K
Kayman
The most preferred action is to follow the advice as posted by Pegasus
(MVP).
"The only way to clean a compromised system is to flatten and rebuild.
That¢s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
http://michaelstevenstech.com/XPrepairinstall.htm
http://michaelstevenstech.com/cleanxpinstall.html
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows
If this is not an option through these Cleaning steps:
First, try to clean up your caches, Internet files and delete cookies by
doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Scan for malware.
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
The web site is in German but the MULTI_AV scanning tool is in English.
Anyway, go down to near of the bottom of the page and you'll see a box
titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see: Download
von www pctipp.ch and the link to download:
Once you've clicked this link, it will bring to:
http://www.pctipp.ch/index.cfm?pid=1411&pk=28470.
You will have to wait for a few seconds or so and the 'Download file'
window should appear - just follow the prompts to download Multi_AV.exe
If however the 'Download file' window does not appear don't panic, don't
click, don't do anything, just look for:
Der Download started in wenigen Sekunden automatisch.
Fall nicht, klicken Sie bitte -hier-.
Translated to English:
The download process is going to start in a few seconds.
If not, click -here-.
This should be pretty self-explanatory.
Additional Instructions:
http://pcdid.com/Multi_AV.htm
Ignore the links displayed within this site as they are not valid anymore
and have not yet been updated to current status.
Still no luck? Go to:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
New Year resolution
1. For day-to-day work/browsing operate as a 'normal' user i.e. utilize the
Limited User Account (LUA) and use the Administrator Account (AC) only
when absolutely necessary.
2. Secure, tighten up your Operating System (OS).
3. Keep your OS and all software on it updated/patched.
4. Reconsider usage of IE and OE.
5. Don't expose Services to public networks.
6. Use the in-build firewall and if applicable use a router.
7. Do not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC and
leave TCP/UDP ports 135, 137-139 and 445 closed.
8. Routinely practice Safe-Hex.
9. Routinely backup your data; Develop a Back-Up concept.
10.Familiarize yourself with 'flatten' and rebuild your OS.
11.Review your installed 3rd party software applications;
Remove clutter.
12.The beginners may wish to employ a real-time av application and utilize
some monitoring utilities developed by Bryce Cogswell and Mark
Russinovich.
Detailed elaborations pertinent to the above mentioned points can be
provided.
Read, comprehend and implement.