Hi, we have recently encountered a problem with our PC. when we connect to the internet we now get a lot of unwanted pop ups and the homepage has changed to something that we didn't request. Also, out virus scan (McAfee V8) keeps finding 'potentially unwanted programs' and a trojan. It deletes the trojan and 'quarantines' the files as they cannot be deleted. Now, the virus scan will continue to pick up these files, including the deleted trojan. I have tried to delete the files manually, some I can't find and the others I cannot delete as they are either locked or in use. Is there anyway to get these off the machine or will we have to do a system restore?
Please help ...
Andrew,
How current is your virus protection? Try these free online virus scans, to
complement McAfee:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan/com/activescan_principal.htm>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional carriers of infection.
Have you downloaded these programs before? Download them again, as many are
revised frequently, to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.
First, download LSP-Fix and WinsockXPFIx from <
http://www.cexx.org/lspfix.htm>,
and CWShredder from <
http://www.majorgeeks.com/download4086.html>. All are
free.
Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.
Now check for, and remove, spyware. Get HijackThis
<
http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<
http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log.
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it here):
<
http://forums.net-integration.net/>
<
http://forums.spywareinfo.com/>
<
http://forums.tomcoyote.org/>
<
http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <
http://www.accs-net.com/hosts/get_hosts.html>
Hostess <
http://accs-net.com/hostess/>
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
