Tech Support Forum - View Single Post

Sempurna · 02-23-2007, 08:30 AM

Hi tsf1jay,

Well, it is entirely up to you whether you want to keep McAfee or not. It is a good and reliable AV. I’ve never used a paid security suite before, but I hear that they may use up a lot of system resources, and may slow down your system.

You can set up your own FREE security suite if you like. In some cases, they can be better than the paid security suites. You may look at this site for more info:
http://wiki.castlecops.com/Roll_your...Security_Suite

I myself use Active Virus Shield powered by Kaspersky (NOTE: please do NOT install the Security Toolbar that comes with it) as my onboard AV. It is highly rated by our own experts and by the security community at large. And it is FREE! It is rated No. 2 in this test:
http://www.virus.gr/english/fullxml/default.asp?id=82

For my firewall, I use Comodo Personal Firewall, another excellent and FREE security app. It even beats many paid firewalls! It is robust, passes the majority of leak tests, easy to use (and has pro features if you know how to use them… if you don’t, leave them things on the default settings), and it is FREE!:

The other tools I use to protect my system are in the Roll your own Free Security Suite site. I use IE-SPYAD and SpywareBlaster for protection (they take no system resources at all, although you have to manually update them). I also use SUPERAnti-Spyware, Spybot-S&D, Ad-Aware SE, and AVG Anti-Spyware for ad-hoc scans. You have to manually update these, too.

OK, let’s continue with the cleaning up of your system.

NEXT:

Please download LSPFix and save it to your desktop:

Disconnect from the Internet.
Unzip the LSPFix file to your desktop.
Open the lspfix folder and double-click on LSPFix.exe to start the program.
Check the "I know what I'm doing" checkbox.
Select (highlight) all instances of "msnetax.dll" in the left-hand column under "Keep".
Click the arrow >> so it goes over to the right-hand column under "Remove".
Then click Finish to allow LSPFix to rebuild the LSP chain.

NEXT:

Please run OTMoveIt and quarantine these files:

c:\windows\system32\msnetax.dll
C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\WINDOWS\temp\BIT3B.tmp
C:\WINDOWS\temp\BIT3B1.tmp
C:\WINDOWS\temp\BITE2.tmp
C:\WINDOWS\temp\win16C7.tmp
C:\WINDOWS\temp\win55DD.tmp
C:\WINDOWS\temp\winBC04.tmp

NEXT:

Please delete this folder:

C:\WINDOWS\F?nts

The question mark (?) could be a foreign alphabet or a symbol. Or it could just be "Fonts".

NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:

Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Once installed, run CCleaner and click the Windows tab.
Select the following:
- Check everything under the Internet Explorer section.
- Check everything under the Windows Explorer section.
- Check everything under the System section.
- Check ONLY Old Prefetch data under the Advanced section.
Then, click the Applications tab:
- UNCHECK everything there.
Next, click the Options button, then click the Advanced button:
- UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

NEXT:

Please do an online scan with Panda ActiveScan:

Once you are on the Panda site click the "Scan your PC" button located at the bottom of the page.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Free Online Scan" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When the download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

NEXT:

Please do an online scan with Kaspersky Online Scanner:

Click on Kaspersky Online Scanner.
You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Now click on Scan Settings.
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
  Extended
- Scan Options:
  Scan Archives
  Scan Mail Bases
Click OK.
Now under select a target to scan:
- Select My Computer.
This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save Report As button.
- In the File name: field, type kavscan.
- In the Save as type: field, select Text file (*.txt).
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

NEXT:

Please download ComboScan by Deckard and save it to your desktop:

Close all applications and windows (including this one).
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open – ComboScan.txt.
Copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the contents of ComboScan.txt in your next reply.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The log from the Panda scan.
The log from the Kaspersky scan.
The logs from ComboScan.

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

02-23-2007, 08:30 AM	#6 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Hi tsf1jay, Well, it is entirely up to you whether you want to keep McAfee or not. It is a good and reliable AV. I’ve never used a paid security suite before, but I hear that they may use up a lot of system resources, and may slow down your system. You can set up your own FREE security suite if you like. In some cases, they can be better than the paid security suites. You may look at this site for more info: http://wiki.castlecops.com/Roll_your...Security_Suite I myself use Active Virus Shield powered by Kaspersky (NOTE: please do NOT install the Security Toolbar that comes with it) as my onboard AV. It is highly rated by our own experts and by the security community at large. And it is FREE! It is rated No. 2 in this test: http://www.virus.gr/english/fullxml/default.asp?id=82 For my firewall, I use Comodo Personal Firewall, another excellent and FREE security app. It even beats many paid firewalls! It is robust, passes the majority of leak tests, easy to use (and has pro features if you know how to use them… if you don’t, leave them things on the default settings), and it is FREE!: The other tools I use to protect my system are in the Roll your own Free Security Suite site. I use IE-SPYAD and SpywareBlaster for protection (they take no system resources at all, although you have to manually update them). I also use SUPERAnti-Spyware, Spybot-S&D, Ad-Aware SE, and AVG Anti-Spyware for ad-hoc scans. You have to manually update these, too. OK, let’s continue with the cleaning up of your system. NEXT: Please download LSPFix and save it to your desktop: Disconnect from the Internet. Unzip the LSPFix file to your desktop. Open the lspfix folder and double-click on LSPFix.exe to start the program. Check the "I know what I'm doing" checkbox. Select (highlight) all instances of "msnetax.dll" in the left-hand column under "Keep". Click the arrow >> so it goes over to the right-hand column under "Remove". Then click Finish to allow LSPFix to rebuild the LSP chain. NEXT: Please run OTMoveIt and quarantine these files: c:\windows\system32\msnetax.dll C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\WINDOWS\temp\BIT3B.tmp C:\WINDOWS\temp\BIT3B1.tmp C:\WINDOWS\temp\BITE2.tmp C:\WINDOWS\temp\win16C7.tmp C:\WINDOWS\temp\win55DD.tmp C:\WINDOWS\temp\winBC04.tmp NEXT: Please delete this folder: C:\WINDOWS\F?nts The question mark (?) could be a foreign alphabet or a symbol. Or it could just be "Fonts". NEXT: Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind. Please download CCleaner (freeware) and save it to your desktop: Run the CCleaner installer. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar". Once installed, run CCleaner and click the Windows tab. Select the following: Check everything under the Internet Explorer section. Check everything under the Windows Explorer section. Check everything under the System section. Check ONLY Old Prefetch data under the Advanced section. Then, click the Applications tab: UNCHECK everything there. Next, click the Options button, then click the Advanced button: UNCHECK : "Only delete files in Windows Temp folders older than 48 hours". Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit. CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system. NEXT: Please do an online scan with Panda ActiveScan: Once you are on the Panda site click the "Scan your PC" button located at the bottom of the page. A new window will open... click the "Check Now" button. Enter your Country. Enter your State/Province. Enter your e-mail address. Select either Home User or Company. Click the big "Free Online Scan" button. If it wants to install an ActiveX component allow it. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes). When the download is complete, click on "Local Disks" to start the scan. When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply. NEXT: Please do an online scan with Kaspersky Online Scanner: Click on Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded click on Next. Now click on Scan Settings. In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK. Now under select a target to scan: Select My Computer. This program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save Report As button. In the File name: field, type kavscan. In the Save as type: field, select *Text file (.txt). Save the file to your desktop. Copy and paste that information in your next post. Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. NEXT: Please download ComboScan by Deckard and save it to your desktop: Close all applications and windows (including this one). Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open – ComboScan.txt. Copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the contents of ComboScan.txt in your next reply. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. Please attach Supplementary.txt to your post. Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. NEXT: Please REBOOT** your computer normally into Windows and post these logs in your next reply: The log from the Panda scan. The log from the Kaspersky scan. The logs from ComboScan. Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 02-23-2007 at 08:33 AM.