Juliet Posted January 28, 2014 Share Posted January 28, 2014 while I look over those files again continue and run MBAR scan. Link to comment Share on other sites More sharing options...
darkeyes Posted January 28, 2014 Author Share Posted January 28, 2014 Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2013.10.02.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 :: CARLINE [administrator] 1/27/2014 8:09:53 PM mbar-log-2014-01-27 (20-09-53).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 226703 Time elapsed: 16 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.199000 GHz Memory total: 1005957120, free: 147701760 Downloaded database version: v2014.01.28.01 Cancelled update Initializing... ====================== ------------ Kernel report ------------ 01/27/2014 20:09:42 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS viaide.sys intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys iaStor.sys ftsata2.sys \WINDOWS\system32\DRIVERS\SCSIPORT.SYS disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys bb-run.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Combo-Fix.sys Mup.sys gagp30kx.sys aswVmm.sys aswRvrt.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ati2mtag.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\PS2.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\arkbcfltr.sys \SystemRoot\system32\DRIVERS\aracpi.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\Rtlnicxp.sys \SystemRoot\system32\DRIVERS\arpolicy.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \??\C:\WINDOWS\system32\drivers\aswSP.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \??\C:\WINDOWS\system32\drivers\aswTdi.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\arp1394.sys \??\C:\WINDOWS\system32\drivers\aswRdr.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\WINDOWS\system32\drivers\aswSnx.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\arhidfltr.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\armoucfltr.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ati2dvag.dll \SystemRoot\System32\ati2cqag.dll \SystemRoot\System32\atikvmag.dll \SystemRoot\System32\ati3duag.dll \SystemRoot\System32\ativvaxx.dll \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\Cdfs.SYS \??\C:\ComboFix\catchme.sys \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff859d7ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff859e4ea0 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff859b6ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xffffffff85dd9840 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff859bb478 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff85db9ea0 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff859e06d8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff859d09a0 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86144ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-7\ Lower Device Object: 0xffffffff86116d98 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86144ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86111e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86144ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86116d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-7\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B797B797 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 24659712 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 24659775 Numsec = 463716225 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff859e06d8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85a52b88, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859e06d8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff859d09a0, DeviceName: \Device\00000079\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff859bb478, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff859b9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859bb478, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85db9ea0, DeviceName: \Device\0000007a\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff859b6ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff859b9818, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859b6ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85dd9840, DeviceName: \Device\0000007b\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff859d7ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff859e7870, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff859d7ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff859e4ea0, DeviceName: \Device\0000007c\, DriverName: \Driver\usbstor\ ------------ End ---------- Read File: File "C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-24659775-i.mbam... Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished Link to comment Share on other sites More sharing options...
Juliet Posted January 28, 2014 Share Posted January 28, 2014 everything comes back in good shape. Which browser do you mainly use? Link to comment Share on other sites More sharing options...
Juliet Posted January 28, 2014 Share Posted January 28, 2014 Does it happen only in Chrome or happen in IE too? I'd like you to install AdBlock for Chrome https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US I've got to call it a night here, watch for the items you told me about earlier, if you can catch a malicious url or error message let me know. Link to comment Share on other sites More sharing options...
darkeyes Posted January 28, 2014 Author Share Posted January 28, 2014 Yes I use Chrome, I find it faster than IE. I will add the AdBlock for Chrome. Knock on wood my computer has been very quite for a couple of hours now....knock knock. Off to download the blocker. Thank you! Link to comment Share on other sites More sharing options...
darkeyes Posted January 28, 2014 Author Share Posted January 28, 2014 Juliet, Yes, it would happen in IE too, one of the reasons I switched to Chrome, but it only happens when there is something that should not be on my computer. I have gotten into problems with IE many times and have had to come over here for the nice people to help me. I run Superantispyware scans daily as well as Spybot and malwarebytes but they never seem to get everything nasty off the computer. Thank you again Juliet for all of your help and thank you PCpitstop!! I am going to see how things go with this new added on Ad Blocker....right now you can hear a pin drop it is so quiete. Link to comment Share on other sites More sharing options...
