Win32/Nuqel.E Virus!!!(Updated with Registry search tool res

Don't know what was wrong i think i posted it wrong , i don't know but i'm trying to post it again but the path gets deleted when posted for some reason maybe i should post a screen shot.

Below is what i typed in when i try to copy and paste. What was transfered into the results column it looked like what i posted before. Here is what i copy and pasted
-----------------
c:\windows\system32\tmwtsrno.ini
c:\windows\system32\oyiimiuc.ini
c:\windows\system32\qknpocao.ini
c:\windows\system32\eqiyhkpu.ini
c:\windows\efeyiqopacanar.dll
c:\windows\Iyiroluracanar.dll
c:\windows\system32\ykjesidk.ini
c:\windows\system32\jfvlwsds.ini
c:\windows\system32\wlnmfxkf.ini
c:\windows\system32\evvfbyik.ini
c:\windows\system32\vfoebn.dll
c:\windows\system32\cxqnnbbu.dl
c:\windows\system32\mst122.dll

Last edited by Zorx on 19th February 2009, 1:09 am; edited 2 times in total

Ah, that's why.
You have to tell OTMoveIt they are files, so that's why it has to have :files above what is listed.

:files
some files go here

^^^ like that.

so when i enter the text i must type ":files" without the quotes at the top then the paths of the files to be moved?

like this

------------

:files
c:\windows\system32\tmwtsrno.ini

(and the rest of the files follow here)

Last edited by Zorx on 19th February 2009, 1:12 am; edited 1 time in total

Yep, that's it.

Thanks Belahzur

Unfortunately between yesterday and today my friend let someone access the internet and reinfect the computer. the OTMoveIT log was posted before that happened. But i did use Hijackthis to remove some files that i thought that looked infected from the last time. In addition i ran Malwarebytes deleted a few things as well. then ran DDS obtained a log from that and then ran OTMoveIt and my above post was the result. But with the new info from you i will run it again with the \":files\" attribute.


Below i have posted the results from each program except for OTMoveIT Malwarebytes i forgot to get that one i will try to get this one. My friend does not live that close. I\'m just trying to help him out.

------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:20 PM, on 2/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe
F:\\HiJackThis.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar1.dll
O4 - HKLM\\..\\Run: [VTTimer] VTTimer.exe
O4 - HKLM\\..\\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\\..\\Run: [Sunkist2k] C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe
O4 - HKLM\\..\\Run: [nod32kui] \"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime
O4 - HKLM\\..\\Run: [HP Software Update] \"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\"
O4 - HKLM\\..\\Run: [HP Component Manager] \"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\RunOnce: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanupscript
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [qr5v6k46i8bdy] C:\\DOCUME~1\\orville\\LOCALS~1\\Temp\\jc3dj9oqleln.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\\Program Files\\Sandisk\\Common\\Bin\\WinCinemaMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\\Program Files\\RALINK\\Common\\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Filter hijack: text/html - {cc6e3e31-2bd8-48c7-86fb-7f5302833add} - C:\\WINDOWS\\system32\\mst122.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\system32\\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\\Program Files\\Eset\\nod32krn.exe

--
End of file - 4267 bytes


-----------------------------



DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by orville at 19:21:44.22 on Wed 02/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.282 [GMT -5:00]

