VIRUS!!! UPS_invoice URGENT HELP NEEDED - My work computer is infected

Hi i have just had a virus infect my computer by opening an email can someone give me some advice on how to remove it from my computer? It started as a 'missed postage notice' in my e-mail box, said to print out the missed parcel receipt and take to the post, so i clicked on the compressed attached file and saved it to the desktop - My screen went green and said my computer was now infected!

ALSO 'Internet security 2010' the virus popped up on my screen after this incident so i found this website and downloaded MalWare and it successfully removed half of the virus... (internet security 2010) - But now my screen is STILL GREEN and says that my computer is still infected! there is now also a new icon on my desktop called UPS_INVOICE which is the infected compressed virus file - How do i abolish this from my computer COMPLETELY!!!!???!!


PLEASE HELP this is my work computer... Its a macintosh running windows... Thankyou soo much... any help is very appreciated!

Last edited by micah on 14th January 2010, 9:22 am; edited 2 times in total (Reason for editing : More info to provide!)

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

ComboFix 10-01-14.01 - Micah Harsh 15/01/2010 6:00.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2016.1576 [GMT 11:00]
Running from: c:\documents and settings\Micah Harsh\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\EventSystem.log
c:\windows\system32\18467.exe
c:\windows\system32\twain_32.dll
c:\windows\system32\warning.html

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 04:50 . 2010-01-14 04:50 -------- d-----w- c:\documents and settings\Micah Harsh\Application Data\Malwarebytes
2010-01-14 04:50 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 04:49 . 2010-01-14 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 04:49 . 2010-01-14 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 04:49 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 19:56 . 2010-01-13 19:56 212224 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-01-13 19:51 . 2010-01-13 19:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-13 19:40 . 2010-01-13 19:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-13 04:37 . 2010-01-13 04:37 -------- d-----w- C:\myob185
2010-01-12 21:24 . 2010-01-12 21:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 20:20 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:20 . 2010-01-10 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-01-10 19:19 . 2010-01-10 19:19 -------- d-----w- c:\documents and settings\Micah Harsh\Local Settings\Application Data\TomTom
2010-01-10 19:19 . 2010-01-10 19:19 -------- d-----w- c:\documents and settings\Micah Harsh\Application Data\TomTom
2010-01-10 19:19 . 2010-01-10 19:19 -------- d-----w- c:\program files\TomTom International B.V
2010-01-10 19:19 . 2010-01-10 19:19 -------- d-----w- c:\program files\TomTom HOME 2
2010-01-07 21:42 . 2010-01-07 21:42 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-12-27 04:47 . 2009-12-27 04:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-27 04:47 . 2009-12-27 04:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-27 04:46 . 2009-12-27 04:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-12-27 04:46 . 2009-12-27 04:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 19:04 . 2009-12-03 18:11 1660 ----a-w- c:\windows\bthservsdp.dat
2010-01-13 20:12 . 2009-05-29 05:46 2146040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-13 19:56 . 2004-08-04 01:00 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-01-13 19:40 . 2010-01-13 19:40 12 ----a-w- c:\documents and settings\Micah Harsh\Application Data\mvhgkr.dat
2010-01-12 21:24 . 2009-10-19 09:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-27 04:46 . 2009-07-22 18:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-24 09:49 . 2007-11-18 22:01 103896 ----a-w- c:\documents and settings\Micah Harsh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 06:56 . 2009-12-10 06:56 -------- d-----w- c:\program files\Telstra
2009-12-04 05:05 . 2009-12-04 05:05 -------- d-----w- c:\program files\DWG TrueView 2010
2009-11-26 21:16 . 2009-11-23 22:28 4 ----a-w- c:\windows\vx86036.dat
2009-11-23 22:31 . 2009-11-23 22:31 -------- d-----w- c:\documents and settings\Micah Harsh\Application Data\uTorrent
2009-11-23 22:28 . 2009-11-23 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MTC Software
2009-11-23 22:28 . 2009-11-23 22:28 -------- d-----w- c:\documents and settings\Micah Harsh\Application Data\MTC Software
2009-11-23 22:27 . 2009-11-23 22:27 -------- d-----w- c:\program files\MTC
2009-11-21 15:51 . 2004-08-04 01:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-11-17 03:12 . 2009-11-17 03:12 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-16 00:15 . 2009-11-16 00:15 0 ----a-w- c:\windows\nsreg.dat
2009-11-04 03:14 . 2009-11-04 03:14 152576 ----a-w- c:\documents and settings\Micah Harsh\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:45 . 2004-08-04 01:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 21:12 . 2009-03-17 00:14 72040 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-21 05:38 . 2004-08-04 01:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 01:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 01:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 09:03 . 2009-10-18 19:53 1374154 ----a-w- c:\program files\wrar390.exe
.

