[Kenny1]

Your a genius neonfx, I was able to uninstall what was certainly a corrupted version of IE8 and reinstall, and doing a quick check of the new version the problems I was having are gone diddley, on... I'm terribly pleased, and am now moving on to step 4...

[NeonFx]

Excellent Take your time with the online scan as it can take quite a while to complete. It should take between 1 hour and 6, but it can take even longer sometimes.

[Kenny1]

Here is the Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, November 6, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, November 06, 2009 19:39:18
Records in database: 3160994
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 161252
Threats found: 1
Infected objects found: 0
Suspicious objects found: 1
Scan duration: 01:41:10


File name / Threat / Threats count
C:\Documents and Settings\User1\Local Settings\Application Data\Identities\{5EA2C5F9-D955-4206-8719-465469DCAF9A}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

[NeonFx]

Those results are good All it found was that there is a suspicious email in your Outlook Express Sent Items box. You should empty that out if you don't use it.


How's the computer running?

[Kenny1]

The computer seems to be fine I do refer often to my sent items folder, so I'm reluctant to empty that folder completely. I wonder if it's possible to track down the specific item?

In any case, let me ask a couple quick questions:

1. What is the best and most cost effective way of preventing this from happening again? I've been content with free AVG for a couple years now, but is that not an adequate defense any longer?
2. I have just subjected my laptop to the equivalent of a fairly thorough anal probe, and posted the results online. Is there any security concern or compromising data in this thread that I should be concerned about having on public display?

Also let me take this opportunity to thank you sincerely for your assistance. May the Gods bless you with great abundance

[NeonFx]

AVG is a great program. I understand you think it isn't protecting you because of this one instance, but honestly, this will happen to every security program out there with a lot of the most recent infections. The antivirus companies just can't keep up sometimes. You will have pretty much the same luck with any of the popular programs out there.

TechGuy makes it impossible for people other than yourself and the malware removal staff to view any attachments. But even if it was available to anyone, none of the information you gave us can be used to personally identify you or your system. You'll be fine leaving it on here.

Let's cleanup.


STEP 1

To clean up OldTimer's tools, along with a few others, do the following:

• Run OTS.exe by double clicking on it
• Click on the "CleanUp" button on the top.
• You will be asked if you wish to reboot your system, select "Yes"

STEP 2

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (Programs and Features in Vista/7)

All Clean

Congratulations!, , your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates


Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlockList Pro's HOSTS Manager HERE

• Double click the Installer on your desktop and let it Install the Hosts Manager
• After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
• When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
• Click Disable DNS Service. This is important
• In the Left Pane, click Download
• It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save

You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this.

Read further information HERE on how to prevent Malware infections and keep yourself clean.


Click on the "Solved" button at the top of this page to mark this thread as Solved. If you need anything else let me know.

[NeonFx]

Oh yeah, missed one thing: It's very hard to figure out exactly which email is infected or being detected as suspicious. Just as long as you're not grabbing attachments from those emails or clicking on suspicious links you should be fine.

[Kenny1]

I've completed the last list of assignments What a project this has been! A final querie with these things I've just downloaded:

-What am I supposed to do with HOSTS?
-Should WinPatrol be kept running all the time?

Once again thank you for the help. Your assistance has been spectacular.
Cheers!

[NeonFx]

The HOSTS file will keep you protected if you edited using the tool I described in my speech. See more information on it HERE

And yes You can keep WinPatrol running at all times. It will notify you of any changes in the registry in places it is watching over, and will protect you by doing so. There's also a lot you can do with it to tweak your system. See HERE for a little more information.

[Kenny1]

Hmmm, well, I'm having a problem (or problems) that may be an indication that all is not yet well with my laptop. I don't know if it is associated with the problems that we dealt with in this thread or not, but because the problem has been happening pretty much since then, I am suspicious...

The problem began with a file I did not recognize and could not delete in my audio drive (D), about which I began another thread here. But this problem quickly revealed another, and what appears to be more serious problem, which is that I cannot boot up my computer in safe mode. Please see post #8 of the above thread.

I am quite concerned about this and have received some advice that I may in fact have a corrupted operating system and that I may need to reinstall it and start over. I have alot of programs onboard I don't even know if I can find again so this is not an attractive option. Sooo, I'm throwing myself on the mercy of the tech guy forum for advice about this. Help very much appreciated.

[NeonFx]

That folder was legitimate.

Please download and run the following tool to fix the Safe Mode problems: http://download.bleepingcomputer.com...tKeyRepair.exe

[Kenny1]

NeonFx, once again you have hit the nail on the head. Thank you!! I had people (tech support for my laptop!) telling me my OS was probably corrupt and I needed to reinstall Windows Thank God you set me straight before I went that route. (I need a dancing with glee smilie...)

I wonder if I may please ask you one more question regarding another issue about which I have also begun another thread here. The bottom line with this problem is that it is unique to my laptop. There are a couple other computers in this house and web pages that I'm getting this error with the other computers are able to display fine. Also, it would seem the problem is not unique to IE because when I try to open the sites with Firefox they can't display there either.

Sorry for pestering you. I do very much appreciate your help.
Kind regards,

[NeonFx]

That one's easy. Did you install the Hosts file? That short circuits not only infected websites, but also a lot of advertising. A lot of ads can lead people to infected websites and that's why they are disabled.

Try resetting the Hosts file and check if that problem goes away.

[Kenny1]

Yes I did install the Hosts file. I'm not sure how to reset it though. I've just gone into the hosts manager but I can't see a "reset" button. So you think it's the Hosts file that's causing the problem? I opened the B.I.S.S. Hosts Switch and I saw where it said "disable hosts" so I disabled it, but the problem persists.

[NeonFx]

Open the B.I.S.S Hosts Manager (you might have to go to C:\Program Files\Bluetack\BissHosts\ and double click on "BissHosts" to open the right window) and click on the "Restore" button on the left panel. You will get a prompt for the action, say Yes and close the program.

Restart the computer and try it again.