Jump to content


Photo

Trojans/spyware/adware not deleted by SpybotSD


  • This topic is locked This topic is locked
9 replies to this topic

#1 MadDog88

MadDog88

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 23 May 2007 - 04:59 PM

Firstly, just to mention that I’ve read your Forum FAQ, followed the instructions, and the requested information is below. Any help would be much appreciated as my pc has taken to periodically crashing…

Problems:
I do a bit of P2P downloading and have SpybotSD installed. A few weeks ago I started getting more pop-ups than usual (despite the Google toolbar pop-up blocker). These included sites such as:

h ttp: //www.beautyscreens.com/jokes.php
h ttp: //uk.ask.com
h ttp: //ads.komli.com
h ttp: //winantivirus.com
h ttp: //www.winantiviruspro.com/pages/landi...097460b7e65289b
h ttp: //winantispyware.com/download/2007/in...097460B7E65289B
h ttp: //rond.starsdoor.com
h ttp: //www.amaena.com/vista/index.php?ax=2...097460b7e65289b
h ttp: //www.partypoker.com/marketing/cm.htm?wm=2819465
h ttp: //adserving.cpxinteractive.com
h ttp: //ad.adtegrity.net
h ttp: //www.yourdebts.co.uk
h ttp: //mydebtsolution.co.uk/ns/ns.asp?se=z...mp;uts9=1050|93
h ttp: //66.179.234.173/images/7030_559678_6364610.htm
h ttp: //www.hollywood.com/?CMP=OTC-gen0507adon

bad links disabled. It's not a good idea to post bad working links - this since we don't want anyone to click them and get infected because of them


to name just a few. I then noticed that SpybotSD had detected a few files, which despite deleting them (using SpybotSD) they were detected again even if I re-ran SpybotSD immediately. These Trojans/spyware/adware included:

Command Service: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\Security
Command Service: Temporary file (File, nothing done)
C:\WINDOWS\system32\atmtd.dll.tmp
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Nat: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\
Microsoft\Internet Explorer\Desktop\host
Nat: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\
Microsoft\Internet Explorer\Desktop\id

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\
Microsoft\aldd
Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15
Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

SearchClickAds: Library (File, nothing done)
C:\WINDOWS\cfg32o.dll
SearchClickAds: Library (File, nothing done)
C:\WINDOWS\cfg32s.dll
SearchClickAds: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\
Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\cfg32.exe
SearchClickAds: Library (File, nothing done)
C:\WINDOWS\cfg32r.dll
SearchClickAds: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\zAbstract

Win32.Small.dp: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\
Microsoft\Internet Explorer\Security\host

At this point I also noticed that my Firewall had been turned off (presumably due to one of the infected files named ‘Microsoft.WindowsSecurityCenter.FirewallBypass’). I have since disconnected my pc from the internet, only reconnecting to do the following…

What I’ve done so far:

Installed and ran Lavasoft Ad-Aware as instructed;
Ran SpybotSD v1.4 as instructed;

Installed and ran AVG 7.5 Anti-Spyware (in safe mode) as instructed:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:47:23 23/05/2007

+ Scan result:

C:\WINDOWS\system32\jbojbymt.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\Spybot - Search & Destroy\NNSKYA638.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012384.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012385.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012387.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\АрpPatch\lοgonui.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP136\A0018409.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dsy.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qnztfuip.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Аdobe\аti2evxx.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\3Y1W1VJV\rk2[1].exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012383.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\WINDOWS\itpb_3.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Local Settings\Temp\~os56.tmp\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\UFOJ2JIT\anti4[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mljhffg.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012391.exe -> Adware.WebBuying : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012392.dll -> Adware.WebBuying : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lib67.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0010375.exe -> Backdoor.Small.os : Cleaned with backup (quarantined).
C:\WINDOWS\system32\perfc000.dat -> Backdoor.Small.os : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\xzc37[1].exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2F0.tmp.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win5C.tmp.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win96.tmp.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lib06.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Program Files\Spybot - Search & Destroy\leeman.exe -> Downloader.Agent.bnn : Cleaned with backup (quarantined).
C:\Documents and Settings\Daniel\Application Data\Таsks\smss.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).
C:\Program Files\Μіcrosoft.NET\explorer.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).
C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Spybot - Search & Destroy\CmarP1083.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\Temp\SB1083.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\Program Files\Spybot - Search & Destroy\dnsersnd.exe -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnsersnd.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Daniel\Local Settings\Temp\1B.tmp -> Logger.BZub.if : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\ndis.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\Documents and Settings\Daniel\Local Settings\Temp\16.tmp -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\WINDOWS\system32\koos.exe -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kprof -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\WINDOWS\system32\poof -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Cookies\ellie@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Ellie\Cookies\ellie@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\WINDOWS\system32\rvalh.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\H142SZTV\xc60[1].exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2D1.tmp -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win4C.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\qudasufux.dll -> Trojan.BHO.ab : Cleaned with backup (quarantined).
C:\Program Files\Spybot - Search & Destroy\zippy2.exe -> Trojan.BHO.ab : Cleaned with backup (quarantined).
C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\H142SZTV\q3q99[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win63.tmp.exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\RGFuaWVs\l3IRuqpP.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wtsisvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\sony[1].exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sony.exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sony.exe.exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\windev-60ae-5826.sys -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).
C:\Documents and Settings\Daniel\Local Settings\Temp\13.tmp -> Worm.Zhelatin.dp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pdp.exe.exe -> Worm.Zhelatin.dp : Cleaned with backup (quarantined).

::Report end


Downloaded and ran HijackThis v1.99.1 as instructed:

Logfile of HijackThis v1.99.1
Scan saved at 19:51:24, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Documents and Settings\Daniel\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Spybot] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe\" /autoupdate /taskbarhide /autofix /autocheck /autoclose
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\utgboudx.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Daniel\LOCALS~1\Temp\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9DEADD0-D4DD-4569-9280-8EDA19EBFFAB}: NameServer = 213.246.33.229
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE


The only processes persistently visible as using the CPU are ‘winlogon.exe’ (User Name: System; CPU: 50; Mem Usage: 4808k) and ‘System Idle Process’ (User Name: System; CPU: 50; Mem Usage: 28k).

Occasionally my pc has also 'crashed' by which I mean the screen initially blacks-out and is then replaced by a bright blue screen with white writing stating something along the lines of "Windows has shutdown in order to prevent any damage to your computer. If you have not seen this message before, restart your computer. Otherwise you should contact your system administrator. Dumping memory..." although this is only my loose memory of what it says.

Also, after running HijackThis my pc now seems unable to establish an internet connection (I didn't delete anything using HijackThis, just closed it after saving the log, as instructed), although the internet continues to work using a laptop with wireless connection to the same router. :wtf:

Hope all this is of some help, sorry if I’ve included any additional, unnecessary information. My level of computer-related knowledge is fairly basic (as you’ve no doubt already realised) so apologies in advance if I have to ask you to talk me through something that is actually quite simple.

I realise that you’re doing this as a completely voluntary and altruistic enterprise and as such any assistance would be greatly appreciated. I would really like to avoid having to re-format unless absolutely necessary.

Thanks.

Edited by miekiemoes, 24 May 2007 - 07:57 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 26 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 28 May 2007 - 05:17 AM

Hello,

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all... I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Reboot your computer afterwards.
After reboot, perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again in order to delete files that were in use previously.

Post a new HijackThislog in your next reply - then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 MadDog88

MadDog88

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 30 May 2007 - 05:50 PM

Hi,

Thanks for your help, I really appreciate it. I followed your instructions as far as possible...

Anti-Virus
I downloaded and installed AVG Anti-Virus 7.5 with no problems.

Firewall
Firstly I downloaded and installed ‘Comodo’. However, after rebooting and running it, all the functions were set to ‘off’ and it would not allow me to select ‘on’. After a few minutes three separate pop-ups appeared:

“The Comodo Network Monitor is not active. Reinstalling the application may fix the problem”
“The Comodo Application Monitor is not active. Reinstalling the application may fix the problem”
“The Comodo Application Agent has an incompatible version. Reinstalling the application may fix the problem”


Needless to say, reinstalling made no difference and these pop-ups reappeared. As a result I uninstalled Comodo via the ‘Add or Remove Programs’ function on the Control Panel and rebooted.

Next I followed your ‘Kerio’ link and downloaded and installed ‘Sunbelt Personal Firewall’ (formerly ‘Sunbelt Kerio Personal Firewall’). However, after rebooting I was greeted with the error message:

“Could not start DB server: socket() failed: (10050) A socket operation encountered a dead network..”

This message appeared each time I attempted to run the Sunbelt Firewall.

Having had no success with the Firewall I ran AVG Anti-Virus, which identified no threats. However, since I can no longer connect to the internet (as I mentioned in my previous post) I was unable to run an update prior to scanning. AVG Anti-Virus informs me that its internal virus database is currently 35 days old.

Although my pc was far from functioning normally, my internet connection was working up until I ran Hijack This for the first time (I didn’t delete any of the identified files). This may well be a coincidence but thought I’d better mention it as it had been working okay until that point. I’ve not been able to get it working since. I’ve therefore had to resort to downloading the above applications to a USB stick using another computer and then transferring them to my pc. I know it’s not a problem with the router since I can still access the internet using a laptop with a wireless connection, although on the pc I can no longer access my router management console (by inserting my IP address into IE address bar). Also, when I go to the ‘Network Connections’ icon on the control panel of my pc it is now empty and no longer displays the icon of my ISP.

I reran Hijack This although what with the other problems I’m not sure it will be much help to you:

Logfile of HijackThis v1.99.1
Scan saved at 23:36:51, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Spybot] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe\" /autoupdate /taskbarhide /autofix /autocheck /autoclose
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\utgboudx.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Daniel\LOCALS~1\Temp\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9DEADD0-D4DD-4569-9280-8EDA19EBFFAB}: NameServer = 213.246.33.229
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE


Thanks again for your help and time.

#5 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 May 2007 - 06:17 PM

Hi,

I have the bad feeling that malware already damaged a lot here, because you sure are infected. Your first log from AVG Antispyware showed a lot of very nasty infections present and I have the feeling that some legit Windows files are patched by malware as well..
Hope we can restore the damage.. but I cannot guarantee this. Once malware is involved, some damage cannot always be restored and a format and reinstall will still be the best and safest solution.

Anyway, we can at least try :)

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts and because of an unstable Windows, it may go wrong sometimes.

Do next please..

* Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
DON'T use any other methods than above method to boot into safe mode!
If you cannot boot into safe mode, just perform it in normal mode.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\utgboudx.dll",realset
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
<== it's a bad idea to let p2p programs startup with Windows
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Daniel\LOCALS~1\Temp\winlogon.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if you receive an error in HijackThis.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
I need that log later.

Now you're back in normal mode..

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from SDFix (report.txt, present in the SDFix folder).
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

You may need more than one reply to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 MadDog88

MadDog88

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 31 May 2007 - 07:31 AM

Hi miekiemoes,

Thanks for your rapid response. Having read your post I've not yet done the things you've suggested as I wanted to ask you about it. I realise that my computer is in a bad state and appreciate what you're saying about there being no guarantees even after doing all these repairs that all the problems wil be resolved.

Therefore, I know this might be a difficult question to answer but if you were in my position and your computer was this infected (unlikely I know) would you try to clean it or would you just re-format it and re-install everything? The reason I ask is that if cleaning my computer is going to be a long and arduous process that takes up a lot of your time as well as mine, with the possibility of an unsuccessful outcome, maybe I should just accept defeat and re-format?

I am willing to take the time to follow all your instructions but as I am not particularly computer-minded I will be guided by your advice.

Thanks again.

#7 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 31 May 2007 - 09:31 AM

Hi,

Therefore, I know this might be a difficult question to answer but if you were in my position and your computer was this infected (unlikely I know) would you try to clean it or would you just re-format it and re-install everything?

If that was my computer - I actually wouldn't think twice and re-format and re-install immediately. This mainly because it's the SAFEST solution. Then I can be sure I can trust the computer again afterwards and no damage will be present.
But I always give the user the choice. Some prefer to clean this up manually, but then they have to accept the fact that they will never be able to trust their system again and the damage that is already present cannot always be repaired since this will be searching for a needle in a haystack to find the right cause (since many malware related leftovers will still be present that scanners won't find and logs won't show).

Actually it would be irresponsible from me not telling you how badly infected your system and just post instructions how to clean this. Because at the end, even though malware may be gone, the system may stay compromised. That's why I always make the user aware of this.

For example, it happens quite a lot that users post their log from a terrible infected system where keyloggers and other malware (backdoors) are present, gathering passwords and other important data. (which is also the case with your computer). And then we figure out that this computer is actually being used at work or for work, putting the entire company at risk.
If we give instructions to clean this up manually, while we know that in such cases, there's no guarantee that it will be totally clean afterwards and damage may still be present - then this would be irresponsible from us not making the user aware of this. Because this computer may always be a risk in the future because it was/is badly compromised.
You can read an example here.
If we don't tell this, the user may think afterwards everything is ok again, his/her system is secure again while it's not.

Most people who don't want to re-format and re-install such terribly infected systems are most of the times people who are only using their computer for games, and surfing where privacy is no priority.

If privacy is a priority and you have important data on your system, use this computer for work or at work, you do online banking or any other financial stuff with your computer, then I recommend a format and reinstall.

Anyway, whatever you decide, I'll help you.
If you decide to format and re-install, I can give you some useful links how to do this properly :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 MadDog88

MadDog88

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 31 May 2007 - 11:26 AM

Hi,

Another speedy response, thanks. Based on what you've told me I think re-formatting and re-installing is the best option. I do sometimes use my computer for work stuff/banking so in future I need to know that it's secure.

If you could advise me the best way to go about this I would be extremely grateful. I've already backed up my important files.

Thanks.

#9 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 31 May 2007 - 11:39 AM

That's a good decision. :)

Some important notes before you format and reinstall..
Before you format and reinstall, make sure you download the installer for an Antivirus and Firewall first and place them on cd or flashdrive.
This because, during format and reinstall, I recommend you plug out your Internet cable or whatever method you use to connect this computer with the internet. This because, once Windows is reinstalled again and there's internet connection present, you can get reinfected immediately again, this because no protection is present yet.
That's why I also asked to download the installer for an Antivirus and Firewall first and put them on cd/flashdrive.
Once your Windows is installed, then first install your Antivirus and Firewall.
Once they are installed, then connect with the internet and immediately go to Windows updates to download and install all updates.
Then your sytem is ready to use and protected.

Read here for instructions how to format and reinstall with screenshots:

http://www.michaelst...nxpinstall.html

Success. :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#10 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 02 June 2007 - 03:42 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button