Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake Windows Security Center [CLOSED]


  • This topic is locked This topic is locked

#1
Zuarfia

Zuarfia

    New Member

  • Member
  • Pip
  • 7 posts
Hello, I have not found a fix for this one, and I'm about to rip my hair out over it! Could someone please help thanks =)

I'm currently having a problem where a fake windows security centre pops up, when I double click it it says to install "SystemErrorFixer" "SystemDefender" and "SysCleaner" which are known spyware programs (I googled it up). I also get balloons saying that there are stop errors, also getting random "memory at ____ cannot be read" errors.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:51 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O20 - Winlogon Notify: dsgkvuai - C:\WINDOWS\SYSTEM32\dsgkvuai.dll
O23 - Service: Microsoft DDE+ server (30d8683f) - Unknown owner - C:\WINDOWS\system32\.30d8683f\30d8683f.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 2647 bytes



Thanks for any support guys, I really appreciate the work you do here! :)

Edited by Zuarfia, 23 April 2008 - 04:27 AM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O20 - Winlogon Notify: dsgkvuai - C:\WINDOWS\SYSTEM32\dsgkvuai.dll
O23 - Service: Microsoft DDE+ server (30d8683f) - Unknown owner - C:\WINDOWS\system32\.30d8683f\30d8683f.exe (file missing)


Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop 30d8683f
sc delete 30d8683f
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\SYSTEM32\dsgkvuai.dll
C:\WINDOWS\system32\.30d8683f\


1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
Zuarfia

Zuarfia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
HJT:
HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:57 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Desktop\wowclient-downloader.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O20 - Winlogon Notify: dsgkvuai - dsgkvuai.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 2915 bytes

COMBOFIX:

