|
Posted by Malke on October 17, 2008, 7:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
joseph wrote:
> In Control Panel / Windows Firewall / Exceptions ; I am suspicious of the
> some of the programs that are Enabled. Some have names like Remote
> Assistant, Network Diagnostics for W XP, and Windows Live Messneger.
> There are 9 at the top of the list which worry me?
> There is a box with a check mark in and just the word 'ENABLE',,, no name
> of a Program.
>
> When I click on Edit they have names which I will now Copy. I don't know
> about enabling these places to have access to my PC, whether they are
> important for operation or some type of intrusion.
> (Remember the only name they have is 'ENABLE".)
> Here is what comes up when I Click on Edit.
> "You can allow comms with this Program from any pc, including those on the
> Interneet" <<< this is what I am worried about, especially the Explorer
> one as I had some problems that revolved around explorer,
> C:\WINDOWS\system32\vhr.exe
> C:\WINDOWS\system32\kvhmmtn.exe
> C:\WINDOWS\system32\jpqrwxq.exe
> C:\WINDOWS\system32\hnwtb.exe
> C:\WINDOWS\system32\flcsn.exe
> C:\WINDOWS\Explorer.EXE
> C:\Documents and Settings\Gary\xgw.exe
> C:\Documents and Settings\Gary\ipb.exe
> C:\Documents and Settings\Gary\cwiu.exe
>
> If you can tell me whether it is important to some programs I use to allow
> this access, or whether someone has snuck in!?
You're definitely infected. Take the machine off the Internet and any Local
Area Network and start cleaning.
Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.
http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions
You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html
When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.
Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ
| 
XML site map