Juliet Posted January 28, 2014 Share Posted January 28, 2014 Right now, with everything I've had you do, you should be squeaky clean. It's possible you will need to uninstall then re-install Chrome, then again who knows if that will solve it. Ever try Firefox? Well, let's give it a day and test it. I don't like leaving quarantine folders behind or tools to search with. We still need to remove those so keep that in mind. Or let me know and we can remove those now? Just a heads up, April 2014 Microsoft will no longer support Windows XP.Windows XP users who want to save their machines Link to comment Share on other sites More sharing options...
darkeyes Posted January 28, 2014 Author Share Posted January 28, 2014 Thank you again Juliet. I have to be somewhere this afternoon so will give my computer a workout later on and see if it starts acting up again. Thanks for all of your help! I will also be checking back with you about getting all of these scanners and scans off my computer. I love XP! Link to comment Share on other sites More sharing options...
Juliet Posted January 28, 2014 Share Posted January 28, 2014 We can remove those now Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point. Go to Start > Run > copy and paste the full text path in the run box ComboFix /Uninstall Note the space between the x and the /U, it needs to be there. You can use the /Uninstall switch, or you can simply rename ComboFix.exe to Uninstall.exe and double click it. It is not case sensitive. ********************** Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. Run FRST/FRST64 and press the Fix button just once and wait. no needed to post the log this time. start DeleteQuarantine: end Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big button. You will get a prompt saying "Being Cleanup Process". Please select Yes. Restart your computer when prompted. ***************** This should remove what we downloaded, anything left simply delete. Safe surfing. Link to comment Share on other sites More sharing options...
darkeyes Posted January 29, 2014 Author Share Posted January 29, 2014 I am just back now and will start doing what you posted to me earlier today. You suggested to maybe uninstall Google then reinstall it, will that make a big difference? I have no experience with using the Firefox browse. Thank you! Link to comment Share on other sites More sharing options...
darkeyes Posted January 29, 2014 Author Share Posted January 29, 2014 (edited) Juliet I copied and pasted the quote box to notepad then saved it as fixlist.txt and then opened up the FRST and as I was hitting the fix button a box popped up that the update was complete, does this mean it did what it should have done or do I need to hit the fix button again as no scans appeared? Thank you. Also Avast ran a bell to notify me that a vicious something or other was trying to get in my computer but Avast blocked it and I only had time to write this down before the box disappeared Win32Evo.gen At the time of the Avast notice I was trying to print out the above instructions you gave me, now printer won't print. Edited January 29, 2014 by darkeyes Link to comment Share on other sites More sharing options...
darkeyes Posted January 29, 2014 Author Share Posted January 29, 2014 Hi Juliet, Gosh what a piece of work I am? I went ahead and completed everything you told me to do. When I did the FRST and hit the fix button at very same instant that the update box appeared must of intefered with me hitting the fix button so I went ahead after waiting for something to happen and nothing was happening and I hit the fix button and it did do as it should have. I ran combofix and that went fine, then ran the last thing you asked and my computer was rebooted. Now should I uninstall and reinstall Google? my computer has acted up again here and there but it is not constantly making that sound. You really have made me feel really nervous about the fact that WinXP will no longer be supported as of April 6th. Will all of these terrible things really happen to our computers? It is very scary! Thank you so much again! Link to comment Share on other sites More sharing options...
Juliet Posted January 29, 2014 Share Posted January 29, 2014 I think you did a good job with the instructions given. kinda educated you along the way. If you uninstall then reinstall Google it sort of remove the kinks, which is a good thing. I like Firefox, have used it for years, have found it to be a secure browser for me with security addons of course.. I haven't used Google chrome for different reasons, have seen it hit with malware for quite a while and always look for it in logs first. Not that it's a bad browser but that malware scripts hit it or go after it because so many people use it now. We can keep the bookmarks by exporting them - Export Bookmarks Then I need you to go Google Sync and sign into your account scroll down untill you see the "Stop and Clear" button and click on button At the prompt click on "Ok" Now we need to uninstall chrome I want you to uninstall Chrome and if asked about user data or settings then remove this also restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome **************** Didn't mean to make you nervous with the information posted about XP but you need to be ready. When I give preventive tips and close this topic I will supply items to help secure your machine. Please do note that it doesn't mean your computer will be 100% protected but that we will be trying to make it more secure. Link to comment Share on other sites More sharing options...
