Tech Support Forum - View Single Post - XP Infected with malware ProgDav and AntiVir XP 2008 fake program

**chemist** · 08-16-2008, 06:38 PM

Hello again, j_sollars.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

You have old versions of Java still installed. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Close any programs you may have running - especially your web browser.
Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
Click (highlight) the following items:
- J2SE Runtime Environment 5.0 Update 10
- J2SE Runtime Environment 5.0 Update 2
- J2SE Runtime Environment 5.0 Update 4
- J2SE Runtime Environment 5.0 Update 6
- J2SE Runtime Environment 5.0 Update 8
- Java 2 Runtime Environment, SE v1.4.2_03
- Java(TM) 6 Update 2
- Java(TM) 6 Update 3
- Java(TM) 6 Update 5
- Java(TM) 6 Update 3
- Java(TM) SE Runtime Environment 6 Update 1
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at any Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
new HijackThis log

08-16-2008, 06:38 PM	#13 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,241 OS: XP SP3	Re: XP Infected with malware ProgDav and AntiVir XP 2008 fake program Hello again, j_sollars. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ You have old versions of Java still installed. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components. Close any programs you may have running - especially your web browser. Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs Click (highlight) the following items: J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 2 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. ------------------------------------------------------ Please download ATF-Cleaner by Atribune and Save it to your Desktop. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ------------------------------------------------------ Please run this online scan to help look for remnants. Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at any Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Note To optimize scanning time and produce a more sensible report for review: Close any open programs. Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. ------------------------------------------------------ Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here. ------------------------------------------------------ Please post the following in your next reply: Kaspersky report new HijackThis log __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE