[Albert Lionheart]

Possible tester for Howard!
System used by youth for P2P share. Has picked up a scam advising virus found and should visit a site and download a fix for it. This has been avoided.
System running XPH SP2 and is patched, has Norton.
Also has a regular pop-up advising "Task Manager has been disabled by your administrator" - it hasn't. Also pop up advising of internet attack althought system is not attached to the net.
I have run Ccleaner and Hijackthis - both found bits and pieces but no cure.

Ideas, anyone?
thanks in advance.

[Howard]

Yes mate, it`s instructions time, as the system is obviously infected.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of Albert Lionheart only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Albert Lionheart]

htj log attached - will do the others over the weekend.
Don't forget I have had a go at this one already and have removed anything marked as even slightly dodgy.
cheers

PS - don't forget it is a rugby weekend!

thanks Tom - I had jumped to the wrong conclusion and assumed (to assume makes an '***' out of 'u' and 'me' [UPS doctrine statement]) that this was not a system based message. Back in a tick!

[Howard]

The HJT log shows various infections.

You should not be removing anything using HJT unless advised to do so.

Run HJT and click the config button, followed by the backups button. Select all entries and click the restore button and confirm. This will restore all removed entries from HJT so we can see exactly what the original HJT log contained. Reboot the system.

Once done, please follow the main instructions and post the requested log files.

Regards Howard

This thread is for the use of Albert Lionheart only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Albert Lionheart]

Howard - please could you either reinstate Tom's suggestion or send me a PM with the contents?
cheers

[Daveskater]

Don't worry about that mate, the "Task manager disabled" message can sometimes be fixed through HJT.

Restore all the backups and post the new log, and we'll take a look-see.

[Howard]

Albert:

Please just follow the instructions I have given you. I have pm`d tomrca and he is now aware of TST policy on malware advice.

You might also want to look at this thread HERE for info on just who is allowed to help in malware threads. There are very good reasons for this.

Regards Howard

[Albert Lionheart]

Youth's dad turned up today - he was not impressed with some of the stuff we found on the thing and as it turns out to have 2 HDDs in it we agreed to move the decent stuff to one of them and reinstall XPH onto the other. One day I will get to follow the procedures for real, but not this time! Thanks for the help Howard
On a serious not, although it is not my place to comment on what his Dad and I found on this machine - explains a lot about today's society's values.
If you were asked to fix a machine stuffed full of porn, what would you do about showing the parents if asked? Shall we have a poll? No, not a pole to dance round - be serious!

[Howard]

Finding a load of porn an a system, is probably the reason for the infections in the first place.

Depending on the age of the user, I would have to inform the parents.

Regards Howard

This thread is for the use of Albert Lionheart only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Albert Lionheart]

Another good reason for the reinstall of the OS was that it is clear that a whole load of windows files were not working properly - like that Gpedit.msc file which had vanished.

[evilfantasy]

Tell the that although you are sure their parenting skills are good you feel you should warn them about the things found on the computer. Make them aware that studies have shown that viewing porn at a young age is very similar to to a child experimenting with marijuana. It is a gateway to many many other more dark and sinister activities. No parent needs much more warning than that. All you can do is set the record straight and hope they handle it in the right manner.

More resources if needed.

Kids safety resources:

• Parent's Guide to MySpace.com
• National Cyber Alert System
• MyspaceSafety Tips.com
• GetNetWise
• 10 things you can teach kids to improve their Web safety
• NetSafeKids
• The F.B.I's Parent Guide to Internet Security
• Parent's Guide to Microsoft’s Windows Vista
• Parent's Guide to Xbox Live Online Gaming
• Ten Rules for Facebook

Free Parental Control Software

• KidRocket - Safe Web Browser for Kids.
• W3kids.com - Kid safe search engine.
• Glubble creates a trusted surfing environment for kids. Allows you to set sites that you trust for your kids.
• DirFile.com Free Parental Control Software.
• Crawler Parental Control provides you with comprehensive control of user activity on your computer.
• Naomi is an advanced internet filtering program, easy to use and totally free, intended for families, and kids in particular.

Commercially licensed Parental Control Software

• NetNanny
• CyberSieve
• NetDog
• WebAllow

[Albert Lionheart]

evilfantasy - if that is not a standard reference point for the forum, I suggest it should be.

[Howard]

I`m marking this thread as solved.

If you need this thread re-opened please contact a moderator or PM me.

Regards Howard

[evilfantasy]

Quote:

Originally Posted by Albert Lionheart

evilfantasy - if that is not a standard reference point for the forum, I suggest it should be.

Done, with extra info added. I had been working on that along with more information for a while now and have finally finished it to a point I am happy with.

Web, email, chat, password and kids safety