That is what came with the pc and when I Have done system restores in the past I get Norton back for 2 months. I think I have had this pc 4 years now. I use mcafee now and threatfire on the one in the bedroom so I guess we can get rid of Norton.
1. Download SymNRT to your Desktop. Run the tool and follow the instructions. You can delete SymNRT afterwards.
2. Click Start > Run > type: combofix /u > Press OK. This will uninstall ComboFix.
3. You can keep MalwareBytes, if you wish, but please delete Flash_Disinfector.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
(Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start > Run > type control sysdm.cpl,,4 & press Enter
Tick on the checkbox - Turn off System Restore on all drives
Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
DISABLE THE VIEWING OF SYSTEM FILES
From Windows Explorer, go to Tools > Folder Options> View tab.
Untick - Show hidden files and folder
Tick - Hide file extensions for known types
Tick - Hide protected operating system files
Click Yes to confirm & then click OK
SECURING INTERNET EXPLORER
From within Internet Explorer click on the Tools menu and then click on Internet Options.
Select the Security tab
Click once on the Internet icon so it becomes highlighted.
Select Custom Level .
Change 'Download signed ActiveX controls' to Prompt
Change 'Download unsigned ActiveX controls' to Disable
Change 'Initialize and script ActiveX controls not marked as safe' to Disable
Change 'Installation of desktop items' to Prompt
Change 'Launching programs and files in an IFRAME' to Prompt
Change 'Navigate sub-frames across different domains' to Prompt
When all these changes have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Select OK to exit the Internet Properties page.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
FIREWALL
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html
Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial43.html
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial48.html
SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
http://www.trillian.cc - Trillian or http://www.miranda-im.com - Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html
After doing all these, your system will be optimised against future threats.
It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Please respond to this thread one more time so we can mark this thread as resolved.
Comments
I see some entries for Norton. Do you have any Norton programs on the computer or would you like to remove these?
Let me know and then we do the final cleanup.
1. Download SymNRT to your Desktop. Run the tool and follow the instructions. You can delete SymNRT afterwards.
2. Click Start > Run > type: combofix /u > Press OK. This will uninstall ComboFix.
3. You can keep MalwareBytes, if you wish, but please delete Flash_Disinfector.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
(Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
- CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
- DISABLE THE VIEWING OF SYSTEM FILES
- SECURING INTERNET EXPLORER
- Select the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Select Custom Level .
- Change 'Download signed ActiveX controls' to Prompt
- Change 'Download unsigned ActiveX controls' to Disable
- Change 'Initialize and script ActiveX controls not marked as safe' to Disable
- Change 'Installation of desktop items' to Prompt
- Change 'Launching programs and files in an IFRAME' to Prompt
- Change 'Navigate sub-frames across different domains' to Prompt
- When all these changes have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Select OK to exit the Internet Properties page.
- ANTIVIRUS SOFTWARE
- FIREWALL
- Microsoft Windows Update - http://www.windowsupdate.com
- SPYBOT - SEARCH & DESTROY
- AD-AWARE
- SPYWAREBLASTER
- IE-SPYAD
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Go to Start > Run > type control sysdm.cpl,,4 & press Enter
- Tick on the checkbox - Turn off System Restore on all drives
- Click Apply
Turn it back 'On' by unticking the same checkbox & click OKFrom Windows Explorer, go to Tools > Folder Options> View tab.
- Untick - Show hidden files and folder
- Tick - Hide file extensions for known types
- Tick - Hide protected operating system files
Click Yes to confirm & then click OKFrom within Internet Explorer click on the Tools menu and then click on Internet Options.
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources ? http://www.bleepingcomputer.com/forums/topict405.html
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial43.html
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial48.html
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm
Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
- http://www.trillian.cc - Trillian or http://www.miranda-im.com - Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
- http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
- http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
- http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.
- http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
- http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.htmlERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
A tutorial for this product is located here: http://www.winpatrol.com/features.html
After doing all these, your system will be optimised against future threats.
It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Please respond to this thread one more time so we can mark this thread as resolved.
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead (grin)