Tech Support Forum - View Single Post

**Deckard** · 12-05-2006, 09:04 PM

You can get rid of the Ebates like so:

Uninstall Manager

Run HijackThis.
Go to Config || Misc Tools
Click the button labelled "Open Uninstall Manager".
To get a quick uninstall Log, click the "Save List" button
Find and select the following entries in order and click "Delete This Entry" for each one:
Web Savings from Ebates
When you've got them all, close HijackThis.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist:

C:\Documents and Settings\MD\Application Data\SpamExtract
C:\hijackthis\BACKUPS\backup-20041003-213452-817.inf
C:\hijackthis\BACKUPS\backup-20051213-211451-885.inf
C:\WINDOWS\system32\SAIEAU.DAT

Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address. The most important step is that you update your machine to Service Pack 2.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm and then click OK.

Reset System Restore

Go to Start>Run, type SYSDM.CPL and press Enter.
Select the System Restore tab.
Check "Turn off System Restore on all drives" and click Apply.
Now uncheck the same option and click OK.

Re-enable Protection
Turn back on any malware prevention tools we might have had you switch off.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Please ensure that you have already patched your system against these recent critical exploits:

WMF exploit: KB912919
VML exploit: KB925486

Enable Windows Auto Update:

Go to Start>Run, type WUAUCPL.CPL and press Enter.
Make sure "Keep my computer up to date" is checked.
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Update Java
You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop.
Close any programs you may have running -- especially your web browser(s).
Go to Start→Control Panel double-click on Add/Remove Programs.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each version of Java.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.
After the reboot, go back into the Control Panel and double-click the Java icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL three checked:
- Downloaded Applets
- Downloaded Applications
- Other Files
Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache.
Click OK to leave the Java Control Panel.

Tool Deletions
Feel free to remove these tools and their folders:

Autoruns and AutoCmd
CleanUp! (uninstall from Add/Remove Programs)
SmitfraudFix

You may want to keep AVG Anti-Spyware, as it will offer you some additional protection. It is a free 30 day trial, after which time you will need to manually update it yourself.

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.

AOL Active Virus Shield (powered by Kaspersky Antivirus)
BitDefender
Avira PersonalEdition Classic
Avast!
AVG

Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:

Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.

Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.

Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:

Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
Miranda-IM - another Instant Messenger client with multiple IM capabilities.
Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.

12-05-2006, 09:04 PM	#10 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	You can get rid of the Ebates like so: Uninstall Manager Run HijackThis. Go to Config \|\| Misc Tools Click the button labelled "Open Uninstall Manager". To get a quick uninstall Log, click the "Save List" button Find and select the following entries in order and click "Delete This Entry" for each one: Web Savings from Ebates When you've got them all, close HijackThis. Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist: C:\Documents and Settings\MD\Application Data\SpamExtract C:\hijackthis\BACKUPS\backup-20041003-213452-817.inf C:\hijackthis\BACKUPS\backup-20051213-211451-885.inf C:\WINDOWS\system32\SAIEAU.DAT Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address. The most important step is that you update your machine to Service Pack 2. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm and then click OK. Reset System Restore Go to Start>Run, type SYSDM.CPL and press Enter. Select the System Restore tab. Check "Turn off System Restore on all drives" and click Apply. Now uncheck the same option and click OK. Re-enable Protection Turn back on any malware prevention tools we might have had you switch off. Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection. Please ensure that you have already patched your system against these recent critical exploits: WMF exploit: KB912919 VML exploit: KB925486 Enable Windows Auto Update: Go to Start>Run, type WUAUCPL.CPL and press Enter. Make sure "Keep my computer up to date" is checked. Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Update Java You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop. Close any programs you may have running -- especially your web browser(s). Go to Start→Control Panel double-click on Add/Remove Programs. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each version of Java. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version. After the reboot, go back into the Control Panel and double-click the Java icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL three checked: Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache. Click OK to leave the Java Control Panel. Tool Deletions Feel free to remove these tools and their folders: Autoruns and AutoCmd CleanUp! (uninstall from Add/Remove Programs) SmitfraudFix You may want to keep AVG Anti-Spyware, as it will offer you some additional protection. It is a free 30 day trial, after which time you will need to manually update it yourself. Malware Prevention This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them. Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer". The following is a list of free software we recommend: Antivirus AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one. AOL Active Virus Shield (powered by Kaspersky Antivirus) BitDefender Avira PersonalEdition Classic Avast! AVG Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use: Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Sunbelt Kerio Personal Firewall Outpost Firewall PRO Realtime Malware Prevention Tools These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time. Spyware Guard Spybot Search & Destroy AdAware WinPatrol - with tutorial Passive Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources. SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates. IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage. MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites. McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firefox Opera Alternative Miscellaneous Here are some alternatives that are worth looking into if you use their features: Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.) Miranda-IM - another Instant Messenger client with multiple IM capabilities. Desktop Weather - A taskbar weather program that is free and resource light. Please respond to this thread one more time so we can mark this thread as resolved. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006