Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Congratulations your logs look clean
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
Uninstall OTMoveIt (OTM.exe)
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
You can also delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002.
Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
I performed your last few instructions and everything looks great. =] You have my many thanks.
The 'Desktop Destroyer.exe' you inquired about is a program I received from a friend of mine many years ago. It's a neat little toy that takes the image of your desktop and lets you destroy it with things like machine guns, etc. He's very careful with his software, so I trust what he gives me.
Um, you said my logs all appear clean. Then why did the ActiveScan log say I have 42 malware files?
Alright, I will take your advice about scanning and programs and read that article. I have a question though. When I scan once a month with ActiveScan, what do I remove the infected files with?
The 'Desktop Destroyer.exe' you inquired about is a program I received from a friend of mine many years ago. It's a neat little toy that takes the image of your desktop and lets you destroy it with things like machine guns, etc. He's very careful with his software, so I trust what he gives me.
That's fine, as long as you know what iy is and why it is there
Um, you said my logs all appear clean. Then why did the ActiveScan log say I have 42 malware files?
Most of what Active Scan found were Cookies (40 of those). Just clear your browser history to remove those.
The only ones that were of any problem at all were the three I asked you to remove.
I have a question though. When I scan once a month with ActiveScan, what do I remove the infected files with?
It depends on what is found,
If you look at what is left after the cookies are take out then you can decide to either delete the files or just ignore them
eg from your previous log
Desktop Destroyer!.exe << You know what this is
C:\I386\GTDownDE_87.ocx << I386 folder was installed when you bought the machine, no problem there.
C:\Documents and Settings\~\mirc634.exe << mIRC files are flagged due to the way they work, if you installed it there is no problem
C:\Program Files\AIM\Sysfiles\AIMWDInstall.exe << AOL dross, delete or leave -- your choice
C:\System Volume Information\~\A0235619.exe << System Restore files, these will be gone if you turn Sys Restore off then on again.
Comments
Did you download this file ?
C:\Documents and Settings\Ted TM Sadler\My Documents\Programs\Stuff From Clinton\Desktop Destroyer!.exe
If you don't know what it is, add it to the list of files in the next instructions
OTMoveIt
Please download OTM by OldTimer and save it to your desktop
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Congratulations your logs look clean
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
Uninstall OTMoveIt (OTM.exe)
You can also delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details
AntiSpyware
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Prevention
Each does a different job, so you can have more than one
Internet Browsers
Using a different web browser can help stop malware getting on your machine.
If you are still using IE6 then either update, or get one of the following.
Cleaning Temporary Internet Files and Tracking Cookies
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
Also PLEASE read this article.....So How Did I Get Infected In The First Place
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
The 'Desktop Destroyer.exe' you inquired about is a program I received from a friend of mine many years ago. It's a neat little toy that takes the image of your desktop and lets you destroy it with things like machine guns, etc. He's very careful with his software, so I trust what he gives me.
Um, you said my logs all appear clean. Then why did the ActiveScan log say I have 42 malware files?
Alright, I will take your advice about scanning and programs and read that article. I have a question though. When I scan once a month with ActiveScan, what do I remove the infected files with?
Most of what Active Scan found were Cookies (40 of those). Just clear your browser history to remove those.
The only ones that were of any problem at all were the three I asked you to remove.
It depends on what is found,
If you look at what is left after the cookies are take out then you can decide to either delete the files or just ignore them
eg from your previous log
Desktop Destroyer!.exe << You know what this is
C:\I386\GTDownDE_87.ocx << I386 folder was installed when you bought the machine, no problem there.
C:\Documents and Settings\~\mirc634.exe << mIRC files are flagged due to the way they work, if you installed it there is no problem
C:\Program Files\AIM\Sysfiles\AIMWDInstall.exe << AOL dross, delete or leave -- your choice
C:\System Volume Information\~\A0235619.exe << System Restore files, these will be gone if you turn Sys Restore off then on again.
Hopefully, I won't have to return here again, if I follow your advice. =P
Feel free to archive this now if you wish. =3
Thanks again!
Theon