Solved

Computer infected with several viruses. Best way to remove them all ???

Posted on 2004-04-30
27
10,362 Views
Last Modified: 2013-11-16
Hello all,

I’ve been running SpyBot SD on my system without any additional Anti-Virus Software (or Firewall). I recently downloaded Ad-Aware 6.0 and found some viruses that SpyBot must have missed. I tried removing them, but after restarting my computer the viruses come back every time. This lead me to do some virus scans using the free scanning tools on Symantec’s web site and Mcafee’s and they seemed to have found several viruses on my system.

I’m having trouble finding out how to get rid of these viruses. Some of the names identified have been:

Jeired (three different types/files of this virus)
W32.Gaobot AFJ (2 different types/files of this virus)
Exploit-mhtRedir.gen
Exploit-IFrame

I now know I need to get a good anti-Virus protection program and a firewall. Which one(s) would you recommend?

And the more urgent question:
How can I remove all viruses from my computer now that it has already been infected?

(I’m running XP Home)
(I've also updated all critical patches from Microsoft)

Thanks in advance for any and all help….
0
Comment
Question by:cleanuphelp
  • 8
  • 8
  • 6
  • +3
27 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10961817
Check these links for online virus scanners.  It's recommended to run at least two of these.  
  Trend Micro -->     http://housecall.antivirus.com/housecall/start_corp.asp
  Panda ActiveScan--> http://www.pandasoftware.com/activescan/
  Stinger -->         http://download.nai.com/products/mcafee-avert/stinger.exe

These links Check for Spyware:
  HijackThis -->  http://www.spychecker.com/program/hijackthis.html
  Web Shredder--> http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder
  Pest Patrol --> http://www.pestpatrol.com/downloads/eval/download.asp
  PCHell removal->http://www.pchell.com/support/spyware.shtml

  Make sure that after downloading these, that you update them.  It helps to try at least two of these.
  If all else fails, download HijackThis and post the log that is generated after running it on your system.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10961822
Start->Run->MSconfig
On the Boot.ini tab - select Safe Boot
Reboot and run the downloaded scans.
0
 

Author Comment

by:cleanuphelp
ID: 10961891
I downloaded "Hijack This" and ran a scan. This was the results of the scan:

Logfile of HijackThis v1.97.7
Scan saved at 10:14:29 AM, on 4/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\FFR\Desktop\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flyingfr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - HKLM\..\RunServices: [Microsoft Update] mssmgrd.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38084.6045138889
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4354/mcfscan.cab

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10962106
Nothing to worry about here.
But you can..

Fix:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

To resolve the other problems, see here:
Jeired  --> http://www.kephyr.com/spywarescanner/library/jeired/index.phtml
W32.Gaobot AFJ --> Symantec online scan should detect/remove this.
Exploit-mhtRedir.gen  --> http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx (patch to remove the exploit)
Exploit-IFrame --> http://www.microsoft.com/technet/security/bulletin/ms99-042.mspx (patch to remove the exploit)

http://windowsupdate.microsoft.com should take care of the latter two...
0
 

Author Comment

by:cleanuphelp
ID: 10963496
Sirbounty,

THANK YOU SO MUCH FOR THE HELP SP FAR...

I tried removing Jeired using the instructions from the link, but ran into two problems.

1.) I couldn't find one of the three files in my registry I needed to delete
(the HKEY_CLASSES_ROOT:CLSID... is the file that couldn't be found)

2.) I deleted the other two files and then after restarting my system went
into Windows Explorer to delete the file "Jeired" as instructed by the
instructions from the link, but that file couldn't be found either.

After doing the steps I was able to complete (deleting 2 of the 3 files from
my registry) and restarting my system once again, I did another search using
Ad-Aware and sure enough...the Jeired files showed up again.

Any other advice on how I can permanently get rid of these files?

Thanks again...


0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10963525
Boot into Safe Mode and perform a search of your entire computer for JEIRED*.* (make sure you enable searching hidden files).
0
 

Author Comment

by:cleanuphelp
ID: 10963768
The only results that came back after doing the complete search in Safe Mode was some web sites (I must have recently looked up to learn more about how to get rid of Jeired). The were Internet Explorer files located in my temporary internet files.

Not being able to find it on my system would usually lead me to think it's gone, but each time I run a scan using Ad-Aware 6.0 it three Jeired files show up (If I delete them they would show up on any more scans until I restart my system).

Any other suggestions.

THANKS...
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10964766
Don't forget system restore... with xp even with Home version... you may just reinfect yourself... it's why they invented it.... I'll bet !-) (it's why the file keeps coming back)
http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm
http://vil.nai.com/vil/stinger/ (good free util to find and erradicate viri)
Get latest windows updates and patches (service packs)
-rich
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10964949
richrumble makes a great point.
It could be locating the virus within the system restore information.
Click Start->Run->Services.msc
Locate the System Restore Service.  Stop it and set it to disabled.
Reboot - now rerun adaware...
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10966542
Hi!
The following are advisable for deletion:
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
They are part of Jeired.

Also, find the following 2 entries and look at their properties - who made them, etc. - Don't do anything with them yet.
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - HKLM\..\RunServices: [Microsoft Update] mssmgrd.exe
Let us know.
Good luck!

0
 

Author Comment

by:cleanuphelp
ID: 10980033
Thank you  rossfingal,

I deleted the files youlisted and now when I run a scan on Ad-Aware 6.0 it comes up clean (even after a restart). Looks like it worked...THANKS.

As to additional information on the other 2 files you listed. How can I leanr more about the properties to let you know more about them.

I did a scan on HijackThis and have located them. I checked one and clicked on "info on selected item...", but a pop up appears with information about that type of scan. I didn't see any information like you requested (who made them, etc...)

Could these files be harmful to my stsem as well?

my Internet (IE 6.) browser is running a little slower since these vireuses have hit my system. Even now, after getting rid of everything (I hope I got rid of eevrything), IE runs a little slower than it used to.

Thanks again for all the help...
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10980908
Hi!
Just glad we could provide some kind of assistance!
Try navigating to those files and right click on them and from the menu click on properties - make a note of the manufacturer,
version, size, etc..
If you could, would you please post that info here.
Also, delete all your temp files (just the contents of the "temp" folders - not the folders themselves!), empty your temporary
Internet folder and check the box "delete all off-line content", delete your cookies, (you could also clear your "History" folder,
but that's up to you).
Empty your recycle bin.
Then if you want, post another HijackThis log here.
Also, remember richrumble's important consideration about System Restore - if you haven't renabled it yet that's OK, post the
HijackThis log first.
We may not be "out of the woods" yet!
Thanks and good luck!
0
 

Author Comment

by:cleanuphelp
ID: 10981903
Rossfingal,

Thank you once again for all the help.

1.) I can seem to find the two files while navigating in my system. I even did a search using the file names, but no results can back. They are still showing up on the HijackThis scan, but I just can't seem to find them in my system anywhere.

2.) I deleted the contents of the temp folders and deleted cookies, files, and history from internet options. I then deleted the recycle bin and performed anohter scan using Hijack This. Here were the results:

Logfile of HijackThis v1.97.7
Scan saved at 2:46:36 PM, on 5/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\FFR\Desktop\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flyingfr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - HKLM\..\RunServices: [Microsoft Update] mssmgrd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38084.6045138889
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4354/mcfscan.cab

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 12

Accepted Solution

by:
rossfingal earned 345 total points
ID: 10986139
Hi!
Well, things look better.
Is the following your Internet Explorer start page:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flyingfr.com/
If not, have HijackThis fix it.
Then to set your start page, browse to whatever page you want and while there in IE click on "Tools", click on "Internet
Options", under "Home page", click on "use current", click "Apply" then click "OK".

These 2 following entries should be fixed by HJT:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

As for these 2 entries:
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - HKLM\..\RunServices: [Microsoft Update] mssmgrd.exe
I've looked and asked around, but I haven't come up with any definitive answers.
They might be a part of TVM, which was removed - meaning, left-over registry entries.
You could go into the registry and go to:
HKLM\Software\Microsoft\Windows\Current version\RunServices
or:
HKCU       "             "            "                    "                 "
and delete them from the right pane.
Other than that your system looks fairly clean.
You might want to do a repair of Internet Explorer - Start>Settings>Control Panel>Add/Remove Programs>Microsoft Internet
Explorer click on Change/Remove and select the option to repair.

Also, we're seeing a lot of what's called Sasser worm, it's a bad one, info. below:
http://secunia.com/virus_information/9160/
Microsoft also has a patch that addresses a vulnerability related to this.
I can't tell if you have a firewall, if not, I would get one - Zonealarm from Zonelabs.com is free.

Let us know if you have any further problems - Good luck!
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10986165
Almost forgot, don't forget to turn back on System Restore, if you have it off. :)
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10986540
leave that $*!+ off... it's never helped any one of my clients for any reason... driver roll back still works with sys restore off btw, it's a waste of space and cycles-
in my opinion only...
sorry I don't want to start a flame war here.
-rich
0
 

Author Comment

by:cleanuphelp
ID: 10988494
Rossfingal,

THANKS SO MUCH FOR ALL THE HELP.

It looks like we're almost done with the clean up phase. Now I need to secure my system and make sure this doesn't happen aagin....lol.


1.) Yes www.flyingfr.com is my home page so no hijacking going on there.

2.) I deleted the 2 files you mentioned (O16 - DPF: {....) using Hijack this.

3.) I did a google search for the 2 files in question (O4 HKLM\..\RunServices...) and it looks like they are part of a left over virus of some kind. I deleted them by going into the registry.

4.) Now, here's the questionable one...
I tired going into "Add/Remove Programs" to repair Internet Explorer as you suggested. When in there I found the program was called "Internet Explorer Q831167" (Size 1.66MB) not "Microsoft Internet Explorer". When I click on "Change/Remove" a small pop up window appears titled "Internet Explorer Q831167 Update"
The text on the pop up reads:
"This program uninstalls Q831167 and restores your previous configuration. Do you want to uninstall Q831167?" and gives me two choices... Yes or No.

Could this be some virus that modified Internet Explorer or is this just and update I might have downloaded from Microsoft that changed the configuration of IE and name to Internet Explorer Q831167???


Thanks again for all the GREAT HELP !!!!!!!!!!!!

PS:
Is it okay to delete the HijackThis backups?
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10988893
Hi! richrumble!

You won't get an argument from me concerning that!
Other experts I've run into say the same thing (or something similar :))
However, some users get nervous when you try to tell them that, for one thing, System Restore acts as a handy repository
for nasties!
Oh well!
0
 

Author Comment

by:cleanuphelp
ID: 10988975
I also should mention that when I do an AdAware scan I always come up with several other files. These files are listed as:

Vendor:      Tracking Cookie
Type:          File
Category:    Data Miner
Object:       C:/Docs and Settings/myusername/cookies/myusername@...

As long as I'm on the internet for a few minutes and than run a scan on AdAware...several of these "Tracking Cookies" will show uo on the scan.

Are these something to worry about as well. It seems (by the name) that they are tracking my usage and I assume reporting back to something/someone. If that is the case, how can I stop this from happening?

Thanks...
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10988997
Hi! cleanuphelp!

As far as repairing Internet Explorer, you probably didn't scroll down far enough to come to Microsoft Internet Explorer
(don't worry, you're not the only one!)
The Q831167 entry is an update, don't delete it!
Also, don't forget to empty "temporary internet files", including the check-box "Delete all offline content", and delete cookies.
Empty recycle bin.

Take note of richrumble's comment concerning System Restore, knowing that it's coming from someone with
experience.
It's your computer though, so I guess it's your call!

Don't delete the HJT backups quite yet.
Wait a couple of days just to see how things are going, and if you have any problems post back here.
Let us know - thanks and good luck!
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10989094
Virtually all websites, it seems, use cookies of one kind or the other - some websites you have to accept their cookies
or it's very hard to surf them.
In Internet Explorer go to Tools>Internet Options>Privacy, at the bottom of the dialogue box you'll see "Edit", click on that and
you go into a dialogue box that allows you to block cookies from whatever website you want.
It's pretty self explanatory - I use it a lot.
Good luck!
0
 

Author Comment

by:cleanuphelp
ID: 10989237
Microsoft Internet Explorer is not listed in the "Add/Remove Program" list. The only one having to do with Exlorer (to myknowedge anyway) is the one named Internet Explorer Q831167.

As for the cookies. I assume it's not really anything to worry about if I want to view various sites that requires the acceptance of these cookies.

THANKS TO EVERYONE THAT HELPED !!!!!!

I wish I could give all my points to all of you, but I don't think I can so I gave them to rossfingal for all his extra effort. THANKS Ross.

Thanks to sirbounty and richrumble also for all the great help...
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10989847
cleanuphelp

Glad that someone here could help you!

Hopefully, your computer is clean now.
sirbounty listed some links to useful tools and programs, I'm going to list that some will help you keep your computer clean.

What is spyware : http://www.spychecker.com/spyware.html   (general info)

SpyBot-S&D : http://www.safer-networking.org/    (this catches things that Adaware misses and vice-versa)

Ad-aware : http://www.webattack.com/download/dladaware.shtml

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml   (run this every couple of days, at least)

SpywareBlaster  :http://www.javacoolsoftware.com/spywareblaster.html   (helps keep spyware off of your computer)

SpywareGuard :http://www.javacoolsoftware.com/spywareguard.html    (same as SpywareBlaster, I run both)

SpySites  :http://www.spychecker.com/program/spysites.html

Keylogger Hunter :http://www.styopkin.com/keylogger_hunter.html

BHODemon : http://www.spywareinfo.com/downloads/bhod/

Thanks and good luck!
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10990816
cleanuphelp - just fyi, you CAN split points among contributing experts...
Glad you got it sorted out.  :D
0
 

Expert Comment

by:vadlapatis
ID: 11074284
u can get free antivirus and weekly updates which removes almost all viurs no doubt u can trust try out !! from this following link


www.grisoft.com

Al the Best
0
 
LVL 3

Expert Comment

by:4ceReconSniper
ID: 11149588
good for that you noted the virus go to avast.com and look for specific cleaners for each virus. if disinfecting  make sure you are not connected in the net. run your anti virus again to scan. The reason why you are still having virus problem s even spybot is running because spybot IS NOT an anti virus it is an anti Ad/Spyware you must have both a good antivirus and spybot to be protected, another is spyguard which performs different action
0
 
LVL 3

Expert Comment

by:4ceReconSniper
ID: 11149592
i recommend AVAST! Home it's free and very strict also Sophos but it's quite hard to maintain but its good also
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now