Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected With Trojan.vundo - It Is A Stubborn One...help! ...pleas

Started by mtl_grrl , Apr 11 2007 08:48 PM

  • Please log in to reply

#1
mtl_grrl
Posted 11 April 2007 - 08:48 PM

mtl_grrl

    New Member

  • Member
  • Pip
  • 1 posts
Hi there,

I've been infected with Trojan.Vundo. As many other prople have said, Norton Antivirus is useless. I ran their scan did everything they said to do but no luck. I researched it on your site and installed VundoFix. I ran it in safe mode and it found the file but could not delete it...even after the reboot. i THEN TRIED VirtumundoBeGone. Didn't work either.

Now I have started to get popups in Internet Explorer and my system is extremely slow.

I do hope that you could help me because I am at my wits end!!

Thanks in advance,

I have enclosed the HJT log as well as the VBG log.

Here they are:



VBG


[04/11/2007, 20:06:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dira\Desktop\VirtumundoBeGone.exe" )
[04/11/2007, 20:06:15] - Detected System Information:
[04/11/2007, 20:06:15] - Windows Version: 5.1.2600, Service Pack 2
[04/11/2007, 20:06:15] - Current Username: Dira (Admin)
[04/11/2007, 20:06:15] - Windows is in SAFE mode.
[04/11/2007, 20:06:15] - Searching for Browser Helper Objects:
[04/11/2007, 20:06:15] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:06:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:06:15] - BHO 3: {21CEBE6B-DFF5-45EF-956C-715C336D7540} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\mllmm
[04/11/2007, 20:06:15] - Found: HKLM\...\Winlogon\Notify\mllmm - This is probably Virtumundo.
[04/11/2007, 20:06:15] - Assigning {21CEBE6B-DFF5-45EF-956C-715C336D7540} MSEvents Object
[04/11/2007, 20:06:15] - BHO list has been changed! Starting over...
[04/11/2007, 20:06:15] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:06:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:06:15] - BHO 3: {21CEBE6B-DFF5-45EF-956C-715C336D7540} (MSEvents Object)
[04/11/2007, 20:06:15] - ALERT: Found MSEvents Object!
[04/11/2007, 20:06:15] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 20:06:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 20:06:15] - BHO 5: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 20:06:15] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 20:06:15] - BHO 6: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 20:06:15] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 20:06:15] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 20:06:15] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 20:06:15] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 20:06:15] - Finished Searching Browser Helper Objects
[04/11/2007, 20:06:15] - *** Detected MSEvents Object
[04/11/2007, 20:06:15] - Trying to remove MSEvents Object...
[04/11/2007, 20:06:16] - Terminating Process: IEXPLORE.EXE
[04/11/2007, 20:06:16] - Terminating Process: RUNDLL32.EXE
[04/11/2007, 20:06:16] - Disabling Automatic Shell Restart
[04/11/2007, 20:06:16] - Terminating Process: EXPLORER.EXE
[04/11/2007, 20:06:17] - Suspending the NT Session Manager System Service
[04/11/2007, 20:06:17] - Terminating Windows NT Logon/Logoff Manager
[04/11/2007, 20:06:17] - Re-enabling Automatic Shell Restart
[04/11/2007, 20:06:17] - File to disable: C:\WINDOWS\system32\mllmm.dll
[04/11/2007, 20:06:17] - Renaming C:\WINDOWS\system32\mllmm.dll -> C:\WINDOWS\system32\mllmm.dll.vir
[04/11/2007, 20:06:17] - File successfully renamed!
[04/11/2007, 20:06:17] - Removing HKLM\...\Browser Helper Objects\{21CEBE6B-DFF5-45EF-956C-715C336D7540}
[04/11/2007, 20:06:17] - Removing HKCR\CLSID\{21CEBE6B-DFF5-45EF-956C-715C336D7540}
[04/11/2007, 20:06:17] - Adding Kill Bit for ActiveX for GUID: {21CEBE6B-DFF5-45EF-956C-715C336D7540}
[04/11/2007, 20:06:17] - Deleting ATLEvents/MSEvents Registry entries
[04/11/2007, 20:06:17] - Removing HKLM\...\Winlogon\Notify\mllmm
[04/11/2007, 20:06:17] - Searching for Browser Helper Objects:
[04/11/2007, 20:06:17] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:06:17] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:06:17] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 20:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 20:06:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 20:06:17] - BHO 4: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 20:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:17] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 20:06:17] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 20:06:17] - BHO 5: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 20:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:17] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 20:06:17] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 20:06:17] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 20:06:17] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 20:06:17] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 20:06:17] - Finished Searching Browser Helper Objects
[04/11/2007, 20:06:17] - Finishing up...
[04/11/2007, 20:06:17] - A restart is needed.
[04/11/2007, 20:06:32] - Attempting to Restart via STOP error (Blue Screen!)

[04/11/2007, 20:08:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dira\Desktop\VirtumundoBeGone.exe" )
[04/11/2007, 20:08:16] - Detected System Information:
[04/11/2007, 20:08:16] - Windows Version: 5.1.2600, Service Pack 2
[04/11/2007, 20:08:16] - Current Username: Dira (Admin)
[04/11/2007, 20:08:16] - Windows is in NORMAL mode.
[04/11/2007, 20:08:16] - Searching for Browser Helper Objects:
[04/11/2007, 20:08:16] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:08:16] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:08:16] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 20:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:08:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 20:08:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 20:08:17] - BHO 4: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 20:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:08:17] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 20:08:17] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 20:08:17] - BHO 5: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 20:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:08:17] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 20:08:17] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 20:08:17] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 20:08:17] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 20:08:17] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 20:08:17] - Finished Searching Browser Helper Objects
[04/11/2007, 20:08:17] - Finishing up...
[04/11/2007, 20:08:17] - Nothing found! Exiting...

[04/11/2007, 22:54:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dira\Desktop\VirtumundoBeGone.exe" )
[04/11/2007, 22:54:09] - Detected System Information:
[04/11/2007, 22:54:10] - Windows Version: 5.1.2600, Service Pack 2
[04/11/2007, 22:54:10] - Current Username: Dira (Admin)
[04/11/2007, 22:54:10] - Windows is in NORMAL mode.
[04/11/2007, 22:54:10] - Searching for Browser Helper Objects:
[04/11/2007, 22:54:10] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 22:54:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 22:54:10] - BHO 3: {0AAD203D-7709-49CA-BB65-4B1DAA9B83E7} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\ddabb
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\ddabb, continuing.
[04/11/2007, 22:54:10] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 22:54:10] - BHO 5: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 22:54:10] - BHO 6: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 22:54:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 22:54:10] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 22:54:10] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 22:54:10] - Finished Searching Browser Helper Objects
[04/11/2007, 22:54:10] - Finishing up...
[04/11/2007, 22:54:10] - Nothing found! Exiting...





Here's the HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 10:38:20 PM, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dira\Desktop\VundoFix.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.h...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168708220390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168793907562
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Edited by mtl_grrl, 11 April 2007 - 08:56 PM.

  • 0

Advertisements

#2
Crustyoldbloke
Posted 12 April 2007 - 03:40 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello and welcome to Geeks To Go

Some malware has the ability to hide when interrogated by HijackThis; I believe this may be true in your case. Please right click on hijackthis.exe and rename it to crusty.exe

Now please rescan with the newly named file and post the log into this thread by using the ADD REPLY button on the bottom right of this post, and I'll have a fresh look.

From now on, you will have to use crusty.exe to produce a HJT log.

Please ensure that you post logs created in normal mode only.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP