"Foistware" Results

[adagiau]

Attached are the logs from HJT and SDFix.  Thanks for everything!!!!!!!!!  I really appreciate it!!!!!!

[attachment deleted by admin]

[CBMatt]

I'm not seeing much.  Please follow the instructions here and post all of the requested logs...
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[adagiau]

CBMatt,
   Sorry for not being more specific--I just completed those steps and those were the last things evilfantasy instructed me to do, do you recommend I do anything else?  Oh, and is there any way to tell if I have the virtumonde virus by looking at those logs?  I took the computer into the Geek Squad and they told me that I had that virus, is there any way to tell if it's still there or gone??  If there's some way to avoid the $200 they'll charge me and the headache of being computerless, that would be wonderful.  Last question--which anti-virus program do you guys recommend?  I currently have Norton and it obviously didn't do anything for the problem(s) I had...   Thanks for everything, though!!!

[evilfantasy]

Original thread. http://www.computerhope.com/forum/index.php/topic,72543.msg473367.html#msg473367

If the computer is running OK we can finish up.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
- O20 - Winlogon Notify: req - C:\WINDOWS\

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"AlcxMonitor"=-
"Alcmtr"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

Run CCleaner and restart the computer.

----------

How is everything now?

[adagiau]

Things are very, very well!  After deleting those listed items from HJT and then running notepad.exe w/ the code, things are very well--I did receive a success message about adding the code to the registry, it said someting like "blah blah blah has been successfully added to the registry."    Thanks for everything!!!  I REALLY appreciate it!!!

[evilfantasy]

Sounds good.

Final steps.

Download OTCleanIt.exe and save it to your Desktop.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.