[evilfantasy]

We havent done an actual virus scan yet so we should to that now.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
• Click Accept.
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

[MJM]

Love it.

Code:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Saturday, August 29, 2009
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Friday, August 28, 2009 23:24:24
 Records in database: 2699799
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	C:\
	E:\

Scan statistics:
	Objects scanned: 73364
	Threats found: 0
	Infected objects found: 0
	Suspicious objects found: 0
	Scan duration: 01:27:27

No threats found. Scanned area is clean.

Selected area has been scanned.

Cheers for the clean. BTW, where do you learn this ish? I know stuff, then google the specific removal, but as is evident, it's not always effecient.

[evilfantasy]

Looks good.

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[MJM]

Everything's up to date, software and windows included. I was confused as to how she got infected in the first place. Turns out BT did some remote computer controlling and made my sister turn off the firewall for that... then did have her reenable it. SO she was browsing around with no security for the day.
Awesome.

[evilfantasy]

Phone techs aren't always the best solution. They work from prepared scripts so it isn't always their fault.

Anyway glad it is back to normal.