Heavy infection

[Sammeke]

Im asking this from my friends computer.
Processor: AMD Athon (tm) processor 1200Mhz
Memory: 256 MB

Windows 2000 - Professional (5.0.2195)
Service pack 4

Anti virus software:
- AVG free Edition
- Ewido
- Spybot S&D

We have run al these programs and a pop up keeps appering
Win Antivirus Pro
Several virusnotifications keep appering:
Adware Look2Me
Backdoor.SdBot.aad are a few examples
Ewido or spybot finds them puts them in Quarantine and they reapear.
Its is also impssible to perform a Windows Update, open netbanking or restart the PC in save mode;

Regards
(translated from flemish)

[Fed]

First
Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options>Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Adaware
Spybot S&D
ANTI VIRUS
AVG Free
(After install, set Options to 'scan all files')
ANTI TROJAN
Ewido for W2K & XP
      or
A-squared aČ for 98 & ME
(Winall)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido or a-squared (aČ)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

Second

OK, then level the field by setting IE to the defaults.

1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Security tab
6. Reset all 4 security zones to Default
 
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Privacy
6. Restore 1 Default button
 
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Advanced
6. Restore 1 Default button

You may need to do the following as well
  
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. General tab
6. Remove cookies, temporary files and history

Kudos to Raptor.


Then tighten the screws up, you may want to print this out.

IE>Tools>Internet Options>Security>Internet>Custom Level

ActiveX controls & plug-ins
Download signed ActiveX controls
Download unsigned ActiveX controls
Run ActiveX controls and plug-ins
Initialize and run ActiveX controls and plug-ins not
marked as safe
Script ActiveX controls marked as safe for scripting
Set these to Disable
 
 
Microsoft VM
Java permissions
Set this to High Safety
 

Miscellaneous
Access data sources across domains
Allow META REFRESH
Display Mixed Content
Installation of desktop items
Launching programs and files in an IFRAME
Navigate sub-frames across different domains
Userdata persistence
Set these to Disable


Scripting
Active scripting
Scripting of Java programs
Allow paste operations via script
Set these to Disable
 
 
User Authentication
Logon
Set this to Prompt for user name and password
 
    
EI>Tools>Internet Options>Privacy>Advanced
Tick 'Overide automatic cookie handling'
Block to suit your needs (I block 1st & 3rd)
Tick Session Cookies


Last but not least, loosen the screws on your trusted sites.

IE>Tools>Internet Options>Security>Trusted Sites>Sites
Untick the 'Server Verification' box
Type in your trusted address as below
  *.computerhope.com
Press the Add button
Do this for trusted sites to enjoy the IE experience.

EDIT: If you don't have a firewall, GET ONE. Sygate is nice
http://www.comcen.com.au/~fed/sygate.zip

[Sammeke]

I have a USb keyboard. Will try to find a PS2.

[Fed]

The PS2 keyboard should solve the safe mode problem.
Don't forget the firewall.
We can deal with Win Antivirus later, get everything else right first.

[Sammeke]

I finally found a PS2 keyboard. Running Ewido now thenI will attempt to do a startup in safe mode.
Regards

[Sammeke]

I haved one all you wrote.According to AVG the PC is now virusfree.
A new problem as appeared. When we try to make an internet connection it says:
Tap driver is not ready.
We restarted the computer and then it worked again.
Win Antivirus Pro is still here and also something from a website called aenema(I think).
Netbanking is still not working.Windows Update is working )
Thanks.

Regards

[Fed]

You're nearly there, slip over to bleepingcomputer, follow the directions then come back & let us know how you went.
http://www.bleepingcomputer.com/forums/topic18610.html

[Sammeke]

I think I cried Victory a little to soon.Windows update is working until I have to install the updates.Then it says: updates failed:o(

[Fed]

I'd leave the windows update for the moment.
Hop over to bleepingcomputer & clean up vundo.

[Sammeke]

hopping  

[Sammeke]

 [smiley=dankk2.gif]

I ran the Vundo remover and I think it worked!!!!!!
You're wonderfull, THANK YOU  ever so much for all your trouble.
Dare I ask for some help with my connection,windows update and my netbanking? .........yes please  [smiley=embarassed.gif]

[Fed]

Start>Settings>Control Panel>Admin Tools>Services>...
Enable and start Automatic Updates and Background Intelligent Transfer Service
then click on the Windows Update menu item in your desktop menu system.

[Sammeke]

I did as you suggested.I manage to get into WU without problems now. WU finds the needed updates just fine
But when I try to install It does not work. It should install these components.

816093: Beveiligingsupdate voor Microsoft Virtual Machine (Microsoft VM)
KB832483: Beveiligingsupdate voor Microsoft Data Access Components
KB873374: Het detectieprogramma Microsoft GDI+
KB891861: Updatepakket 1 voor Windows 2000 Service Pack 4

Microsoft Office 2003
Office 2003 Service Pack 2

Now here in Belgium it is 2 o clock in the morning and I am going to bed, having horrible computer nightmares  .  Thank you for all your excellent advice. If it is day where you are, I wish you a very nice,sunny day. If it is evening a very nice evening. And if it is night like here, sleep well and sweet dreams. I hope to meet up with you tomorow?

Big hug

[Fed]

I've never had a problem like that with windows update, try updating & installing them one at a time, re-booting after each one.

Net Banking?
Try adding your bank url into your safe zone in the format described.

IE>Tools>Internet Options>Security>Trusted Sites>Sites
Untick the 'Server Verification' box
Type in your trusted address as below
  [highlight]*.mynetbank.com [/highlight] Change this to your bank.
Press the Add button

It's a sunny Sunday morning here in Sydney Australia, beer & B-B-Q day.

[Sammeke]

You must be an angel! Netbanking is working again!!!
I'm trying to do windows update now.

For my connection I'm using a Alcatel  Speed Touch Home ADSL modem.
It makes the connection, but apparently I have two LAN connections. At the bottom of the screen I see 3 connections. One says:
Enternet 300 (this is my modem) sending and receiving packages.
Then there is one called: LAN-connection wich is sending and receiving packages.
And then there is another called LAN connection 6 wich is sending nothing but receiving packages.
Al 3 have to make a connection or the browser will not work.
I checked in Sysgate and there are also two Explorers.

1.Internet Explorer Version 6.00.2800.1 inProgramFiles\Internet Explorer\
   IE Explorer.exe
2. WindowsExplorer Version 5.00.3700.6 in C:\WINNT\Explorer.exe

I have to allow both to get a functioning browser.

Here in Belgium its raining CATS and DOGS  
It has been like this for the last summer month.