Re: Malicious Script
From: New York Knick (NewYorkKnick_at_discussions.microsoft.com)
Date: 06/20/05
- Previous message: Bob H: "Re: Sysclean contains VBS:Redlof"
- In reply to: Malke: "Re: Malicious Script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 19 Jun 2005 19:04:01 -0700
The problem has been fixed. Many thanks.
"Malke" wrote:
> New York Knick wrote:
> > Hi. I'm a newbie here and pretty much a computer novice so please bear with
> > me. I have a malicious script on my computer that I don't know how to remove.
> > I've tried ad-aware, Microsoft AntiSpyware and the Microsoft malicious
> > software removal tool but it's still on my computer. Norton AntiVirus hasn't
> > been able to get rid of it or even quarantine it, it just recommends to stop
> > running it. It identifies the thing as:
> > C:\documents and setup\all users\start menu\programs\startup\dceg.hta
> > Activity: Create TextFile
> > Object: FileSystem Object
> > I would really appreciate any advice on how to get rid of this annoying
> > thing that has made my computer incredibly slow and compromised its security.
>
> You need to do all your scanning work with updated tools in Safe Mode.
> Also, make sure your NAV is a current version using updated virus
> definitions.
>
> To get to Safe Mode, repeatedly tap the F8 key as the computer is
> starting. This will get you to the right menu to choose Safe Mode. Then
> go through these general malware removal steps:
>
> First delete all Temporary and Temporary Internet Files. For IE's
> Temporary Files, go to Control Panel>Internet Options>General tab.
> You'll see where you can delete cookies and files. For Firefox, clear
> its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
> Temporary files, Start>Run cleanmgr [enter]. Then follow these detailed
> malware removal steps, doing everything with updated tools in Safe Mode.
> You can find all the links to referenced programs and sites on my
> website here:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix or WinSockFix for XP - see links
> below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not install
> the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See the links on my
> website for a HijackThis tutorial and places where you can post your HJT
> log. Again, this is an expert tool and novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the Restore
> Points. With ME, you must disable System Restore completely. With XP,
> you can delete all but the most recent (presumably clean) System Restore
> point from the More Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Malke
> --
> MS-MVP Windows User/Shell
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic"
>
- Previous message: Bob H: "Re: Sysclean contains VBS:Redlof"
- In reply to: Malke: "Re: Malicious Script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
