCIO\Agent\swAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\myCIO\Agent\myagttry.exe

C:\Program Files\RealPopup\RealPopup.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\javanh32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mfbkb.dll/sp.html#23648

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mfbkb.dll/index.html#23648

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mfbkb.dll/index.html#23648

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mfbkb.dll/sp.html#23648

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mfbkb.dll/index.html#23648

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mfbkb.dll/sp.html#23648

O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - C:\WINDOWS\system32\appou.dll

O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe

O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe

O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKLM\..\RunOnce: [javanh32.exe] C:\WINDOWS\javanh32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: SEAGULL J Walk Java Client 3_3C10 - http://www.qmfi.com/jwalk/jwalk_ie.cab

O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com/VS2/So...in/myCioAgt.cab

O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - file://N:\QWPS\Bin\AmsEforms\iemenu.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://N:\QWPS\Bin\AmsEforms\msxml4.CAB

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - file://N:\QWPS\Bin\AmsEforms\ikmenu.cab

 

Any and all help will be really appreciated. Thanks a bunch

Share this post


Link to post
Share on other sites

Hello please download About:Buster and unzip it to your desktop. Don´t run it yet.

 

How to use Ad-Aware to remove Spyware <= Please check this link for instructions on how to download, install and then use adaware. Don´t use it yet.

1 You already have Adaware installed. Make sure it's up to date. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R334 24.07.2004 or higher listed.

 

2 Print out these instructions so you have them handy as most of the steps need to be done in safe mode and you may not be able to go online.

 

3. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. This service is installed by the malware. If this service is not listed go ahead with the next step.

 

4. Reboot to Safe Mode

How to start the computer in

Safe mode

 

 

5. Make sure your PC is configured to show hidden files

 

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK"

 

6.CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mfbkb.dll/sp.html#23648

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mfbkb.dll/index.html#23648

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mfbkb.dll/index.html#23648

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mfbkb.dll/sp.html#23648

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mfbkb.dll/index.html#23648

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mfbkb.dll/sp.html#23648

O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - C:\WINDOWS\system32\appou.dll

O4 - HKLM\..\RunOnce: [javanh32.exe] C:\WINDOWS\javanh32.exe

 

7. Delete the following files if present.

C:\WINDOWS\mfbkb.dll

C:\WINDOWS\javanh32.exe

C:\WINDOWS\system32\appou.dll

 

8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

 

9. Scan with Adaware and let it remove any bad files found.

 

10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

11. Reboot to normal mode, scan again with Hijack This and post a new log here.

 

12. Finally, do an online scan HERE. Let it remove any infected files found.

 

Replace Deleted Files

It is also possible that the infection may have deleted up to three files from your system. If these files are present, to be safe I suggest you overwrite them with a new copy.

 

Go here and download the version of control.exe for your operating system. If you are running Windows 2000, copy it to c:\winnt\system32\. For Windows XP, copy it to c:\windows\system32\.

 

Download the Hoster from here Press 'Restore Original Hosts' and press 'OK'

Exit Program.

 

If you have Spybot S&D installed you may also need to replace one file.

Go here and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

 

Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended.

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the

second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

 

Post a fresh HijackThis log and the AboutBuster report back here please.

Share this post


Link to post
Share on other sites

mmxx66--You are the BEST. I'm thru step 11 and all seems better. You requested a new hijack this log here...so here it is:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:50:18 AM, on 08/02/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\WINDOWS\myCIO\VScan\McShield.exe

C:\WINDOWS\myCIO\Agent\myAgtSvc.exe

C:\WINDOWS\myCIO\Agent\swAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\myCIO\Agent\myagttry.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\hijackthis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe

O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe

O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: SEAGULL J Walk Java Client 3_3C10 - http://www.qmfi.com/jwalk/jwalk_ie.cab

O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com/VS2/So...in/myCioAgt.cab

O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - file://N:\QWPS\Bin\AmsEforms\iemenu.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://N:\QWPS\Bin\AmsEforms\msxml4.CAB

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - file://N:\QWPS\Bin\AmsEforms\ikmenu.cab

 

I'll finish the remaining steps and send ny finla log files when finished...but so far so good.

Share this post


Link to post
Share on other sites

Thank you. I think this is finally gone. Here are the final two logs you requested:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:06:48 PM, on 08/02/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\WINDOWS\myCIO\VScan\McShield.exe

C:\WINDOWS\myCIO\Agent\myAgtSvc.exe

C:\WINDOWS\myCIO\Agent\swAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\myCIO\Agent\myagttry.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe

O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe

O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: SEAGULL J Walk Java Client 3_3C10 - http://www.qmfi.com/jwalk/jwalk_ie.cab

O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com/VS2/So...in/myCioAgt.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - file://N:\QWPS\Bin\AmsEforms\iemenu.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://N:\QWPS\Bin\AmsEforms\msxml4.CAB

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - file://N:\QWPS\Bin\AmsEforms\ikmenu.cab

 

and the about buster log...

 

-- Scan 1 --------

About:Buster Version 2.0

Deleted Service Key Successfully!

Removed! : C:\WINDOWS\lmwpz.dat

Removed! : C:\WINDOWS\mfbkb.dat

Removed! : C:\WINDOWS\sdkln.exe

Removed! : C:\WINDOWS\System32\mfcfz32.exe

Removed! : C:\WINDOWS\System32\netkg32.exe

Removed! : C:\WINDOWS\System32\yxrbb.dll

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 2.0

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

Thank you again...I'll make a donation now (in your name if I can) for all the help.

You (and this board) are the best!

Share this post


Link to post
Share on other sites

Good job!

This item is considered to be resource hog that is not needed and it may be worthwhile to fix it with HJT. You will still be able to start it manually if you need it:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

After this your log is clean.

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

 

Good luck :D

 

And your welcome.

Glad we could help.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0