Major Virus Problem

[bluecountry]

I was watching a hockey game on my PC, when my anti-virus (symnatec) alerted me to a trojan!

I have run several scans, tried to delete, but it still seems to be stuck in quarantine.

I have gone through and run Spyware scan/MBAM/HiJack this and posted those logs.

I cannot post my symnatec logs because they are .csv files....let me know if you need them PM/emailed.
Please, please let me know what is wrong, and what I can do to be cured.
Thanks!

[recovering disk space - old attachment deleted by admin]

[bluecountry]

Anybody?

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

[bluecountry]

Geez!   All I did was go to myP2P.com and click to watch a hockey game from one of the feeds, then this happens moments after!

Look, is my PC really infected at severe risk?  I do not want to reformat unless it absolutely has to be done, I do not know how to and it would just be a major, major, hassles, but if it is what has to be done, I will.
My preference is simply to clean up the PC and use it as I always did.
Are we even sure I have RAT?

Thanks for your post, please let me know the next step.
Again, I want to fix the PC and not reformat unless it absolutely must be done.

Is there anyway I can tell if my ID has/will be compromised and/or if RAT is currently on my PC, so I can rest easy?

[bluecountry]

Read the articles you linked, reformatting would be a royal pain which I do not want to do unless I have to.
So, how high a risk is it should I decide I do not reformat?
How likely is it that I have ID theft?

I mean, can we just fix this and get on, or just how at risk am with no reformat and how likely is it I have ID theft/what should I do in that regard?
I think my PC alerted and stopped the RAT within minutes.

[SuperDave]

I am required to inform the user any time I see evidence that your computer is/was infected by a backdoor trojan. If you use your computer for financial transactions, it can never be trusted again. The only way to restore it to where it can be safe again is a complete re-format and re-install. The choice is yours to make. Please let me know what course of action you want to take.

[bluecountry]

I want to go ahead and fix the PC.
I don't want to go through the hassle of backing up all my files, my music, then having to re-install everything.
Sounds like a pain in the *censored*.
I used my PC today to look at my bank statement, and it was fine.
I don't see why it can't be trusted, everything was quarantined, this just seems to be being over protecting.

I would like to go ahead and clean this PC up forget this ever happened.  What next?
Thanks!

[SuperDave]

I don't see why it can't be trusted, everything was quarantined, this just seems to be being over protecting.

As I stated before, I'm required to inform you. Now that you have made a decision, let's continue.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*******************************************************

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[bluecountry]

I have attached screen317

I ran TDSSKiller, did a scan.
It said:
" duration: 00:01:33
Processed: 270 objects.
Infections: not found"

I do not have a log from it.
Thanks for the advice man, what now?

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[bluecountry]

Thought I would update you as well on this.

About 3-4 times a day I get a pop up message from my anti-virus, symantec.
It says:

Updated virus protection files have been delivered and installed on your computer.

Symantec Endpoint Protection may now be able to repair the infected files in quarantine. 
The easiest way to check and eliminate viruses is to let Symantec Endpoint Protection do it automatically.

You can process the Quarantine items now, or scan them at a later time.  Do you want to continue?

Yes (recommended)
No

I click yes and next.

Then is says:

The following viral threats are quarantined

Name:                                                                                                           Virus Name
C:\Users\Trent\Appdata\Local\Temp\aesxrwnmoc.exe                                 Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\setup631134912.exe                          Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\setup22562224256.exe                      Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\setup2172912384.exe                        Trojan.Gen2

C:\Users\Trent\Appdata\Local\Temp\wmoearcsxn.exe                                  Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP2001202560.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\OERWNMCASX.EXE                               Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP2891177728.EXE                        Trojan.Gen2


C:\Users\Trent\Appdata\Local\Temp\SETUP1660496000.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP2307131200.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP2602375296.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP3432212800.EXE                        Trojan.Gen2


C:\Users\Trent\Appdata\Local\Temp\SETUP3826254848.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP4007217856.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP4093952512.EXE                        Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP4109405312.EXE                        Trojan.Gen2


C:\Users\Trent\Appdata\Local\Temp\SETUP609629184.EXE                          Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP73829120.EXE                            Trojan.Gen2
C:\Users\Trent\Appdata\Local\Temp\SETUP806497344.EXE                          Trojan.Gen2
C:\Users\Trent\Appdata\Local\uniyovuzi.dll                                                    Trojan.Zefarch

Click next to see if items can be repaired

I click next and a few minutes later I get this read:

Items in quarantine can not be repaired using the Virus Definition files that have just been delivered.

Leave the infected files in quarantine.  They are isolated from the rest of your system and can do no further damage.

As a safety precaution, scan all the disks you use, including floppies, to make sure you have found the source of the infection.

Then it offers me the choice of

Finish or Close.


This happens to me at least 3-4 times, everyday, and it is getting very annoying.
1)  Am I going to have to deal with this now through forever on my PC?
2)  Anyway I can clear all of these files?
3)  Is the files listed benign for the moment?

[bluecountry]

OK...I went and updated to Java update 24.

Problem?

I downloaded as told JavaRa 1.16.
I then went to remove older versions.
This is what I am told:

Finished searching for older versions of the JRE that were found on this system.
A logfile has been created on your system.
It is called JavaRa.log, and can be found on the main hard drive folder (C: for example).

JavaRa will now open it's logfile.

I click ok, nothing happens.

I search c drive, find nothing.

I rerun this 3 times, same thing.

So uh are the old javas gone and can I delete javara?

[SuperDave]

Anyway I can clear all of these files?

You should be able to go into Symantec and empty the quarantined folder

Is the files listed benign for the moment?

Yes. As long as they remain in the quarantined folder. You should contact Symantec for more help on this.

So uh are the old javas gone and can I delete javara?

Go ahead and go into Control Panel, Programs and Features and see if there are any old version below 24 there. If there are, uninstall them.
Don't forget to download and run ComboFix and post the log.

[bluecountry]

1) You should be able to go into Symantec and empty the quarantined folder
->So what should I do?  When I go into the quarantine log, it lists all these files.  All of them read "infected" as a status.
Should I just do nothing, and continue to receive this pop up daily?
OR should I restore/delete/rescan/export/add/submit/purge options (these are all my options)?

2) Go ahead and go into Control Panel, Programs and Features and see if there are any old version below 24 there. If there are, uninstall them.
Don't forget to download and run ComboFix and post the log.
Done, the old javas if they are here, I can not see or find them in control panel/programs/features.

HOWEVER, I cannot disable symantec.
I clicked the link you said.
When I right click on the symantec icon...I only have three options:
"open symantec endpoint protection, update policy, enable symantec endpoint protection (and that last option is shaded gray)"

There is NO option when right clicking to disable.

I went a step further, I went to "Status".
Here it has antivirus and antispyware protection AND proactive threat protection.
Both had green lights.
I clicked options for both, there it had a "Disable anti-virus and anti-spyware protection" choice but again it was shaded gray and I could not click.
It also had a "Disable threat protection" also in gray and unable to be clicked.

Why?
What now?

[SuperDave]

So what should I do?  When I go into the quarantine log, it lists all these files.  All of them read "infected" as a status.
Should I just do nothing, and continue to receive this pop up daily?
OR should I restore/delete/rescan/export/add/submit/purge options (these are all my options)?

I would say delete or purge.
Please run ComboFix even if you can't disable the AV.

[bluecountry]

So it is ok for me to go to the quarantine log and delete all those files?
I thought deleting would put them back in circulation and risk PC damage.

[bluecountry]

OK here are my logs.

I could not disable symantec.  It said if I didn't, I ran the risk of permanent PC damage.
Am I ok?

[recovering disk space - old attachment deleted by admin]

[SuperDave]

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
****************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*****************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[bluecountry]

1)  Did not have any ask programs under add/remove programs BUT
-did have ask folder under program files, deleted.

2) Had viewpoint media player under add/remove programs and uninstalled

3) Downloaded SysProt...followed instructions.
Was told: Failed to start service.  SysProt AntiRootkit needs to be run with admin privilages.
Had ok button to click.

Before clicking it, saw on my desktop a log file was created.

Hit ok...then was able to scan...this is the only log I found.


4) Should I delete hijack this/combofix/sysprot now?


[recovering disk space - old attachment deleted by admin]

[bluecountry]

It's jammed, the sysprot page is staying open, can't close it!
Why?
Had to restart PC.

[SuperDave]

Should I delete hijack this/combofix/sysprot now?

You can uninstall HJT. We'll clean up the rest afterwards.

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[bluecountry]

Thank you.

OK so..

1) Downloaded, ran, and posted rooter log

2) Deleted hijack this

3) Question:
-Aside from hijack this, should I delete rooter/combofix/spsprot (and if so for sysprot...how as I do not see it listed under "programs.")

4) Question 2:
-For the files in quarantine in symantec, should I just delete them/purge (this will not cause issues) or leave them as is?
Thanks.

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Aside from hijack this, should I delete rooter/combofix/spsprot (and if so for sysprot...how as I do not see it listed under "programs.")

4) Question 2:
-For the files in quarantine in symantec, should I just delete them/purge (this will not cause issues) or leave them as is?

You should never delete programs; you should uninstall them. We will deal with the other tools later when I'm satisfied your computer is clean. As for the files in symantec, you can purge them, if you wish. They're harmless in quarantine.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[bluecountry]

I have no purge option...I have a delete option.  I can delete all the files from quarantine with no harm?  If so, I will.

[bluecountry]

Scan was run, log posted...should I delete and remove ESET?

[recovering disk space - old attachment deleted by admin]

[SuperDave]

I can delete all the files from quarantine with no harm?  If so, I will

Yes.

should I delete and remove ESET?

As you can see from the ESET scan the one file infected was from a P2P site. I hope that you uninstalled Limewire.
If there are no other issues, let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
******************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[bluecountry]

Thanks!


1)  So my PC should be all clean and safe now?
2)  Confused about the firewall.
-I downloaded COMODO (and I excluded geek buddy....and checked off for optimum proactive defense and secure DNS servers)
-BUT...I soon got an alert that my windows firewall was turned off.  I turned it on...then uninstalled comodo...so I guess windows firewall is all I need?

Also...for some reason...since I turned on windows firewall, PC has run slower...why?  Cause-effect?

3) Should I delete/uninstall eset, rooter, and tfc (which I ran and completed)?
4) Spywareblaster and spybot search and destroy....I do not use windows explorer (mostly firefox)...plus I have Superanti-spyware AND Malwarebytes Anti-Malware.  Do I really need these two in this case?  Was thinking this would be too many programs and would slow down PC.

[SuperDave]

So my PC should be all clean and safe now?

Yes.

BUT...I soon got an alert that my windows firewall was turned off.  I turned it on...then uninstalled comodo...so I guess windows firewall is all I need?

Yes, that's normal because Windows doesn't recognize third-party firewalls. The Windows firewall is not much good because it doesn't block out-going traffic which is the most dangerous.

Also...for some reason...since I turned on windows firewall, PC has run slower...why?  Cause-effect?

Unknown but you should go back to Comodo for the extra safety.

Should I delete/uninstall eset, rooter, and tfc (which I ran and completed)?

Yes. Any tools that were not removed can be removed by yourself.

Spywareblaster and spybot search and destroy....I do not use windows explorer (mostly firefox)...plus I have Superanti-spyware AND Malwarebytes Anti-Malware.  Do I really need these two in this case?  Was thinking this would be too many programs and would slow down PC.

It's up to you. If you don't want them, don't install them. Either way then shouldn't slow down your computer. I run all of them with no problem on XP. They will take up hardrive space so if that's a problem for you, don't install them. SAS and MBAM are not full-time scanners unless you have the paid-for versions. You have to run the scans yourself about every week or so.

[bluecountry]

Thanks Dave!

1)  So I guess I should install Comodo...should I then also disable the windows firewall?

2)  Ran secunia and installed everything.
One problem.

They told me I had an outdated product:

Macromedia Flash Player 7.x   Macromedia Flash Player 7.x   7.0.19.0 (ActiveX)   Macromedia Flash Player 7.x
   
This installation of Macromedia Flash Player 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.0.19.0 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 10.x (ActiveX).

I have downloaded the new one from their link a few times, and yet when I re-run it they continue to flag me as having the old installed.
Why?


I also am told:

Installed on Your System in:
C:\Program Files\Google\Chrome\Application\10.0.648.205\nacl64.dll
   Google Chrome 10.x   Google Chrome 10.x   10.0.648.205   Google Chrome 10.x
   
This installation of Google Chrome 10.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 10.0.648.205, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 11.x.

Update Instructions:
Download

and

Mozilla Firefox 3.6.x   Mozilla Firefox 3.6.x   3.6.16   Mozilla Firefox 3.6.x
   
This installation of Mozilla Firefox 3.6.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 3.6.16, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 3.6.17.

Update Instructions:
Download


Installed on Your System in:
C:\Windows\ERDNT\cache\firefox.exe

Again, in both cases I already installed what they said.
Why is it doing saying I still need a re-do?

[SuperDave]

So I guess I should install Comodo...should I then also disable the windows firewall?

Yes to both questions.

I have downloaded the new one from their link a few times, and yet when I re-run it they continue to flag me as having the old installed.
Why?

Secunia is probably not kept up-to-date. The most important thing here is to make sure your programs are kept up-to-date.

[bluecountry]

Downloaded comodo.

1) I did not see any options to uncheck:
-"Install Comodo SafeSurf..",
-Make Comodo my default search provider"
-"Make Comodo Search my homepage" and
-uncheck any HopSurf and/or Ask.com options if you choose this one

-Is that normal?


2) I DID see these options:
-Comodo GeekBuddy (I choose to uncheck)
-Firewall only, Firewall Optimum, or Firewall Max (I choose Optimum)
-Comodo SecureDNS Server (I selected it)

-Did I make the right calls, if not, how to fix?
Thanks!

[bluecountry]

I installed spyware blaster but did not do spybot search and destroy.  After reading this site, I am novice with PC, and saw if I need to do hijack this it would interfere, and I just didn't want to make things more complicated.  OK?


Also, if in the near future I get a new PC, I take it no matter what I should]
1)  Get CCleaner
2)  Get SAS
3)  Get MBAM
4)  Get Comodo and disable any Windows or Apple firewall
5)  Get spyware blaster

First thing when I get the new PC, right?

Thanks again!

[SuperDave]

Also, if in the near future I get a new PC, I take it no matter what I should]
1)  Get CCleaner
2)  Get SAS
3)  Get MBAM
4)  Get Comodo and disable any Windows or Apple firewall
5)  Get spyware blaster

First thing when I get the new PC, right?

You don't need CCleaner. You can do the same thing by doing a disk cleanup regularly.
SAS and MBAM are not active programs unless you buy them. You can have them on your computer and make it a habit to update them and run them on a regular basis.
A third-party firewall is a good idea and spywareblaster is also a good idea.
I will lock this thread. If you need it re-opened, please send me a pm.