Having problems with opening regedit, taskmanager, msconfig

Discussion in 'malware problems & news' started by Mercury, Jul 18, 2004.

Thread Status:
Not open for further replies.
  1. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    Hey everyone. I am having the same problem with not being able to open regedit, task manager, or msconfig. I'm running XP pro. i went into safe mode and disabled some of apps that were starting when Windows started. Also, the system config utility, that says some things have been changed ( then you check the box so that it doesn't pop up again when Windows restarts) that box comes up for a second then disaapears. Any ideas? I downloaded Hijack This and here is the log:


    Logfile of HijackThis v1.98.0

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\uptodate.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\Program Files\Common files\updmgr\updmgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\VMYGPMFXK.EXE
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    S:\Downloads\Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=136978
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skatespots.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.7
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.skatespots.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.7
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
    O2 - BHO: CDnsRepObj Object - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
    O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL
    O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Yahoo Instant Messenger] VMYGPMFXK.EXE
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
    O4 - HKCU\..\RunOnce: [Yahoo Instant Messenger] VMYGPMFXK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/1kn0wM.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    You have a lot of malware... I suggest you proceed as follows:

    Run an online virus scan at Panda Active Scan

    Next, download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/

    After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.

    Now do the following:

    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    check: "Unload recognized processes during scanning."

    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    Check: "Let Windows remove files in use after reboot."

    Press "Scan Now"

    - Check option "Use Custom scanning options"
    - Check option "Activate In-Depth Scan"
    - Press "Select drives\folders to scan"
    - Select the active partition which is usually C:

    Now press "Next" to let Ad-aware scan your drives...
    It will find a number of "bad" files and registry keys.
    Right-click in that pane and choose "select all"

    Now press "Next" again.
    It will ask you whether you'd like to remove all checked items. Click OK.

    Finally, close Ad-Aware, and reboot.
    That ought to get rid of most of your spyware.

    When you've done all that, restart your computer, re-run Hijack This, and show us a fresh log.
    There will be more to do!

    Cheers,
     
  3. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    i scanned it with Norton Antivirus already. But i tried the anit virus you suggested and i got a TEMPORARILY OUT SERVICE page. I'll keep trying with Panda and then run ad-aware. Does it matter if i used Spy-bot already? Thanks. Ill post the log then.
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    It doesn't matter that you already ran SpyBot. Scan with an updated Ad-Aware, reboot, then post a fresh log, and we'll take care of the rest.
     
  5. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    here's the new log:


    Logfile of HijackThis v1.98.0

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\VMYGPMFXK.EXE
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    S:\Downloads\Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skatespots.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.7
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.skatespots.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.7
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Yahoo Instant Messenger] VMYGPMFXK.EXE
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\RunOnce: [Yahoo Instant Messenger] VMYGPMFXK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/1kn0wM.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    Start your computer in Safe Mode (it may help if you print this out), and delete the C:\WINDOWS\System32\VMYGPMFXK.EXE file.

    NOTE: To avoid the risk of it not being found due to it having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show.

    Next, still in Safe Mode, run Hijack This, and have it fix these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.7

    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Yahoo Instant Messenger] VMYGPMFXK.EXE
    O4 - HKCU\..\RunOnce: [Yahoo Instant Messenger] VMYGPMFXK.EXE

    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/1kn0wM.cab

    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll



    Now start your computer normally, and please post a fresh log.
     
  7. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    thanks for all your help. Regedit, MsConfig, and Task manager all work. What seemed to be the problem, i mean where in the Hijack log did u see a problem? Here's the new fresh log:

    Logfile of HijackThis v1.98.0
    Scan saved at 3:44:23 PM, on 7/18/2004

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    S:\Downloads\Programs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skatespots.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.skatespots.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab



    thanks again for your help!
     
  8. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    There are a number of worms that have the ability to do that, and your culprit was VMYGPMFXK.EXE, probably a SpyBot worm variant.

    Your log is clean, so you're good to go now! :)
     
  9. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    is it wise to unistall SpyBot then, and just use Ad-aware whne checking for spyware
     
  10. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    No, you should leave both installed; they complement each other very well.

    Just make sure you run each application separately, not both at the same time.
     
  11. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    thanks again for all the help. could this worm been a result of porn sites or auto installers or dialers
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    As you omitted to post the Hijack This header, I can't determine whether you're indeed running the latest version of Internet Explorer; if you aren't, you should upgrade immediately, and then install ALL critical updates on offer at the Windows Update site.

    There are a great number of exploits that make use of vulnerabilities in unpatched versions of IE.

    And here's some more reading on prevention you may find useful:

    So how did I get infected in the first place?
     
  13. Mercury

    Mercury Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    12
    Location:
    United States
    thanks for all the help and for responding so quickly! :D
     
  14. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,258
    Location:
    The Netherlands
    You're very welcome! :)
     
Thread Status:
Not open for further replies.