Re: Dodgy Downloads
From: Malke (malke_at_nospoonnotreally.com)
Date: 10/16/04
- Next message: k0103707: "Safe mode"
- Previous message: Alex Nichol: "Re: Message Font"
- In reply to: badlam: "Dodgy Downloads"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 16 Oct 2004 07:38:30 -0700
badlam wrote:
> A mates computer seems to be infected with a virus of some description
> that kept disconnecting his internet provider and re-connecting to a
> premium line. I think I have cured this but now when he tries to surf
> using internet explorer it says that the site is forbidden in the
> access control list although there are no accesses set.
> Please help me.
Your friend's computer probably still has malware on it and quite
possibly his host file is compromised. Here are my general malware
removal instructions, followed by how to fix the hosts file:
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions;
2) remove spyware with Spybot Search & Destroy
(www.safer-networking.org) and Ad-aware (www.lavasoftusa.com). These
programs are free, so use them both since they complement each other.
You may also want to run CWShredder and HijackThis from
http://aumha.org/freeware.htm. Although CWShredder is no longer being
updated, it will still clean older variants of the CoolWebSearch
malware. If you do not have success with this, there are new removal
steps at http://www.silentrunners.org/sr_cwsremoval.html. A combination
of HijackThis and About:Buster (http://www.majorgeeks.com) works well
in removing homepage hijackers. Always read the instructions before
running a spyware removal tool. Be sure to update these programs before
running, and it is a good idea to do virus/spyware scans in Safe Mode.
Make sure you are able to see all hidden files and extensions (View tab
in Folder Options);
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update;
5) run a firewall.
Check the hosts files as follows:
1. In XP's Search preferences, set the files and folders handling to
Advanced, and then check the box that will make Search look in hidden
files/folders.
2. Now enter the search term "hosts" without the quotes.
3. You will get several hosts and lmhosts files. Double-click each one
to open it. When you do this, you'll get a Windows dialog box saying
that Windows cannot open this file, do you want to use the web or
select from a list to find the proper program. Choose "select from a
list" and highlight Notepad. Make sure the box to always use this
program to open this type of file is not checked.
4. Now carefully examine the file. Lines that begin with a # are
comments and don't count. Leave them alone. Unless you know you use a
proxy server to get to the
Internet or you added entries yourself, the only uncommented entry that
should be there is:
127.0.0.1 localhost
If you see any other entries, delete them and Save the file. Make sure
you scroll all the way down to the bottom of the window if there is a
scrollbar. Do this for each file you found. Now you should be able to
get to antivirus and spyware-fighting websites.
HTH,
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: k0103707: "Safe mode"
- Previous message: Alex Nichol: "Re: Message Font"
- In reply to: badlam: "Dodgy Downloads"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
