Dealing with Diskcleaner infection and others

Hi Bill
OK, Good news, nothing in the log
Here is what is left to do.


Run ATF while logged into both accounts, I'm not sure if ATF is Global.

We need to turn off and on system restore

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
Make a new restore point.

We Need to update Java.

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
   Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
3. If you are unable to update you can manually update by going here:
   • 
     http://www.java.com/en/download/manual.jsp
4. After the reboot, go back into the Control Panel and double-click the Java Icon.
5. Under Temporary Internet Files, click the Delete Files button.
6. There are three options in the window to clear the cache - Leave ALL 3 Checked
   • 
     Downloaded Applets
     Downloaded Applications
     Other Files
7. Click OK on Delete Temporary Files Window
   Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
8. Click OK to leave the Java Control Panel.
9. Delete older versions from Add/Remove list.

You can delete any tools you were asked to download, (Smitfraud, Combofix, SDFix, FixWareOut, KillBox RogueRemover) and any others I may have missed.There will be newer versions if ever needed again any way.

You NEED this machine updated to SP2 and all critical windows updates.

They also need to get rid of LimeWire, P2P file sharing is most likely where they picked up a lot of this garbage. and will have the same problem if they keep useing it.

Below are some recommendations


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
   
5. IE-SpyAd - puts over 23,000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all,
   and MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.
   
   
6. Install WinPatrol to prevent unknown applications from being inserted to start up on your machine
   
   Now just because you have security apps installed, they are useless unless updated regularly.
   
   
7. Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.
   
   
8. ATF Cleaner by Atribune.
   This program is for XP and Windows 2000 only, Cleans out temporary files all the garbage you collect while surfing the web.
   
   
9. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
   
10. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    
11. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

They also need a firewall installed, There are good free ones I'm sure you know.
Here is the one I use, Comodo, but it is your choice. as long as they have one.

http://www.personalfirewall.comodo.com/overview.html?currency=USD&region=North America&country=US

Let me know if any problems after a couple days of running the machine.

Good job Bill.

Surf Safely
Geri

 

Hi Bill
One other thing.
You should run a Defraf and CHKDisk that will help straighten out all the files that have been moved around.
It should be done once a month or so anyway.

Here is how, incase you need it. This will take a while to do so make sure you can leave it to run through the process.

# 1

Disk Cleanup

Click Start, Double click My Computer,
Right-click the disk in which you want to free up space,(C: Drive)
click Properties,
click the General tab, and then click Disk Cleanup.
After it calculates click OK.
Then Click Yes.

# 2

Defragment - Turn off virus protection and screen savers (if you have one running) It's best to do this in safe mode.

To turn off virus protection, right click on your virus protection icon down by the clock, click exit or close. click yes if asked if you want to close it.

1. Click Start, Double click My Computer.
2. Right-click the local disk volume that you want to defragment, (C: Drive) and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.

# 3

CheckDisk

1.Double-click My Computer, and then right-click the local disk that you want to check. (C Drive)

2.Click Properties, and then click Tools.

3.Under Error-checking, click Check Now.

4.Under Check disk options, select the Scan for and attempt recovery of bad sectors check box.

5.Click Start.

A window will open saying that it can not do chkdisk, will as if you want to run it the next time you restart your computer.
Select "Yes "

Click on "Start" click on Turn off computer, Click Restart.

Geri

 

Hi Geri,

At last this thing is cleaned, I really didn't think it would be possible. I had chkdsk, defrag, SP2 and clear system restore points on my list of things to do with it once it was cleaned up. I have Spybot, Adaware, Spywareblaster, AVG Antispyware and AVG antivirus on it now. I am going to install ZoneAlarm on it also as a firewall, since it's what I'm using on my machines. I'll check out the others you mentioned as well. I removed Limewire as one of the first things when I got it, I told her that was probably the source of most of the problems. I've already recommended using a 'for a fee' download service like WalMart or something in the future.

I've updated Java and deleted the temp files as suggested. I'm going to leave ATF on it and recommend that she use on a regular basis to clean things up too.

I really appreciate your time and efforts on this, I know it was a real mess. It is 100% better than it was when I got it, I just hope she keeps it that way.

I'm going to hang on to it for another day after everything is done to check it out myself before returning it. I'll post back and let you know if there are any problems.

Thanks again for all your time and effort on this,

Bill

 

Hi Bill
Glad to help out.

Geri

 

It looks like everything is ok with it, I have SP2 on it now and all updates available. It seems to be working just fine. I'm going to return it to my niece tonight. Thanks again for the help on this.