unknown 04 start up ? - Page 2

heyup · 10-24-2007, 10:01 AM

Those two files sent packing.
Cheers.

tetonbob · 10-24-2007, 10:02 AM

Ok, great.

We cross posted, and we're now on page two. I'm not sure if you've seen my post #20.

heyup · 10-24-2007, 10:10 AM

Quote:

So, you can create new shortcuts, but they don't function?

Correct.

Quote:

Do you only use IE?

I also use firefox.

Quote:

When you first opened IE after running ComboFix, did it ask about default browser?

No mate.

Quote:

Is it set to default?

No, i prefer firefox as my default (better security), and have been using it for a good while now.

Do you want me to change from firefox to IE as my default?

MANY thanks.

tetonbob · 10-24-2007, 10:15 AM

No, keep the Fox as default. I prefer it for the same reasons.

The same questions apply to Firefox.

When you first opened FF after running ComboFix, there should have been a message about making it default. A quick click on Yes should have allowed you to continue.

The shortcuts created, do they appear on the desktop as Firefox icons?

heyup · 10-24-2007, 10:25 AM

Quote:

When you first opened FF after running ComboFix, there should have been a message about making it default. A quick click on Yes should have allowed you to continue.

No message as far as i know.

Quote:

The shortcuts created, do they appear on the desktop as Firefox icons?

yes.

Just while i was waiting, i went into firefox options-main tab-system defaults-always check to see if firefox is the default on startup-check now, and it came back.....firefox is not currently set as your default browser.

Should i set it back as my default browser now and see if sorts it out?

Thanks.

tetonbob · 10-24-2007, 10:25 AM

Yes, please. That might be the issue.

heyup · 10-24-2007, 10:27 AM

BINGO

All back to normal.

tetonbob · 10-24-2007, 10:31 AM

Excellent! Good work.

We're all but done here.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

-------------------------------------------------------------------------------------------------------------------------------

Your logs appear clean.You should be good to go. We still have a few items to address.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

heyup · 10-24-2007, 10:40 AM

Ran that command mate.

All i can say is a massive THANK YOU for your easy to follow instructions, and help in fighting this bugger. Its been really interesting.

I will be taking a good look at your instructions on how to stay safe

CHEERS AND GOOD LUCK.

Shaun.

tetonbob · 10-24-2007, 10:46 AM

My pleasure, Shaun.

Happy Computing, and Safe Surfing to you.

10-24-2007, 10:01 AM	#21 (permalink)
heyup Registered User Join Date: Sep 2007 Location: south yorkshire, uk. Posts: 16 OS: xp media	Re: unknown 04 start up ? Those two files sent packing. Cheers.

10-24-2007, 10:02 AM	#22 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,749 OS: 2000 Pro; XP Pro; XP Home	Re: unknown 04 start up ? Ok, great. We cross posted, and we're now on page two. I'm not sure if you've seen my post #20. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

10-24-2007, 10:15 AM	#24 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,749 OS: 2000 Pro; XP Pro; XP Home	Re: unknown 04 start up ? No, keep the Fox as default. I prefer it for the same reasons. The same questions apply to Firefox. When you first opened FF after running ComboFix, there should have been a message about making it default. A quick click on Yes should have allowed you to continue. The shortcuts created, do they appear on the desktop as Firefox icons? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

10-24-2007, 10:25 AM	#26 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,749 OS: 2000 Pro; XP Pro; XP Home	Re: unknown 04 start up ? Yes, please. That might be the issue. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

10-24-2007, 10:27 AM	#27 (permalink)
heyup Registered User Join Date: Sep 2007 Location: south yorkshire, uk. Posts: 16 OS: xp media	Re: unknown 04 start up ? BINGO All back to normal.

10-24-2007, 10:31 AM	#28 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,749 OS: 2000 Pro; XP Pro; XP Home	Re: unknown 04 start up ? Excellent! Good work. We're all but done here. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. ------------------------------------------------------------------------------------------------------------------------------- Your logs appear clean.You should be good to go. We still have a few items to address. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

10-24-2007, 10:40 AM	#29 (permalink)
heyup Registered User Join Date: Sep 2007 Location: south yorkshire, uk. Posts: 16 OS: xp media	Re: unknown 04 start up ? Ran that command mate. All i can say is a massive THANK YOU for your easy to follow instructions, and help in fighting this bugger. Its been really interesting. I will be taking a good look at your instructions on how to stay safe CHEERS AND GOOD LUCK. Shaun.

10-24-2007, 10:46 AM	#30 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,749 OS: 2000 Pro; XP Pro; XP Home	Re: unknown 04 start up ? My pleasure, Shaun. Happy Computing, and Safe Surfing to you. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.