Juliet Posted January 29, 2014 Share Posted January 29, 2014 Also, let me know if there are any icons or tools left on the machine or your antivirus will alert and say there are infections. Link to comment Share on other sites More sharing options...
darkeyes Posted January 29, 2014 Author Share Posted January 29, 2014 This is what I see on my screen, and in my Documents/Desktop mbar-1.07 icon log-text document JRT icon ADW Cleaner -Text document Eset Scan -Text Document Esetsmartin- Installer APP......two of those Fixlog-text document ADWCleaner -APP JRT-text document attach-text document mbam setup I have never signed in to Google. I downloaded the Google browser and went into settings and set it to open to my yahoo homepage. Should I now sign in to Google before I uninstall it and reinstall it? Not even sure I know where I go to sign in. Thank you! Link to comment Share on other sites More sharing options...
Juliet Posted January 29, 2014 Share Posted January 29, 2014 mbar-1.07 icon log-text document JRT icon ADW Cleaner -Text document Eset Scan -Text Document Esetsmartin- Installer APP......two of those Fixlog-text document ADWCleaner -APP JRT-text document attach-text document You can delete these but keep instructions for the links and how to use for future scans. mbam setup <--you should have an icon for this MBAM, update it often and scan for infections often. I would delete anything for Google and it's toolbars. You can download it again and set your preferences to what ever you want, be cautious of add-ons, not all are malicious but use good judgement. Let me give you my preventive tips since we are at a close now. ************************************** Please take the time to read over a few of my preventive tips. Computer Security http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Be prepared for CryptoLocker: Cryptolocker Ransomware: What You Need To Know CryptoLocker Ransomware Information Guide and FAQ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows. Firefox 3 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. AdblockPlus AdblockPlus, Surf the web without annoying ads! Blocks banners, pop-ups and video ads - even on Facebook and YouTube Protects your online privacy Two-click installation, It's free! click the icon that corresponds to your browser and download. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I strongly recommend you use this tool WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE. Green should be good to go Yellow for caution Red to stop ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ How to prevent Malware: Created by Miekiemoes WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/ and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755 I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/)) Avoid P2P P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. Please read these short reports on the dangers of peer-2-peer programs and file sharing. FBI Cyber Education Letter File sharing infects 500,000 computers USAToday infoworld ********************************************* Please read the following safe computing articles.. Secure My Computer: A Layered Approach Free Antivirus-AntiSpyware-Firewall Software Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! This site offers people who have been (or are) victims of malware the opportunity to document their story. Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/ Link to comment Share on other sites More sharing options...
darkeyes Posted January 29, 2014 Author Share Posted January 29, 2014 Thank you so much Juliet for your time patience and help. I am having issues with my printer since the pop up from Avast saying it blocked a malicious Win32Evo.gen. I would like to print out your latest post to me. Any idea for fixing this? Thank you! Link to comment Share on other sites More sharing options...
Juliet Posted January 29, 2014 Share Posted January 29, 2014 Thank you so much Juliet for your time patience and help. I am having issues with my printer since the pop up from Avast saying it blocked a malicious Win32Evo.gen. I would like to print out your latest post to me. Any idea for fixing this? Thank you! Usually, if you uninstall then reinstall the printer that corrects most issues. Can you open Avast and get the whole file name? Let's test the False Positive theory. Update Avast to ensure you have the latest definition. Then restore the items that Avast moved to quarantine. Finally, do a full system scan with Avast and post back here. Link to comment Share on other sites More sharing options...
darkeyes Posted January 29, 2014 Author Share Posted January 29, 2014 Juliet Avast is up to date, could not find where to view quarantined log or where to restore them from. Will try uninstall printer and reinstalling later on. I am going to give Firefox a try after uninstalling Google. thank you. Link to comment Share on other sites More sharing options...
Juliet Posted January 29, 2014 Share Posted January 29, 2014 Link to comment Share on other sites More sharing options...
Juliet Posted February 1, 2014 Share Posted February 1, 2014 Glad we could help. Since this issue appears resolved ... this Topic is closed. Link to comment Share on other sites More sharing options...
Recommended Posts