Vista Anti-Spyware hostile takeover

Daisy · May 23, 2011, 12:20:44 AM

P.S. Are you having fun yet?

YES, I'm having fun now....restarted the computer twice--once with a complete shutdown and manual restart and once with the automatic restart...no blocked programs window!!!!!!!!!!!!!!!!!

It was so odd, the window reporting that all those programs were blocked....it just doesn't seem to make sense to me.

So where next, uninstall Malawarebytes or what?

Corrine · May 23, 2011, 12:33:38 AM

YIPPEE!!!

No, I don't want you to uninstall MBAM. It is a good program to have on board. Let me go back to check you last log and see where we left off before addressing the start up problem.

Corrine · May 23, 2011, 12:46:48 AM

I knew I had mentioned earlier that there was something I needed to have you update. Your version of Adobe Reader is out of date and has had critical security updates. You can install the latest version of Adobe Reader from http://get.adobe.com/reader/

Please post back and let me know that your computer is working correctly now and then I'll post final instructions.

Daisy · May 23, 2011, 01:14:23 AM

Seems to be working fine. I do have some questions but will ask you when you are finished. Got the Adobe Reader downloaded. I appreciate that.

Corrine · May 23, 2011, 01:31:07 AM

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

You have Microsoft Security Essentials installed as your antivirus program. If you don't have the Windows Vista Firewall turned on, please do the following:

-- Open Windows Firewall by clicking the Start button, clicking Control Panel, clicking Security, and then clicking Windows Firewall.
-- Click Turn Windows Firewall on or off. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
-- Click On (recommended), and then click OK.

To check if your system is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications

Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Now let's see your questions.

Daisy · May 23, 2011, 01:59:13 AM

As for the Secunia scan, Adobe Flash Player is insecure and needs to be updated, download link is there. Run or Save? (I never know.)

Daisy · May 23, 2011, 03:17:12 AM

OK, here are the questions.

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal. I will do that.

I saved The Adobe Flash Player update. Should I have run it? What is the difference?
The Firewall is on.
Shall I run Secunia periodically?
Would SpywareBlaster be in addition to Malawarebytes and Microsoft Security Essentials? Any conflicts with that?
Would WinPatrol be in place of something else on the computer? Would something have to be removed?
Does Java update automatically?
What programs would I need to run myself on a regular basis? Malawarebytes?
I still have ComboFix, dds.scr, JavaRa files/icons on my desktop. Can they be deleted?
I cannot find the landzdown information page I saw when I first joined, telling how the group formed and who you are. I would like to share with my son.

Finally, not related to anything we have done. In the lower right corner of the screen where I have "safely remove hardware, computer status, Realtek, Intel graphics, network, volume" and then the clock—I thought I used to have my printer icon there too, but it is no longer there. Is it possible to have it there? It's helpful when I'm printing something and I want to stop it.

I want to offer my sincere thanks for your incredible patience, time, and expertise in walking me through this. You are right, I do have a better understanding of the computer. Do you enjoy this work? Is it like solving a puzzle? In the beginning, my stomach was in a knot, really! My deepest appreciation for all you did.

Corrine · May 23, 2011, 02:53:16 PM

Hi, Susan.

QuoteI saved The Adobe Flash Player update. Should I have run it? What is the difference?

I prefer to save files that I am downloading from the Internet. I designate where the file is to be saved (my downloads folder) and periodically delete the files. In fact, after installing the downloaded program, it is fine to go back and delete the installation file. See Run vs. Save - Downloading any program or file from internet Tricks and Troubleshooting.

Have you installed the Flash Player update?

QuoteShall I run Secunia periodically?

Yes. Once a month should be sufficient.

QuoteWould SpywareBlaster be in addition to Malawarebytes and Microsoft Security Essentials? Any conflicts with that?

Yes, SpywareBlaster would be in addition to MBAM and MSE. It will not conflict with either (good question!). Here's a tutorial from Bleeping Computer: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.

QuoteWould WinPatrol be in place of something else on the computer? Would something have to be removed?

WinPatrol is a supplement to your computer security. The features listed below are among the reasons I use WinPatrol, described more fully at the WinPatrol Features page:

Delay Startup Programs
Warn if AutoUpdate Status Changes
Track Date/Time Programs are First Detected
Prevents Changes to File Type Associations
Keylogger Detection
Kill Multiple Tasks in One Step
Twenty Thousand Program Descriptions
Disable Vulnerable Active X Controls

QuoteDoes Java update automatically?

