PA
Sun Oct 10 21:58:52 CDT 2004
Uninstall, Reinstall and re-LiveUpdate NAV 2004.
Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (
http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(
http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to
http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
"There is no 'silver bullet' solution."
http://go.microsoft.com/fwlink/?LinkId=33131
henrycortezwu@gmail.com wrote:
> I'm only using Windows Firewall, I have no 3rd Party Firewall software.
> NAV2004 has all the latest LiveUpdate, I keep updating it until it says
> something like your are currently up-to-date.
>
> Whenever I reboot, when Windows XP SP2 starts to load background
> programs at the systray, a security baloon would appear saying that my
> computer might be at risk because the NAV is turned off, click the
> balloon to solve the problem. Without touching, clicking anything, the
> baloon disappears, I believe NAV2004 autocorrects this problem?? Then
> when everything is loaded, a balloon will pop up saying that my
> computer might be at risk because the Windows Firewall is off. This
> time it stays this way until I click the balloon, click the
> "Recommendation" button, and switch Windows Firewall back on.
>
> Is there a log somewhere that I can post here for someone to view what
> programs/process has started, triggered, ran? Or some registry that I
> should check and verify to make sure everything is correct??
>
> I know this problem is not normal because I have the same setup in my
> 2nd computer and no Security Balloons pops-up.
> Awaiting for any help,
> Henry