Thread: log file of hijathis
View Single Post
Old 12-12-2006, 01:21 PM   #9 (permalink)
src2206
TSF Enthusiast
 
src2206's Avatar
 
Join Date: Apr 2006
Location: Kolkata, India
Posts: 2,068
OS: WinXP Pro SP3

My System

Send a message via Yahoo to src2206
Post
Hello Ang3ofd3ath .

Well done, your logs are clean!

Its good to know that your problem is solved. If the problem arise again I suggest that you should start a thread at our WindowsXP Support Forum for more specific help. You can post a link of this thread there and inform them that we have cleared you.

Please follow the next set of instructions to complete the cleaning procedure and to immune your system against the unwanted guests .

Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Installing Java and Clearing Cache

You does not seem to have Java installed in your machine. It is a necessary component for different applications to work properly as well as some websites also need this to be installed to be displayed properly.
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

You can also automate this process to save yourself from visiting Microsoft Update Site at regular intervals. To do that Enable Windows Auto Update in the following way
*Go to Start>Run - type wuaucpl.cpl
*Tick on the check box - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

SPYWARE PREVENTION SPEECH

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
PC Safety and Security--What Do I Need?
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • Spyware Blaster - to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .
  • Spyware Guard to catch and block spyware before it can execute.
  • IE-Spyad to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
    Now navigate to C:\ie-spyad. Double click to open it. From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list, by typing 2
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain, by typing 4
  • MVPS Hosts file - From within Host.zip, double click on MVPS.bat & allow it to run. This will replace your current Hosts file with one that will block known adware and spy websites

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

FIREWALLS

I suggest that you use a Third Party Firewall to protect your computer better. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
FIREFOX

I suggest strongly that you use an alternate browser-Mozilla's Firefox; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker. Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Two more good browsers are Opera and Avant. You can download Opera Web Browser from here and Avant can be downloaded from here. Avant is a browser based on IE engine, but with much more security integrated, like blocking Flash animations etc. It is also very lite on system resources. So those sites which require IE to operate, Avant can be the best and secured replacement.
Protective Programs
  • Install Spybot - Search and Destroy - Download, Install and update Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. During installation choose to enable the Teatimer option as this will give you real time protection against any registry changes.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Download, Install and update Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Update all these programs along with your AntiVirus regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • Run scans with your Anti Virus and other protective programs that I have listed here, at regular intervals and neutralize the threats that these softwares list.

Follow this list and your potential for being infected again will reduce dramatically.

Now to your questions:

Quote:
Another question i want to ask is if i can do all the scans and removals from the beggining anytime i want just to check my system.(This include cleanup too.)And active x and all the plugins that i used for scaning my pc will exist in my pc?How can i delete them?
Yes you can always do the scans whenever you require to do so. I do not think you need to go for the online scans as these scans generally do not remove any infection that is found. The best option is to scan your computer with your existing Anti Virus [with updated definition] in safe mode, practice safe surfing and install the above security softwares. The active x already installed can easily be removed using your ADD/REMOVE PROGRAMS.
You can use Cleanup! at regular intervals to keep your system clutter free.

Quote:
I also want to ask what is ''Application Layer Gateway Service"?Because my firewall asks me to permit it.The path that wants to follow is c:\windows\system32\alg.exe
Details:'Application Layer Gateway Service' from your computer wants to connect to 238-64.netrun.cytanet.com.cy [87.228.238.64], port 21
__________________
PanagiotisSs
Application Layer Gateway service is a component of of Windows OS. It is required if you use a 3rd party firewall or Internet Connection Sharing (ICS) to connect to the internet. Do not end this program in task manager - you will lose all internet connectivity until next restart or login. So please allow it and set as a rule in your firewall so that you do ot have to allow it every time you log in. You can check this link for more information.

If you have any more questions, feel free to get in touch with me and I would try to help you out my level best.

Happy Surfing .
__________________
Registered Linux user #426065
Last edited by src2206; 12-12-2006 at 01:24 PM.
src2206 is offline