You should see an indicator in the system tray when Java has an update. However, I've observed that it is rather slow at providing update notifications. Running Secunia periodically will notify you if you have an out-of-date version of Java installed.

QuoteWhat programs would I need to run myself on a regular basis? Malawarebytes?

Yes, MBAM needs to be updated prior to running a scan of your computer. As long as your computer doesn't seem to be having problems, a quick scan every week would be a good idea.

QuoteI still have ComboFix, dds.scr, JavaRa files/icons on my desktop. Can they be deleted?

The ComboFix icon shouldn't be on your desktop any longer. Did you run the uninstall instructions I provided? You can remove the other icons.

QuoteI cannot find the landzdown information page I saw when I first joined, telling how the group formed and who you are. I would like to share with my son.

I expect you mean the very old Welcome to The LandzDown Forum! post. We've certainly come a long way since 2005!

QuoteFinally, not related to anything we have done. In the lower right corner of the screen where I have "safely remove hardware, computer status, Realtek, Intel graphics, network, volume" and then the clock—I thought I used to have my printer icon there too, but it is no longer there. Is it possible to have it there? It's helpful when I'm printing something and I want to stop it.

In looking at your installed programs, I see Kodak EasyShare but that appears to be for uploading pictures. I don't see a printer listed. Doesn't the icon show up when you queue something to the printer? That is the way my software works.

QuoteI want to offer my sincere thanks for your incredible patience, time, and expertise in walking me through this. You are right, I do have a better understanding of the computer. Do you enjoy this work? Is it like solving a puzzle? In the beginning, my stomach was in a knot, really! My deepest appreciation for all you did.

You are very welcome.

Yes, it is often a bit about solving a puzzle. The best part is not only helping someone regain control of their computer but also sharing information.

Now that you've found us, Susan, stop in any time.

R-C · May 23, 2011, 07:51:01 PM

yipppeeee!! wow what great work and a great team effort. Daisy you impressed me!
Now you can come on over to the landzdown lounge and play a game and relax!

Daisy · May 23, 2011, 10:08:34 PM

I don't know if Adobe Flash Player update is "installed" or not. When I go to Program Files--Adobe, there are 3 things listed: Adobe Acrobat, Reader 9.0, and Reader 10.0. Are they both installed, and if so, can I delete 9.0? I feel really dumb.

I'll check out SpyBlaster and WinPatrol and probably will install both. Thank you for the recommendations.

The ComboFix file on desktop has two things in it: pev (listed as an application) and snapshot.00.dat. I did the uninstall for ComboFix and saw the little progress bar go all the way across. I also have a ComboFix log in the notepad.

As for the printer, it does not come up in the System File when I print. Kodak EasyShare is for one of those picture frames which I have gotten rid of so I could uninstall that. I'm not going to worry about the printer issue since everything is really working so well.

Also have something called CybDefInstallInfo--was that from our work?

Finally, ESET Online Scanner is in the program files too. Is that good to keep?

Thanks for helping with the clean-up.

winchester73 · May 23, 2011, 11:00:33 PM

Regarding Flash Player, go here and see what version it tells you is installed: http://www.adobe.com/software/flash/about/

Corrine · May 23, 2011, 11:31:30 PM

Hi, Susan.

You didn't have Adobe Acrobat installed before. This is what you had & it was Adobe Reader that you needed to update:

QuoteAdobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5

You can delete the ComboFix from your desktop as well as the log in notepad.

Go ahead and delete CybDefInstallInfo. Cyber Defender is a "potentially unwanted program" (often referred to as PUP). It appears you had it installed on your computer at one time but it is not showing up in the installed programs list.

You can uninstall the ESET Online Scanner from Add/Remove Programs. If it is needed at some time in the future, it would be better to download a new copy since the engine may have changed by then.

You're welcome. I'm happy I was able to solve the problems (finally :) ). Let us know if you have any other questions.

SpyDie · May 24, 2011, 03:38:39 PM

Quote from: Corrine on May 23, 2011, 02:53:16 PM
Yes, it is often a bit about solving a puzzle. The best part is not only helping someone regain control of their computer but also sharing information.

It used to be an easy puzzle to solve, at one point, I seem to remember!

Corrine · May 24, 2011, 04:10:21 PM

Indeed, especially for the Jedi Master. ;)

Daisy · May 26, 2011, 02:07:59 AM

Corinne, I haven't dropped out of here, just got overwhelmed at work and too tired to think. I'll get back to this in the next few days, maybe even tomorrow. I know I still have a few loose ends to tie up. Again, thank you so much for all the time and patience. I'm so glad I found landzend. What a tremendous resource.