Windows XP Cleaning Procedure

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rafro007, Sep 24, 2008.

  1. rafro007

    rafro007 Private E-2

    Have followed procedure for removal of Malware type installer that creates message for Viruses Detected! message and hijacked desktop with the square icon in the center. No blue screen background; white instead. This procedure http://forums.majorgeeks.com/showthread.php?t=139313 worked perfectly and my computer is running better and better as time goes on. Thanks to whoever came up with this, (Major Attitude I presume) and at some point when I am working full time I'm going to send a donation. I do regular maintenance almost to the letter as described in the maintenance tips section already, and there is some helpful information there as well, but I do have some questions.

    My questions are as follows:

    1. I have had this one before, right after a complete format and install within a week, only with the blue screen and yellow lettering and it was much worse, so I wiped out my hard drive and reformatted/reinstalled XP again, (fortunately I didn't have anything important saved at that point so it wasn't a big deal to reinstall) but I have no idea what kind of anti-virus protection to use. Microsoft's Windows Defender is useless and the firewall slows it down too much, but at this point I don't want to have to reinstall XP again so I need some kind of effective AV protection. I have not visited any suspicious websites, however I am aware that this stuff can come in through something as seemingly innocent as MSN Hotmail or other supposedly "safe" sites. I've used Norton and McAfee in the past and found them to be ineffective and slow. Firewalls also slow down my system too much, so someone has told me that Firefox is less susceptible than Explorer to this type of Malware and I am wondering if I should just switch to Firefox for a browser?

    2. I was not able to download and use MGtools yesterday; today it downloaded and worked, so I ran it and have the logfiles ready to go but am unclear as to where to post and how--do I just cut/paste onto one of these forums or send in the complete file in a .zip file? I did run Hijackthis yesterday and removed several suspicious files and run programs, including the known .exe files in sys32 and temp folders in windows, but that did not cure the problem.

    This procedure really works if followed to the letter--it only took once for me and thank you very much! I would really like some ideas, though as to how to prevent this from happening again, and whoever comes up with crap like this should be found out and brought up on charges for malicious intent!

    One more thing--if this does happen again and I need to make a backup, will the backup include the virus or malware if I'm just saving important folders and files?

    Thanks,

    JFH
    Vancouver, WA
    USA
     
    Last edited: Sep 24, 2008
    rafro007, Sep 24, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi JFH and Welcome to Majorgeeks

    1. I would advise you to read this guide on How to Protect yourself from malware! as it has what applications many of us use here at Majorgeeks.

    Just a eg. I use AVAST for Antivirus, Spywareblaster to add known bad sites to the blocked lists of IE and Firefox which do stop these known bad site sand activeX exploits from running, as I have Vista and its Defender is much better than XPs I use that and the Vista Firewall, but a good Firewall for XP is PC Tools, and a antimalware program is Comobo BOClean.

    Yes Firefox does add some more protection as it doesnt allow ActiveX to be run which is where most IE issues and malware can come from, but dont rely on Firefox to keep you secure as its not from webpages all malware comes from.


    2. You add your logs to this thread and all information on how to do this is in the Read Me Guide at Step 3


    I would also advise keeping your Windows XP fully upto date always with any Service Pack ( SP3 at present ) and with any critical security updates from Windows Update.

    Yes if you backup your PC thats infected then the backup will also have the infection, but if its just important files and folders, then scan them with your AntiVirus before backing them up and you should be fine.
     
    DavidGP, Sep 25, 2008
    #2
  3. rafro007

    rafro007 Private E-2

    Thanks. I was under the impression that ActiveX was supposed to limit downloads due to threat by disallowing unknown license tags? At least that was my understanding. Should I disable ActiveX in the tools menu under internet options in explorer?
     
    rafro007, Sep 25, 2008
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Yes on ActiveX and limiting rouge security licence or unlicences files, but at times some can mirror legit files. To be honest I use IE daily and have not found the need with careful surfing and having Windows upto date and with some core security programs the need to disable ActiveX.

    SpywareBlaster is a great free application to block a large number of know activeX issues, this application doesnt run so doesnt add at more processes to your system, all it does is give you an easy way to add to the Privacy > Sites list of blocked/allowed websites, just needs running and updating once a week.
     
    DavidGP, Sep 26, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds