# Virus infestation problem

Discussion in 'Windows - Virus and spyware problems' started by Kafka, Jul 29, 2013.

1. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
Happy that you figured out what was wrong with your USB drive. We can make suggestions here but it’s not like having the computer in front of you and knowing or realizing what has been previously done.

I have been working with computers for about 50 years and with Home PC’s since before there was an Internet and still haven’t came near the end of the line. LOL

I am going to be in and out for the next few weeks and won’t have a lot of time to spend on the computer so I am going to give you some things to think about so you can ask questions. I will tell you what I do to set a computer up for my customers for protection and backup but please don’t run out and buy a lot of stuff or download programs that may not benefit you. You must figure out what YOU need for YOUR situation first….

I never use a USB drive for backup unless it is something that is so important that I would cut my own throat if I lost it. And then I would back it up and put it in a safe somewhere, not leaving it hooked up for fear that a fire or lightning might take it away. Also they are too darned slow for large files. Remember, that does not mean you shouldn’t use a USB drive because that applies to my needs and not yours..

Also remember as we go along that there is no such thing as perfect security or backup systems. As my 8th grade English teacher beat into my head “Perfect is an absolute that cannot be achieved” as she was putting an “A-“ on my thesis that I had worked so hard on. She said it could be close to, almost, near or more perfect but Never Perfect! And I replied, “THAT SUCKS POND WATER!!!” After a week of detention I understood what she meant.. I think..

I have been following Eric the TweakHound for years using a lot of his suggestions and then putting my own twist on them to fit particular needs.
One of the major tweaks that he recommends is to separate your data from your operating system. This is done by redirecting the libraries to the data drive. This serves several purposes: The boot drive is the most likely to go bad or crash first since it is used the most and has the most ware and tare on it besides being the target for malware that can destroy it. Stuff Happens, so if you keep data separate you have less chance of loosing it.

We have plenty of time so, start by looking over this:

Tweaking by Eric the TweakHound and while you’re there, look over his site. It’s very informative.
For -> Windows 8

And for those who don’t have Win8 but are following this thread:
For -> Windows 7
For -> XP

After you have looked it over and done some reading, it will put us closer on the same page..

Also, you are decently secure with your router and Avast for now and I will give you some other things to tighten up your security to the “near perfect stage” just bare with me..

ddp said this and I must to beg to differ.
I don’t have to backup my data because it’s directed to and kept on another drive.
I keep nothing on my boot drive except the OS and applications. It makes an Auto backup image of the boot drive every day. That way, when the drive becomes infected, I simply go back a couple of days ago when it was uninfected and restore the image. If it crashes and I loose the drive, I stick in another drive and restore my last image….. Fixed in the time it takes to insert the drive and restore it. My machine takes about 8 minutes to perform a restore from an image. I even keep my desktop on my data drive so I don’t loose anything that was parked on it..

Good L.u.c.k. – Labor Under Correct Knowledge
2oG

2. ### ddpModeratorStaff Member

Joined:
Oct 15, 2004
Messages:
39,346
121
Trophy Points:
143
drives do go bye bye for whatever reason so should still save your data for just in case that data drive craps out. i have a clone of my c:drive from just after it was reinstalled, updated & all programs & data reloaded. i have another drive that i use just for my data that i redo every so often especially when i want copies of that data copied from my xp computer to my win7 computer.

3. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
Come on ddp, that could lead to a chain of events like; a backup of the backup of the backup. Where does it end and what color does a smurf turn when you choke him?

Like I said it depends on your personal needs and you must decide what your needs are. I have computers that I have 3 drives on that keep a running backup of the data as it changes. That also works for an online backup in a cloud using Acronis True Image.

A Toast: “May you have the hindsight to know where you've been, the foresight to know where you are going, and the insight to know when you have gone too far”

2oG

4. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
Hi Kafka,
I was intending to post this info for some time now but have been tied up with some things and just didn’t have the time except to stop by and harass ddp

Please let me know how you are doing with your computer and I hope that some of this stuff will aid you now or in the future.

IMHO, Yes! As I said, it protects you from disk crashes and malware infection that can destroy your Operating System… Most users do not need to backup as much as I do (every day) maybe once a week or even once a month.. And since you have your Data moved to the data drive, you should re-partition and reduce the size of your C drive so the backup will not take up very much space. That way if your drive crashes, you can slip in another drive that is the same size or larger than your C partition and restore to it. You cannot restore to a drive that is smaller.. Right now your C drive is 176GB and is only using 45GB of it. If you reduced the size to 75 or 80 GB for the C partition it would be sufficient and take up less space when backed up, then you could partition the rest of the disk for other use. I have several partitions on my boot disk, none of which are keepers. One is a secure partition for my virtual machine and another for downloading so that I can scan it before installing or moving it to a library.

There are 2 programs that I use and recommend for partitioning/ re-partitioning/ re-sizing, etc.:
Acronis Disk Director, 49.99
Partition MiniTool Free -> HERE.
MiniTool Review -> HERE
Great little Free program.. I use it often and most of my customers use it.

I have a 1TB Data drive that I split into two partitions. One for data libraries and one for C drive backups.
I use Acronis True Image 11 to schedule my Boot drive backup and it has a non-stop backup feature that I use to backup my data via my network to another computer. Acronis 11 or 12 are not available since ver 2013 came out and it has problems, too many bugs right now so I don’t recommend it.
What I recommend:
Most of my customers are using Macrium Reflect Free for C drive backup -> HERE and the Guide -> macrium/help
And using Acronis Lite 29.99 - 30day Trial -> HERE for non-stop backups of their data. This works on a USB or Network Drive.
Acronis lite Guide -> HERE.

I don’t know how you moved your data to your 2nd drive but,… I always use this method:
How to move your Libraries to another drive -> HERE
Any way that works is OK.

You said that your router wasn’t changing your IP address and that concerned me. I was thinking that maybe it did not have SPI firewall (different than a regular firewall that can stealth the ports, it blocks anything you did not request from coming in through the open port to the internet)
I had downloaded the wrong manual for your router but found the correct one &#61664; NetComm liberty Series 3G Wireless N150 guide -> HERE

On page 34 under System Security it shows where to turn on the SPI firewall. Double check and make sure Remote Management is Disabled, Deny ping from WAN is Enabled and the SPI Firewall is Enabled..

Looks something like this:

Code:
Remote Management (via WAN):  enable/Disable remote management on the WAN interface.

Deny ping from WAN interface: Select Enable to deny ICMP packets received on the WAN interface.
Otherwise, select Disable to allow ICMP packets received on the WAN
interface.

SPI Firewall:  Enable/Disable the SPI (Stateful Packet Inspection) firewall to improve
the security of your 3G Router.

For an extra layer of protection against Zero Day malware and exploits I install K9 web protection on all my customers computers:

K9 Web Protection is a FREE service. I say service because the way it works is the sites you visit are filtered through their servers as opposed to them being checked through something like a HOST File that’s installed on your computer. You install a driver on your computer, but the work is done remotely. The administrative control panel is actually a Web site your browser goes through to view sites and block or accept based on your lists.

How does K9 work?
K9 maintains a database of Web sites that contain malware, spyware, pornography, hate speech, violence, gambling and more than 60 other categories. When a computer user tries to go to a site that's in a category you want blocked, the "prohibited" screen appears and you are blocked from that site.
If a user tries to go to a Web site that the database hasn't seen before, it scans the content of the site for inappropriate material, and then either permits or prohibits the site (this process is called DRTR -- Dynamic Real-Time Rating). This happens so quickly the user doesn't realize its happening. New prohibited Web sites are added to the database.

One of the things I like about K9 is that you have no significant decrease in performance while you browse.
K9 is Free but you have to get a license for it.
http://www1.k9webprotection.com/get-k9-web-protection-free

When I install it
I set it up for the categories:
Spyware/malware
Spyware effects
Suspicious
Phishing

And Filter Secure Traffic in other settings…

Any questions? Please post and enjoy a happy computer..
2oG

5. ### scorpNZActive member

Joined:
Mar 23, 2005
Messages:
4,292
60
Trophy Points:
78
Is there any point in backing up c drive ? Are you frik'n kidding ! ,after how many days has been wasted in virus removal not to mention the wasting of 2olds time because you didn't have any backups & that includes others who don't backup & then want help,if you had a backup of c you would'nt need to have been here & would've been virus free in under 1-6hrs ,do you really want to spend how many days all over again doing this crap coz i'm sure 2old won't & certainly not after advising you to do so,perhaps you better read thru all the posts again how many members have said over & over again ,backup,backup,backup

*walks away axe in hand to chop somth'n for the next 2 hrs to cool down*

6. ### KafkaRegular member

Joined:
Nov 6, 2007
Messages:
145
1
Trophy Points:
28
The computer is working fine. I downloaded K9 as you suggested and also changed the settings in my Netcomm router as you also suggested, however even after doing this twice I can still see my IP address in WhatismyIP. I have also been unsuccessful in changing the size of my C: drive via MiniTool Free. It looks as though I have been successful after I click Apply but when I check My Computer nothing has changed. Am I completely incompetent?

7. ### ddpModeratorStaff Member

Joined:
Oct 15, 2004
Messages:
39,346
121
Trophy Points:
143
have you restarted the computer to see if the change in size happens during restart? your ipconfig address & IP address in WhatismyIP are both the same as mine is not?

Last edited: Aug 22, 2013
8. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
as ddp said probably need to reboot to make changes permanent.

9. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
I looked all over the guide for your router and did not come up with an answer.. or just missed it cuz i'm old and can't see.. LOL
Did you check the Minitool help guide? click help then contents..

10. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
That's another one that might take my 11 Foot pole.. Huh, ddp?

11. ### KafkaRegular member

Joined:
Nov 6, 2007
Messages:
145
1
Trophy Points:
28
I rebooted without success. I have sent a message to Netcomm so maybe they'll help.

I managed to shrink C: drive via Disk Management (I had no success in MiniTool) and I now have about 90gb shown as unallocated. I tried to allocate a drive letter but couldn't.

12. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
I know that MiniTool works on 32bit Win 8 - I've used it with success. I think maybe I threw something at you that your computer level is a little shy of.. sorry.

It will take some reading in the help guide and playing with it.. remember you can do what you want and then just discard and play with another item. It don't take hold until you Apply it...

I know it's nearly 3pm tomorrow for you but it's coming up 11:55 pm yesterday for me and I gotta hit the hay.. or sumptin.. have to see you later. just leave some posts and when I get up in the morning, will look over and try to help... )yawn.

13. ### KafkaRegular member

Joined:
Nov 6, 2007
Messages:
145
1
Trophy Points:
28
This is the reply I got from Netcomm re my router firewall:

"Thanks for your Call / Email to Netcomm Wireless.

Disabling any of the Firewall > System Security features will not stop you from not display on whats my ip as you are on the local side.

Please try ping the WAN ip from a remote location to confirm if ping is being denied."

I will have to run that through Google Translater. I'll look into the ping thing.

14. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
Yee Haa! They are doing it differently...

Send me a private message with your IP address that you got from configIP and I will ping you to check it out..

Click on the box to the right of My 2oldGeek name at the left of this message and send a private message....

15. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
Haven't heard from you in a while, Kafka.. How are things working out??

16. ### KafkaRegular member

Joined:
Nov 6, 2007
Messages:
145
1
Trophy Points:
28
Things seem to be fine. I use Todo Backup to run scheduled backups to my external hard drive and Allways to back up individual folders after I make any additions or changes. I shrunk the C: drive as you suggested which left me with a fair bit of unallocated memory, though I have been unable so far (using disk management) to give that memory a drive letter. I thought I could use it for a third backup.

17. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
If it's unallocated, you won't be able to assign a letter. only when you partition it..

18. ### KafkaRegular member

Joined:
Nov 6, 2007
Messages:
145
1
Trophy Points:
28
Thanks. I am finding that both Firefox and Chrome have become very slow to load pages. Could this be related to mu use of K9?

19. ### 2oldGeekActive member

Joined:
Jun 16, 2005
Messages:
3,701
39
Trophy Points:
78
Probably not, I have not seen K9 every slow anything down.
Post a HJT log and I'll see what's running.

20. ### KafkaRegular member

Joined:
Nov 6, 2007
Messages:
145
1
Trophy Points:
28
Here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:09 AM, on 29/08/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Users\Michael\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Michael\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
C:\Users\Michael\AppData\Local\Pokki\Engine\pokki.exe
C:\Windows\System32\UMonit.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {45564571-A21B-48ED-B584-69752EEE9C3D} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Enhanced Performance Keyboard] C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [UMonit] C:\Windows\system32\UMonit.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - Startup: Sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files\Allway Sync\Bin\SyncService.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

--
End of file - 7914 bytes