BankerFox etc... help

I have all the pop ups etc...associated with banker fox or some other system32 trojans. How do I remove them?

I have an online business that is seriously hurt by this set back! Please help.

-erin

Bump.

You could have got help faster if you did not bump your topic. Please stay patient, as both of us helpers lead busy lives.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

Hi and Sorry. I thought it would help to 'bump' this thread.

ComboFix 10-01-17.02 - Erin 01/18/2010 8:20.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2036.898 [GMT -5:00]
Running from: c:\users\Erin\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3168843342-2594981274-797375477-500

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-18 13:18 . 2010-01-18 13:19 -------- d-----w- C:\32788R22FWJFW
2010-01-17 16:06 . 2010-01-17 16:30 -------- d-----w- c:\program files\Spyware Doctor
2010-01-17 16:06 . 2010-01-17 16:30 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-17 16:01 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 16:01 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-17 15:43 . 2010-01-17 15:45 680 ----a-w- c:\users\Erin\AppData\Local\d3d9caps.dat
2009-12-24 21:20 . 2009-12-24 21:20 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 08:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 18:00 . 2008-03-27 03:06 10036 ----a-w- c:\users\Erin\AppData\Roaming\wklnhst.dat
2010-01-07 13:01 . 2008-08-11 15:36 -------- d-----w- c:\users\Erin\AppData\Roaming\skypePM
2010-01-05 00:00 . 2008-08-11 15:34 -------- d-----w- c:\users\Erin\AppData\Roaming\Skype
2009-12-06 22:51 . 2009-12-04 15:40 -------- d-----w- c:\users\Erin\AppData\Roaming\Samsung
2009-12-06 22:51 . 2009-12-04 15:39 -------- d-----w- c:\program files\Samsung
2009-12-06 22:51 . 2008-03-18 23:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 22:51 . 2009-12-04 15:39 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-04 15:43 . 2009-12-04 15:43 -------- d-----w- c:\programdata\PC Suite
2009-12-04 15:43 . 2009-12-04 15:43 -------- d-----w- c:\users\Erin\AppData\Roaming\PC Suite
2009-12-04 15:40 . 2009-12-04 15:40 -------- d-----w- c:\program files\DIFX
2009-12-02 22:48 . 2009-12-02 22:48 -------- d-----w- c:\users\Erin\AppData\Roaming\PeerNetworking
2009-12-02 22:45 . 2008-03-18 23:33 -------- d-----w- c:\program files\Roxio
2009-12-01 08:19 . 2009-12-01 08:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-01 08:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-01 08:18 . 2009-12-01 08:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-30 15:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-30 15:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-30 15:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-30 15:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-30 15:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-30 15:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-09 12:31 . 2009-12-09 08:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 08:02 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 08:02 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-03 02:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 08:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11 . 2009-12-09 01:14 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 01:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-03-19 07:08 . 2008-03-19 06:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

c:\users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-4-27 385024]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-11-28 46432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-18 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1c,76,ee,8c,ce,71,ca,01

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [3/18/2008 6:29 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [3/18/2008 6:29 PM 19008]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/17/2008 11:54 AM 21504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [12/4/2009 10:40 AM 36608]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCTSDINJDRIVER32
*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 00:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\unlahzbb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 08:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-18 08:31:50
ComboFix-quarantined-files.txt 2010-01-18 13:31

Pre-Run: 220,505,247,744 bytes free
Post-Run: 220,538,757,120 bytes free

- - End Of File - - F042F8202B60826BC0D94B245F74DA56

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.44
Database version: 3596
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/18/2010 9:38:51 PM
mbam-log-2010-01-18 (21-38-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 247036
Time elapsed: 51 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Erin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\73012177-2c154453 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

Cheetah Anti-Rogue v1.1.1
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 01/19/2010 - Time: 8:47:40 - Arch.: x86 - Mode?


-- Known infection --



Extra message: Detection only.


EOF

Please run the F-Secure Online Scanner

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

Scanning Report
Tuesday, January 19, 2010 16:32:07 - 17:08:40

Computer name: BBJMACHINE
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
12 malware found
TrackingCookie.Questionmarket (spyware)

* System (Disinfected)

TrackingCookie.2o7 (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Adrevolver (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 41220
* System: 4226
* Not scanned: 18

Actions:

* Disinfected: 12
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\ERIN\APPDATA\LOCAL\TEMP\ETILQS_AXX4BHLJQUDAODHVCYHY
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CACE5C0F044389F0E58FB3842D3ECD3_8E6053AA-0A1B-463C-B6F2-56867770387E
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CACE5C0F044389F0E58FB3842D3ECD3_8E6053AA-0A1B-463C-B6F2-56867770387E

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

Now how is your computer running?

Are you ready to check the security of your computer?

It seemed to be running much more smoothly even after the combofix, thank you very much! Does this mean that the problem is gone? Can you tell from the logs what the problem was to begin with?

I'm ready to check the security of my computer. How do I do that?

Seems to be clean. You just had a couple of harmless trojans.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?