Win32/Nugel.E and BankerFox.A

Hi,

My laptop has become infected with these two bugs. Ive downloaded Malwarebytes Anti-Malware but when I double click it doesnt open. I get a 'runtime error 00' message pop up for a split second and then go away.
I have Antivirus System Pro Alert poping up on the bottom right of the screen, a spyware aleast asking me to upgrade to antivirus system pro and lots of little red shields with an x in it continuously opening up on the very bottom toolbar.

Help....please!
Thanks so much

Oh....and i tried to download the hijackthis programme from this site but it is not available to download...'Sorry, the file you requested is not available.'

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

The computer that is infected will not let me open webpages so I am having to use another laptop and transfer the programme via a USB stick.

Combofix flashed up on the lower part of my screen but has dissappeared again

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

ComboFix 09-12-09.04 - Brett 10/12/2009 22:32:05.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.247 [GMT 0:00]
Running from: c:documents and settingsBrettdesktopcommy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsBrettLocal SettingsApplication Databndegd
c:documents and settingsBrettLocal SettingsApplication Databndegdjvubsysguard.exe
c:windowssystem32uninstall.exe

----- BITS: Possible infected sites -----

hxxp://sync.broadband.o2.co.uk:8080
.
((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 22:24 . 2009-12-10 22:24 -------- d-----w- C:FOUND.006
2009-12-10 20:45 . 2009-12-10 20:45 -------- d-----w- c:documents and settingsBrettLocal SettingsApplication DataDownloaded Installations
2009-12-10 20:44 . 2009-12-10 20:44 -------- d-----w- c:documents and settingsAll UsersApplication DataRegCure
2009-12-10 20:44 . 2009-12-10 20:44 -------- d-----w- c:program filesRegCure
2009-12-10 20:44 . 2009-12-03 16:14 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-10 20:44 . 2009-12-10 20:44 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-12-10 20:44 . 2009-12-03 16:13 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-12-10 20:43 . 2009-12-10 20:44 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-10 20:32 . 2009-10-30 11:11 233136 ----a-w- c:windowssystem32driverspctgntdi.sys
2009-12-10 20:32 . 2009-11-09 11:20 207792 ----a-w- c:windowssystem32driversPCTCore.sys
2009-12-10 20:32 . 2009-10-06 16:31 87784 ----a-w- c:windowssystem32driversPCTAppEvent.sys
2009-12-10 20:32 . 2009-09-03 09:45 70408 ----a-w- c:windowssystem32driverspctplsg.sys
2009-12-10 20:32 . 2009-12-10 20:32 -------- d-----w- c:program filesSpyware Doctor
2009-12-10 20:32 . 2009-12-10 20:32 -------- d-----w- c:program filesCommon FilesPC Tools
2009-12-10 20:32 . 2009-12-10 20:32 -------- d-----w- c:documents and settingsBrettApplication DataPC Tools
2009-12-10 20:32 . 2009-12-10 20:32 -------- d-----w- c:documents and settingsAll UsersApplication DataPC Tools
2009-12-10 20:31 . 2009-12-10 20:31 -------- d-----w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-10 20:02 . 2009-12-10 20:02 -------- d-----w- C:FOUND.005
2009-12-09 19:57 . 2009-12-09 19:57 -------- d-----w- c:documents and settingsBrettApplication DataSkyGolf
2009-11-22 22:48 . 2009-11-22 22:48 -------- d-----w- c:documents and settingsBrettApplication DataAVS4YOU
2009-11-22 22:48 . 2009-11-22 22:48 -------- d-----w- c:documents and settingsAll UsersApplication DataAVS4YOU
2009-11-22 22:45 . 2009-11-22 22:45 -------- d-----w- c:program filesCommon FilesAVSMedia
2009-11-22 22:45 . 2008-08-13 10:22 974848 ----a-w- c:windowssystem32mfc70.dll
2009-11-22 22:45 . 2008-08-13 10:22 487424 ----a-w- c:windowssystem32msvcp70.dll
2009-11-22 22:45 . 2009-11-22 22:45 -------- d-----w- c:program filesAVS4YOU
2009-11-22 22:45 . 2008-08-13 10:22 344064 ----a-w- c:windowssystem32msvcr70.dll
2009-11-22 22:45 . 2008-08-13 10:22 24576 ----a-w- c:windowssystem32msxml3a.dll
2009-11-16 22:09 . 2009-11-16 22:09 -------- d-----w- C:FOUND.004

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 09:04 . 2007-03-02 08:39 40800 ----a-w- c:documents and settingsBrettLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-11-06 09:02 . 2009-11-06 09:02 -------- d-----w- c:program filesMicrosoft
2009-11-06 09:02 . 2009-11-06 09:02 -------- d-----w- c:program filesWindows Live SkyDrive
2009-10-29 07:45 . 2006-01-09 11:08 916480 ----a-w- c:windowssystem32wininet.dll
2009-10-21 05:38 . 2004-08-04 05:00 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38 . 2004-08-04 05:00 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:windowssystem32drivershttp.sys
2009-10-18 19:35 . 2009-10-18 19:35 152576 ----a-w- c:documents and settingsBrettApplication DataSunJavajre1.6.0_15lzma.dll
2009-10-18 19:34 . 2009-10-18 19:34 -------- d-----w- c:program filesCCleaner
2009-10-18 16:25 . 2009-10-18 16:25 14 ----a-w- c:windowssystem32Systemdrv.sys
2009-10-13 10:30 . 2004-08-04 05:00 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:38 . 2004-08-04 05:00 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38 . 2004-08-04 05:00 79872 ----a-w- c:windowssystem32raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MsnMsgr"="c:program filesWindows LiveMessengerMsnMsgr.Exe" [2009-07-26 3883856]
"c:program filesNetMeterNetMeter.exe"="c:program filesNetMeterNetMeter.exe" [2007-08-11 331264]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"eDataSecurity Loader"="c:acerEmpowering TechnologyeDataSecurityeDSloader.exe 1" [X]
"PCSuiteTrayApplication"="c:program filesNokiaNokia PC Suite 6LaunchApplication.exe -startup" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:program filesRealtekInstallShieldAzMixerSel.exe" [2006-08-16 53248]
"IMJPMIG8.1"="c:windowsIMEimjp8_1IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:windowssystem32IMEPINTLGNTImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:windowssystem32IMETINTLGNTTINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:windowssystem32IMETINTLGNTTINTSETP.EXE" [2004-08-04 455168]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2006-08-15 766041]
"ATICCC"="c:program filesATI TechnologiesATI.ACECLIStart.exe" [2006-05-10 90112]
"LManager"="c:progra~1LAUNCH~1QtZgAcer.EXE" [2006-09-07 479232]
"eRecoveryService"="c:acerEmpowering TechnologyeRecoveryeRAgent.exe" [2006-06-01 413696]
"AVG8_TRAY"="c:progra~1AVGAVG8avgtray.exe" [2009-11-27 2029336]
"LogitechCommunicationsManager"="c:program filesCommon FilesLogiShrdLComMgrCommunications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:program filesLogitechQuickCam10QuickCam10.exe" [2006-12-22 756248]
"CaddieSyncLauncher"="c:program filesSkyGolfSkyCaddie DesktopCaddieSyncLauncher.exe" [2009-10-22 95744]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"PcSync"="c:program filesNokiaNokia PC Suite 6PcSync2.exe" [2006-11-09 1634304]

c:documents and settingsBrettStart MenuProgramsStartup
LimeWire On Startup.lnk - c:program filesLimeWireLimeWire.exe [2009-9-30 503808]

c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2009-08-30 09:04 11952 ----a-w- c:windowssystem32avgrsstx.dll

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\AVG\AVG8\avgupd.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\O2\agent\bin\bcont.exe"=
"c:\Program Files\O2\bin\wificfg.exe"=
"c:\Program Files\Common Files\SupportSoft\bin\ssrc.exe"=
"c:\Program Files\O2\agent\bin\bcont_nm.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe"=

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [10/12/2009 8:32 p.m. 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [5/08/2008 10:29 p.m. 335240]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [8/02/2009 9:57 a.m. 297752]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:program filesO2binsprtsvc.exe [4/03/2009 3:52 p.m. 202016]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:windowssystem32driversKS-959.sys [13/04/2007 4:35 p.m. 19018]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pga.co.nz/
uInternet Connection Wizard,ShellNext = hxxp://en.nz.acer.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
Trusted Zone: o2.co.uk*.broadband
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wpncffgs - c:documents and settingsBrettLocal SettingsApplication Databndegdjvubsysguard.exe
HKLM-Run-LaunchApp - (no file)
HKLM-Run-wpncffgs - c:documents and settingsBrettLocal SettingsApplication Databndegdjvubsysguard.exe
AddRemove-GoldWave v5.19 - c:documents and settingsBrettDesktopJunkGoldWaveunstall.exe
AddRemove-SLABCOMM - c:windowssystem32uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 22:37
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERSS-1-5-21-3006582075-3980647206-3948150123-1006SoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{A1FAEBDA-0910-F862-8FA6-C81D2EF7F181}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:windowssystem32Ati2evxx.dll
.
Completion time: 2009-12-10 22:38:30
ComboFix-quarantined-files.txt 2009-12-10 22:38

Pre-Run: 5,771,984,896 bytes free
Post-Run: 6,018,088,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 27B9DD5F388DDD85E59DA1DAF607EDDE

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/12/2009 11:31:19 p.m.
mbam-log-2009-12-10 (23-31-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170108
Time elapsed: 35 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A6852DCE-EEB0-4C61-AA50-0D98BDE97791}\RP313\A0088188.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Brett\Local Settings\Application Data\bndegd\jvubsysguard.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 8.5
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
CCleaner (remove only)
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?