------- Sigcheck -------

[-] 2010-01-13 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-01-13 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 . 1DF7F42665C94B825322FAE71721130D . 182912 . . [5.1.2600.5512] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"IRW"="c:\windows\system32\IRW.exe" [2008-04-15 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-04-15 423216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-15 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 138008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-10-23 4854040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-09-11 2248704]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [15/04/2008 4:44 PM 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [15/04/2008 4:44 PM 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [15/04/2008 4:44 PM 5504]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [15/04/2008 4:44 PM 6528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 10:31 PM 92008]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [20/11/2007 12:42 AM 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [20/11/2007 12:42 AM 35072]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [20/11/2007 12:38 AM 9088]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [20/11/2007 12:42 AM 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [20/11/2007 12:42 AM 19968]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [24/10/2009 8:58 AM 582424]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [20/11/2007 12:41 AM 7424]
S3 iSightUpdate;iSight Update Driver;c:\windows\system32\drivers\iSightUP.sys [20/11/2007 12:37 AM 17664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/12/2009 5:57 PM 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [10/12/2009 5:57 PM 110080]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/10/2009 8:31 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2009-11-24 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-10-23 21:58]

2009-12-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 20:15]

2010-01-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 20:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {4945628B-BEBE-4092-B9A4-5392286B3387} = 10.0.0.138
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
FF - ProfilePath - c:\documents and settings\Micah Harsh\Application Data\Mozilla\Firefox\Profiles\tqmalr8k.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Nero\data\Xtras\mssysmgr.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\3.2\Apps\apdproxy.exe
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 06:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A66F530]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0x8a656bb0
PacketIndicateHandler -> NDIS.sys @ 0x8a645a0d
SendHandler -> NDIS.sys @ 0x8a659b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-15 06:10:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 19:10

Pre-Run: 1,542,471,680 bytes free
Post-Run: 6,553,206,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5F46DBC5328DACCC9D261759026B4B6E

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.44
Database version: 3565
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/01/2010 1:24:35 PM
mbam-log-2010-01-15 (13-24-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 249017
Time elapsed: 1 hour(s), 42 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B5477EE6-6EB3-4233-BF29-0D1CAE3FFA55}\RP526\A0105138.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5477EE6-6EB3-4233-BF29-0D1CAE3FFA55}\RP526\A0105141.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5477EE6-6EB3-4233-BF29-0D1CAE3FFA55}\RP526\A0105142.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5477EE6-6EB3-4233-BF29-0D1CAE3FFA55}\RP526\A0105143.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5477EE6-6EB3-4233-BF29-0D1CAE3FFA55}\RP526\A0105144.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5477EE6-6EB3-4233-BF29-0D1CAE3FFA55}\RP526\A0105258.sys (Malware.Trace) -> Quarantined and deleted successfully.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e9fd31fdcec57c4bb2b4ad8552fbde0f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-15 03:31:02
# local_time=2010-01-15 02:31:02 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=121126
# found=3
# cleaned=3
# scan_time=1671
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\warning.html.vir Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ndis.sys.vir Win32/Protector.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Thanks, so far so good here is the info you asked for


Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
``````````````````````````````
Anti-malware/Other Utilities Check:
XoftSpySE
JavaFX(TM) Production Suite
Java DB 10.4.1.3
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
:smile2:

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thanks for you valuable knowledge its much appreciated! Quick responses were invaluable!!

Very well.