AV: avast! antivirus 4.7.942 [VPS 090218-0] *On-access scanning enabled* (Updated)
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\\WINDOWS\\system32\\svchost -k DcomLaunch
svchost.exe
C:\\WINDOWS\\system32\\svchost.exe -k netsvcs
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
F:\\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\\program files\\google\\googletoolbar1.dll
uRun: [MSMSGS] \"c:\\program files\\messenger\\msmsgs.exe\" /background
uRun: [swg] c:\\program files\\google\\googletoolbarnotifier\\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\\windows\\system32\\ctfmon.exe
uRun: [qr5v6k46i8bdy] c:\\docume~1\\orville\\locals~1\\temp\\jc3dj9oqleln.exe
mRun: [VTTimer] VTTimer.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Sunkist2k] c:\\program files\\multimedia card reader\\shwicon2k.exe
mRun: [nod32kui] \"c:\\program files\\eset\\nod32kui.exe\" /WAITSERVICE
mRun: [SunJavaUpdateSched] \"c:\\program files\\java\\jre1.6.0_01\\bin\\jusched.exe\"
mRun: [Google Desktop Search] \"c:\\program files\\google\\google desktop search\\GoogleDesktop.exe\" /startup
mRun: [QuickTime Task] \"c:\\program files\\quicktime\\qttask.exe\" -atboottime
mRun: [HP Software Update] \"c:\\program files\\hp\\hp software update\\HPWuSchd.exe\"
mRun: [HP Component Manager] \"c:\\program files\\hp\\hpcoretech\\hpcmpmgr.exe\"
mRun: [avast!] c:\\progra~1\\alwils~1\\avast4\\ashDisp.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] \"c:\\program files\\malwarebytes\' anti-malware\\mbam.exe\" /runcleanupscript
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\wincin~1.lnk - c:\\program files\\sandisk\\common\\bin\\WinCinemaMgr.exe
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\hpdigi~1.lnk - c:\\program files\\hp\\digital imaging\\bin\\hpqtra08.exe
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\kodake~1.lnk - c:\\program files\\kodak\\kodak easyshare software\\bin\\EasyShare.exe
StartupFolder: c:\\docume~1\\alluse~1\\startm~1\\programs\\startup\\ralink~1.lnk - c:\\program files\\ralink\\common\\RaUI.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\\program files\\messenger\\msmsgs.exe
LSP: c:\\windows\\system32\\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
Filter: text/html - {cc6e3e31-2bd8-48c7-86fb-7f5302833add} - c:\\windows\\system32\\mst122.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\\program files\\hp\\hpcoretech\\comp\\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\\windows\\system32\\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S1 nod32drv;nod32drv;c:\\windows\\system32\\drivers\\nod32drv.sys [2007-6-12 15424]
S2 avast! Antivirus;avast! Antivirus;c:\\program files\\alwil software\\avast4\\ashServ.exe [2009-2-16 132736]
S2 NOD32krn;NOD32 Kernel Service;c:\\program files\\eset\\nod32krn.exe [2007-6-12 552064]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\\program files\\alwil software\\avast4\\ashMaiSv.exe [2009-2-16 255616]
S3 avast! Web Scanner;avast! Web Scanner;c:\\program files\\alwil software\\avast4\\ashWebSv.exe [2009-2-16 370304]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\\program files\\google\\google desktop search\\GoogleDesktop.exe [2007-11-12 29744]

=============== Created Last 30 ================

2009-02-16 21:41 --d----- c:\\docume~1\\orville\\applic~1\\Malwarebytes
2009-02-16 21:41 15,504 a------- c:\\windows\\system32\\drivers\\mbam.sys
2009-02-16 21:41 38,496 a------- c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2009-02-16 21:41 --d----- c:\\program files\\Malwarebytes\' Anti-Malware
2009-02-16 21:41 --d----- c:\\docume~1\\alluse~1\\applic~1\\Malwarebytes
2009-02-16 18:18 --d----- c:\\windows\\pss
2009-02-11 19:37 120 ---sh--- c:\\windows\\system32\\tmwtsrno.ini
2009-02-11 19:26 120 ---sh--- c:\\windows\\system32\\oyiimiuc.ini
2009-02-09 16:52 120 ---sh--- c:\\windows\\system32\\qknpocao.ini
2009-01-26 20:02 --dsh--- c:\\windows\\system32\\twain32
2009-01-26 20:01 1,530,740 ---sh--- c:\\windows\\system32\\eqiyhkpu.ini
2009-01-24 20:45 136,704 a------- c:\\windows\\efeyiqopacajuhi.dll
2009-01-24 19:15 1,526,355 ---sh--- c:\\windows\\system32\\ykjesidk.ini
2009-01-23 18:56 1,435,294 ---sh--- c:\\windows\\system32\\jfvlwsds.ini
2009-01-21 17:37 1,435,294 ---sh--- c:\\windows\\system32\\wlnmfxkf.ini
2009-01-20 17:29 1,435,294 ---sh--- c:\\windows\\system32\\evvfbyik.ini
2009-01-20 17:27 129,024 a------- c:\\windows\\system32\\vfoebn.dll
2009-01-20 17:27 129,024 a------- c:\\windows\\system32\\cxqnnbbu.dll

==================== Find3M ====================


============= FINISH: 19:22:04.79 ===============

Last edited by Zorx on 19th February 2009, 1:32 am; edited 1 time in total

Okay, lets kill this all at once.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [qr5v6k46i8bdy] C:\DOCUME~1\orville\LOCALS~1\Temp\jc3dj9oqleln.exe
  O18 - Filter hijack: text/html - {cc6e3e31-2bd8-48c7-86fb-7f5302833add} - C:\WINDOWS\system32\mst122.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\tmwtsrno.ini
  c:\windows\system32\oyiimiuc.ini
  c:\windows\system32\qknpocao.ini
  c:\windows\system32\eqiyhkpu.ini
  c:\windows\efeyiqopacajuhi.dll
  c:\windows\system32\ykjesidk.ini
  c:\windows\system32\jfvlwsds.ini
  c:\windows\system32\wlnmfxkf.ini
  c:\windows\system32\evvfbyik.ini
  c:\windows\system32\vfoebn.dll
  c:\windows\system32\cxqnnbbu.dll
  C:\WINDOWS\system32\mst122.dll
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

I will do those steps ASAp because like you i want to get this all behind me, this is really a pain LOL. I wish i owned a laptop and could connect at his house.

Before i posted anything today i tried to update java not by going on the internet but by loading it off my USB (with files that i downloaded with the updated JAVA you told me to get) and this is the error i got :

"The system administrator has set policies to prevent this installation"

i don't know how to change that so i'm able to install even though i was using the ADMIN account.

I think I found a solution to that, but lets get rid of the malware first, it's starting to annoy me.

Agreed

Hi

I want to finish everything tonight, because he doesn't have internet and i don't want to keep going back and forth between his house and mine. I'll do everything you posted the last time. But Can you tell me how to set up the privileges on the computer so i can update java? Because i want to do it all at once presuming that i removed all the infected files with the OtMoveIt tool.
Here is the error message again. Thanks

----------------------
"The system administrator has set policies to prevent this installation"

See here:
http://want2knw.wordpress.com/2007/04/23/windows-the-system-administrator-has-set-policies-to-prevent-this-installation/

Run the two commands in the blog post.

thanks I'll report back with updates

Here are 2 results from OTmoveIt

--------------


========== FILES ==========
c:\windows\system32\tmwtsrno.ini moved successfully.
c:\windows\system32\oyiimiuc.ini moved successfully.
c:\windows\system32\qknpocao.ini moved successfully.
c:\windows\system32\eqiyhkpu.ini moved successfully.
c:\windows\efeyiqopacajuhi.dll NOT unregistered.
c:\windows\efeyiqopacajuhi.dll moved successfully.
c:\windows\system32\ykjesidk.ini moved successfully.
c:\windows\system32\jfvlwsds.ini moved successfully.
c:\windows\system32\wlnmfxkf.ini moved successfully.
c:\windows\system32\evvfbyik.ini moved successfully.
LoadLibrary failed for c:\windows\system32\vfoebn.dll
c:\windows\system32\vfoebn.dll NOT unregistered.
File move failed. c:\windows\system32\vfoebn.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\cxqnnbbu.dll
c:\windows\system32\cxqnnbbu.dll NOT unregistered.
File move failed. c:\windows\system32\cxqnnbbu.dll scheduled to be moved on reboot.
File/Folder C:\window\system32\mst122.dll not found.
File/Folder :commands not found.
File/Folder [emptytemp] not found.
File/Folder [reboot] not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_190448

Files moved on Reboot...
File c:\windows\system32\vfoebn.dll not found!
File c:\windows\system32\cxqnnbbu.dll not found!



-----------------

SECOND mOVE THAT I DID

---------------
========== FILES ==========
File/Folder c:\windows\system32\tmwtsrno.ini not found.
File/Folder c:\windows\system32\oyiimiuc.ini not found.
File/Folder c:\windows\system32\qknpocao.ini not found.
File/Folder c:\windows\system32\eqiyhkpu.ini not found.
File/Folder c:\windows\efeyiqopacajuhi.dll not found.
File/Folder c:\windows\system32\ykjesidk.ini not found.
File/Folder c:\windows\system32\jfvlwsds.ini not found.
File/Folder c:\windows\system32\wlnmfxkf.ini not found.
File/Folder c:\windows\system32\evvfbyik.ini not found.
File/Folder c:\windows\system32\vfoebn.dll not found.
File/Folder c:\windows\system32\cxqnnbbu.dll not found.
File/Folder C:\WINDOWS\system32\mst122.dll not found.
File/Folder :commands not found.
File/Folder [emptytemp] not found.
File/Folder [reboot] not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_194348

Just an FYI, i updated the computer (Windows updates) before i left.

When i used my USB on my comp i found the "mst122.dll" Trojan on it. My thinking is that it jumped from his comp to my USB and that is why OtMoveIt said it was not found. I could be wrong.

Any way He called me when he restarted his comp and said even though his cables were plugged in for internet, when he opened his browser it said not connected. I think he's just a computer novice and doesn't know how to enter his Wireless network password. I'm almost positive of this.

Anyway those are the latest info on the problem right now

Okay. the vundo should be gone, did you update Java?

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.