ComboFix 08-04-22.5 - Owner 2008-04-24 17:38:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.300 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-24 17:32 . 2008-04-24 17:34 <DIR> d-------- C:\Program Files\AEVITA Wipe & Delete
2008-04-24 17:32 . 2008-04-24 17:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AEVITA
2008-04-23 19:47 . 2006-05-25 08:43 57,801 --a------ C:\WINDOWS\system32\igfx.hlp
2008-04-23 19:19 . 2008-04-23 19:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-23 16:52 . 2008-04-23 16:52 <DIR> d-------- C:\VundoFix Backups
2008-04-20 21:14 . 2008-04-20 21:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-20 20:42 . 2008-04-20 20:42 <DIR> d-------- C:\WoW-2.0.0-enUS-Installer
2008-04-19 13:02 . 2008-04-19 13:02 <DIR> d-------- C:\WAN Miniport (PPTP)
2008-04-19 13:00 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-19 12:35 . 2008-04-19 18:14 <DIR> d-------- C:\Program Files\Symantec
2008-04-19 12:35 . 2008-04-19 19:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-19 12:35 . 2008-04-19 12:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-04-19 12:35 . 2008-04-22 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-19 11:36 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-19 11:36 . 2008-04-19 11:36 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-19 11:35 . 2008-04-19 11:35 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-19 11:35 . 2008-04-19 11:35 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-19 11:35 . 2008-04-19 11:35 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-19 11:35 . 2008-04-19 11:35 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-19 11:35 . 2008-04-19 11:35 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-04-19 11:32 . 2008-04-19 11:32 <DIR> dr-h----- C:\MSOCache
2008-04-19 03:00 . 2008-04-19 05:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-19 03:00 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-18 18:02 . 2006-05-25 08:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-18 18:02 . 2008-04-18 18:02 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-18 17:56 . 2004-08-03 18:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-18 17:54 . 2008-04-18 17:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-18 17:54 . 2008-04-18 17:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-18 17:54 . 2008-04-18 17:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-18 17:54 . 2008-04-18 17:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-18 17:54 . 2008-04-18 17:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-18 17:54 . 2008-04-18 17:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-18 17:53 . 2004-08-03 18:07 358,912 --a--c--- C:\WINDOWS\system32\dllcache\wmic.exe
2008-04-18 17:53 . 2004-08-03 18:07 92,672 --a--c--- C:\WINDOWS\system32\dllcache\policman.dll
2008-04-18 17:47 . 2004-08-03 18:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-04-18 17:47 . 2004-08-03 18:07 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-04-18 17:47 . 2004-08-03 18:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-04-18 17:47 . 2004-08-03 18:07 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-04-18 10:40 . 2008-04-18 10:44 <DIR> d-------- C:\WINDOWS\ehome
2008-04-17 12:48 . 2008-04-17 12:48 <DIR> d-------- C:\Program Files\World of Warcraft
2008-04-17 12:48 . 2008-04-17 12:48 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-16 23:08 . 2008-04-16 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-16 22:42 . 2008-04-24 07:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-16 20:54 . 2008-04-20 22:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-16 20:54 . 2003-03-18 12:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-16 20:54 . 2003-03-18 11:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-04-16 20:54 . 2003-02-20 19:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-04-16 18:50 . 2008-04-16 18:50 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-04-16 18:47 . 2008-04-16 18:47 <DIR> d-------- C:\Program Files\Telstra
2008-04-16 18:33 . 2008-04-16 18:33 <DIR> d-------- C:\drvrtmp
2008-04-16 18:32 . 2003-02-11 09:58 126,976 --a------ C:\WINDOWS\system32\e1000msg.dll
2008-04-16 18:32 . 2003-07-11 10:58 121,856 --a------ C:\WINDOWS\system32\drivers\e1000325.sys
2008-04-16 18:32 . 2003-07-11 12:15 118,784 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-04-16 18:32 . 2002-12-29 05:00 24,064 --a------ C:\WINDOWS\system32\IntelNic.dll
2008-04-16 18:32 . 2002-09-03 02:34 2,725 --a------ C:\WINDOWS\system32\e1000325.din
2008-04-16 17:13 . 2008-04-16 17:13 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-16 17:13 . 2008-04-23 19:03 <DIR> d-------- C:\Documents and Settings\Owner
2008-04-16 17:13 . 2008-04-16 17:13 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-04-16 17:13 . 2008-04-24 17:39 159,744 --ah----- C:\Documents and Settings\Owner\ntuser.dat.LOG
2008-04-16 17:13 . 2008-04-24 17:36 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 23:45 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( [email protected]_ 7.05.43.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 13:43:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 00:35:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 00:38:29 11,914 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{D24CAD3C-5FC0-4919-A8D6-FBE45039A10A}.bin
+ 2008-04-25 00:35:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-05-25 08:43 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-05-25 08:43 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 10:37 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dsgkvuai]
dsgkvuai.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30d8683f]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M2603]
c:\documents and settings\owner\application data\setup_en
[1].exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\wowclient-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 10:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 10:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 19:36:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 17:39:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 17:40:11
ComboFix-quarantined-files.txt 2008-04-25 00:40:07
ComboFix2.txt 2008-04-24 14:05:53

Pre-Run: 244,371,234,816 bytes free
Post-Run: 244,368,564,224 bytes free

130 --- E O F --- 2008-04-24 10:00:14

NOTES: Had to download AEVITA Wipe & Delete to delete the .dll file :) got kinda tricky but both of them are gone from the c:/windows/system32.

Edited by Zuarfia, 24 April 2008 - 01:44 AM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Driver::
30d8683f
File::
c:\documents and settings\owner\application data\setup_en[1].exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dsgkvuai]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M2603]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Download SmitfraudFix at http://siri.urz.free...mitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop.

Open the SmitfraudFix folder. Double-click on smitfraudfix.cmd and select option #1 - Search by typing 1 and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 or any other option until you are directed to do so!

NOTE: process.exe is detected by some antivirus programs as a Risk Tool. It is not a virus. If you get this detected, ignore it.


How is the computer running so far?

Edited by greyknight17, 24 April 2008 - 07:17 AM.

  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP