H Nass
There is no error message. When you double click on the icon it goes to the
egg timer for a few seconds then it dissappears and freezes. I did a CPU
check all programs are ok nothing running above 4-5%.
As for the rest of your message I am really sorry but I don't know what or
where Event Viewer is and I don't know how to open my HOSTS File or where it
is. I am great at running the software but not so good at anything else.
This is why I am on this forum trying to get help from someone who knows what
they are talking about. I need it explained in A B C step by step guides.
Sorry again for being a numpty.
Thanks
--
jackie
:
Hi Jackie,
Not a problem at all, about the IE been freezing do you have error message
or just take longer to download. ( try one approache at time and apply and
see what solve the issue)
- Hold down Ctrl+Alt+Del to see which Process take the Big Amount of CPU
usage 70-90% and try to see if this Process or Program is Legitimate one.
- Go o Event Viewer and look for *Red Crosses * and send them here if any.
- Could you open your HOSTS File and see if there is any reference for any
of the nasty website there and delete them and save the HOSTS file as is (
Not the one with the Extension HOSTS.SAM) ( C:\Windows\System32\drivers\ etc
.) here is an example for the HOSTS how it is looks like:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# (102.54.xxx.xxx)I change this leave yours as they are
rhino.acme.com # source server
# (38.25.73.xxx) I change this leave yours as they are x.acme.com
# x client host
127.0.0.1 localhost
be sure you are Clean from Malware and Viruses.
- Try the following link:
http://www.microsoft.com/windowsxp/using/web/sp2_addonmanager.mspx
If no joy try this:
- Start>Run>enter the following lines in the window one at a time, pressing
Enter after each one. You should see a message after entering each one that
it was registered.
regsvr32 Shdocvw.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll
Hope this helps
please write back here
nass
:
Hi Nass
Thanks again for your help. I will set all my security stuff to high as you
said. I only do an update and scan once a week. I will do it more often
now. Incidentaly I have another problem now. I'm not sure if it is related
or not. I have broadband and I can connect no problem. But when I double
click on Internet Explorer it freezes. I have to Ctr/Alt/Del for the Task
Bar to come up. It can take about 10 min. I have tried connecting and
disconnecting lots of times today and it is always the same. When a browser
page finally opens it allows me to open lots of pages no problem very fast.
I have even changed the Desktop Shortcut but it is still not working. Do you
think this is connected. My Browser opened in seconds before. Thanks again.
--
jackie
:
Hi jackie,
Yes you should Scan in safe Mode to be in the safe side.
About how it get to your Computer you may be allowed a bad site to download
a Cookie or malicious script on your computer and this allowed the pop up to
happen on your Browser. To be safe Try to set your Privacy to High and if you
have a website you trust assign it in the Trusted Site in the Security Tap by
going to Tools >> Internet options >> Security>> Trusted Sites and assign the
web address there.
This was first Step.
2)- The settings of your McAffee Firewall set it to High by Right Click the
McAfee Icon on your taskbar select Personal Firewall >> Sub-menu >> select
utilities >> Security Settings and sellect the right settings which protect
you from the internet intruders and read the help file with McAffe and update
regularly and scan at least twice a week for both Viruses and Malware.
3)Try to read the article on microsoft website on how to protect your
computer with best practices from this link
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
Try to clear your History, Cookies and Files and folders after you finish
suerf the net
to avoid Data Miners and bad Cookies code to stay on your computer.
4)-Do not open attachment from unkwon sender, just click delet and clear it
from your trash.
Hope this Helps
Good luck
nass
P.S is your computer come back as normal now or it is slow.
keep an eye and spot any suspecious activities by monitoring the packets
sent and packets received if the number sent near 60% of what you received
you should act and see which apps sending these packets.
:
Hi Nass
Did all but 1 of the things you said. Tried to find the Trojan file and it
said it no longer existed. Should I still run a scan in safe mode or do you
think that will be it finished.? PS how did this get on my computer with all
the stuff I have installed to prevent this from happening?
Thank you again for you help
--
jackie
:
Hi Jackie,
Try these links and see if you can get red of it.
please write back and let us know.
http://www.sophos.com/virusinfo/analyses/trojswizzoraw.html
http://www.spywareguide.com/product_show.php?id=2857
http://www.avast.com/eng/vps_history.html
1) Go to windows update and get all the latest security updates.
2) make sure your virus program is up to date - run online update
3) run a spyware scan first, adaware and or spybot (both is even better)
4) delete all your temp files. (c\windows\temp, c\ winnt\temp, c\ documents
and settings\your name\local settings\temp) - now empty trash.
5) Delete internet temporary files (in ie - open tools, internet options.
click "delete files", and remove all offline content)
6) Reboot to safe mode - restart pc and before windows picture shows up but
after the memory count, repeatidly press F8. Chose plain old "safe mode" from
list (this will be much slower than normal and look odd. Run a full scan on
your C: drive.
If it is still having problems - run HiJackthis and email or post a log.
Good luck.
nass
:
Hi Nass
Thanks for the help. I pop up blocker was already at medium. I have
Lavasoft Ad-Aware, Spybot -Search and Destroy, SpywareBlaster and McAfee. All
have been updated. I ran a full search with them all. The results were a
few Cookies. And wait for it...........A Trojan called Swizzor.gen I had 7
of them. I looked into what this Trojan does and it seems that this is my
problem cause these advert pages to pop up. It hides itself in other search
pages. McAfee was able to delete 1 and i managed to manually delete 5 but
there is one that is persistant and won't let me delete it, clean it, or
quarantine it. I have gone into the actual file and tried that way but it
still says it cannot delete as the file is being used or the disc is full.
No one is using the file and it is not on a disc so I think there may be
some kind of non destruct on this type of trojan. This is the file name in
full.
C:\Documents and Settings\Kimberley\Application Data\onlineproxy\skip axis.exe
What do I do now to get rid of this unwanted rubbish on by computer.
Thank you very much
--
jackie
:
Hi Jackie,
Your computer been infested by Malwares/Grayware and viruses,try to go tools
Internet Options >> Privacy Tap>> and set up Pop up Blocker to Medium by
clicking on Settings button besides Block pop ups, then try to scan for
Malwares in your Computer by download and scan from this links;
http://www.microsoft.com/security/malwareremove/default.mspx (scan on line
and Guide on how to protect your PC)
http://www.lavasoftusa.com/ (lavasoft SE Freeware)
http://www.download.com (download Hijack this and scan)
http://www.nasstec.co.uk/tools.html (Avert anti-virus scanner)
Please let us know
hope This help
Regards
nass
:
Hi
I am at a loss as to what has happened to my Computer. When I am on the
internet pages I have not searched for pop up just like a pop up. They are
