Solve : Malware Assistance??

1.	Solve : Malware Assistance??
Answer» I apologize. I forgot, you're with Vista. Right click on AVG systray icon, click "Open AVG User Interface "Click on "Computer scanner" tab, then "SCAN history" button. You should SEE your latest scans there. Look under "Scan log information" column.Under the 'scan log information column' there are several 'scan was interrupted before completion's, but for the majority of scans this field is blank.Highlight the latest scan, and at the bottom, you'll see a link to save report.Scanlog attached [recovering disk space -- attachment deleted by admin]Well, it looks like AVG did pretty good job, so other scans came up clean... Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. I followed all of the steps in the previous post, and then ran an AVG scan which seems to have found all of the same threats again. New Scanlog attached. [recovering disk space -- attachment deleted by admin] Download SpywareBlaster - SECURE your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware If you don't know what ActiveX controls are, see hereOn the 10th I installed SpywareBlaster and SpywareGuard, after uninstalling SpywareTerminator. I wasn't sure whether or not they could all run together. SpywareGuard didn't seem to be working correctly (Vista). So on the 12th I UNINSTALLED SpywareGuard and reinstalled SpywareTerminator. I thought I had SpywarBlaster set up correctly, and don't ever use IE unless I have to. I'm running all of the scans over again. At one time SpywareGuard was a good program but it has been abanded and not updated in years. Many of the web pages we visit use ActiveX controls, only you seem to be running in to a lot of really bad ones. I think that the web history is whats being deleted and the malware isn't actually being installed.If you look closely at the log, no actual infection happened. These are all warnings about ActiveX, as evil said. You may try Firefox, which doesn't use ActiveX.I use Firefox nearly exclusively and have for some time. I'm certain this machine is infected. Using Wireshark I captured IGMP packets going to multicast IP's with a malicious reputation (Trusted Source). It's no longer connected to the internet. After removing the same ActiveX for the second time, I got it a third time without even opening IE and only having excepted cookies in Firefox from a few familiar sites. Our scans do not indicate any infection.Ok, maybe not an infection, but there is an apparent vulnerability. I am now blocking cookies though and have switched to Avast. All scans have been clear. I wonder if these were false positives. Avast finds nothing. I may REINSTALL AVG to find out. Thanks for your assistance.Quote I wonder if these were false positives. Very possible. Quote Avast finds nothing. I may reinstall AVG to find out. I wouldn't do it. Current AVG 8.0 is having numbers of problems. Avast is an excellent AV program. Using it myself.

Answer»

I apologize. I forgot, you're with Vista.
Right click on AVG systray icon, click "Open AVG User Interface "Click on "Computer scanner" tab, then "SCAN history" button. You should SEE your latest scans there.
Look under "Scan log information" column.Under the 'scan log information column' there are several 'scan was interrupted before completion's, but for the majority of scans this field is blank.Highlight the latest scan, and at the bottom, you'll see a link to save report.Scanlog attached

[recovering disk space -- attachment deleted by admin]Well, it looks like AVG did pretty good job, so other scans came up clean...

Your computer is clean

1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
Run CCleaner.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program

6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html

7. Let me know, how your computer is doing.
I followed all of the steps in the previous post, and then ran an AVG scan which seems to have found all of the same threats again.

New Scanlog attached.

[recovering disk space -- attachment deleted by admin] Download SpywareBlaster - SECURE your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*Using SpywareBlaster to protect your computer from Spyware and Malware
*If you don't know what ActiveX controls are, see hereOn the 10th I installed SpywareBlaster and SpywareGuard, after uninstalling SpywareTerminator. I wasn't sure whether or not they could all run together. SpywareGuard didn't seem to be working correctly (Vista). So on the 12th I UNINSTALLED SpywareGuard and reinstalled SpywareTerminator. I thought I had SpywarBlaster set up correctly, and don't ever use IE unless I have to. I'm running all of the scans over again. At one time SpywareGuard was a good program but it has been abanded and not updated in years.

Many of the web pages we visit use ActiveX controls, only you seem to be running in to a lot of really bad ones. I think that the web history is whats being deleted and the malware isn't actually being installed.If you look closely at the log, no actual infection happened. These are all warnings about ActiveX, as evil said.
You may try Firefox, which doesn't use ActiveX.I use Firefox nearly exclusively and have for some time. I'm certain this machine is infected. Using Wireshark I captured IGMP packets going to multicast IP's with a malicious reputation (Trusted Source). It's no longer connected to the internet. After removing the same ActiveX for the second time, I got it a third time without even opening IE and only having excepted cookies in Firefox from a few familiar sites. Our scans do not indicate any infection.Ok, maybe not an infection, but there is an apparent vulnerability. I am now blocking cookies though and have switched to Avast. All scans have been clear. I wonder if these were false positives. Avast finds nothing. I may REINSTALL AVG to find out. Thanks for your assistance.Quote

I wonder if these were false positives.

Very possible.
Quote

Avast finds nothing. I may reinstall AVG to find out.

I wouldn't do it. Current AVG 8.0 is having numbers of problems. Avast is an excellent AV program. Using it myself.

Solve : Malware Assistance??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment