Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hey there [RESOLVED]

Started by shmifty52 , Sep 14 2008 01:13 AM

  • This topic is locked This topic is locked

#1
shmifty52
Posted 14 September 2008 - 01:13 AM

shmifty52

    Member

  • Member
  • PipPip
  • 11 posts
hey there i got told to post my question here, my bad, anyways i need help with a problem it doesnt really do any damage as far as i can see but it is a virus and virusses are bad.

okay i dont know when or how i got this thing i just know i cant seem to remove it, i got onecare and it usually does the job but on this one it really let me down big, i've run several scans of my computer with varois malware and virus software yet i get no results most if not all of them say i don't have a virus yet onecare keeps saying its there, so i'm not sure how to remove it when onecare says it can't and nothing acknoledges its existence.

on the short i need to know if i can remove it or if it even exists ( i kinda hope it doesnt and onecare is trying to sucker me into upgrading ).

any help would be of great appreciation, im still new to the whole defense side of computers but i think i could handle this, anyways the name of the problem is " TrojanDownloader:Win32/Zlob.gen!BS "

if you need more info or anything just ask.

if it cant be removed i'll just wipe my drive and start over, sigh, if i have too though.

sincerely shmifty5 :)
  • 0

Advertisements

#2
Essexboy
Posted 14 September 2008 - 07:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

if it cant be removed i'll just wipe my drive and start over, sigh, if i have too though.

That may not be required. However, I have no infrmation to go on as your description is vague

Please follow all of the steps in this section of the Malware Forum. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in this thread
  • 0

#3
shmifty52
Posted 15 September 2008 - 12:29 PM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
alright i followed everything there and i still get a message saying the same thing so here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:29 PM, on 9/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4920 bytes

any help would be appreciated, :)
  • 0

#4
Essexboy
Posted 15 September 2008 - 12:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well nothing shows there so lets look deeper. Does onecare give a location for this nasty ?

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly


Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

As Vista produces a rather large log, I would like you to upload it to Mediafire and post the sharing link :)
  • 0

#5
shmifty52
Posted 15 September 2008 - 03:47 PM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
alright i did the scan heres the URL link:

http://www.mediafire.com/?v10ymdyhmam

i hope this will do it.
  • 0

#6
Essexboy
Posted 15 September 2008 - 04:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that you have DAEMON Tools some Antivirus programmes pick this up as riskware as it can be used for good or bad

Does onecare give a location for this TrojanDownloader:Win32/Zlob.gen!BS

Lets try another stronger scanner - although I feel this may be a false positive

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

Ignore references to recovery console as it is not required for Vista

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#7
shmifty52
Posted 15 September 2008 - 07:10 PM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
should i just post it or mediafire it?
  • 0

#8
shmifty52
Posted 15 September 2008 - 07:36 PM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i'm just gonna post them
heres the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:02 PM, on 9/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownl

and heres the log for combofix:

ComboFix 08-09-15.02 - shmifty5 2008-09-15 19:02:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1620 [GMT -7:00]
Running from: C:\Users\shmifty5\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-15 12:46 . 2008-09-15 12:46 <DIR> d-------- C:\_OTScanIt
2008-09-15 12:26 . 2008-09-15 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\Malwarebytes
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\Download Manager
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 20:12 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-12 20:12 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-12 17:19 . 2008-09-13 13:17 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-12 17:19 . 2008-09-13 13:17 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-12 17:19 . 2008-09-12 18:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 09:37 . 2008-09-10 09:37 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\U3
2008-09-10 09:37 . 2008-09-10 09:37 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-09 14:24 . 2008-07-30 18:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 14:24 . 2008-08-01 18:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 14:24 . 2008-06-25 20:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 14:24 . 2008-06-25 20:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 14:24 . 2008-05-08 12:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 14:24 . 2008-05-19 19:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 14:24 . 2008-06-25 20:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 14:24 . 2008-08-01 20:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 14:24 . 2008-07-30 20:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 09:01 . 2008-09-09 09:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-07 01:43 . 2008-09-07 02:20 <DIR> d-------- C:\Users\Public\Games
2008-09-06 06:08 . 2008-09-06 17:46 <DIR> d-------- C:\Users\shmifty5\WotLK-Beta-3.0.1-enUS
2008-09-05 15:13 . 2008-09-05 15:13 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-09-05 15:13 . 2008-09-05 15:13 <DIR> d-------- C:\ProgramData\FLEXnet
2008-09-05 15:05 . 2008-09-05 15:15 <DIR> d-------- C:\Users\All Users\Adobe
2008-09-05 15:04 . 2008-09-05 15:04 <DIR> d-------- C:\Program Files\Bonjour
2008-09-05 14:35 . 2008-09-05 14:35 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-05 14:34 . 2008-09-05 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-05 09:38 . 2008-09-05 09:38 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-05 09:38 . 2008-09-05 09:38 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-09-05 09:19 . 2008-09-05 09:32 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-05 09:17 . 2008-09-05 09:17 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-09-05 09:16 . 2008-09-05 09:16 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\DAEMON Tools
2008-09-05 08:59 . 2008-09-05 08:59 <DIR> d-------- C:\Program Files\MagicDisc
2008-09-05 08:59 . 2008-07-28 17:19 116,736 --a------ C:\Windows\System32\drivers\mcdbus.sys
2008-09-05 08:55 . 2008-09-05 09:12 <DIR> d-------- C:\Program Files\MagicISO
2008-09-05 07:31 . 2008-09-05 07:32 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\Ventrilo
2008-09-05 07:29 . 2008-09-05 07:30 <DIR> d-------- C:\Program Files\Ventrilo
2008-09-04 21:05 . 2008-09-04 21:05 <DIR> d-------- C:\Program Files\myWinMPQ
2008-09-04 21:05 . 2002-12-20 14:02 1,077,336 --a------ C:\Windows\System32\MSCOMCTL.OCX
2008-09-04 21:05 . 2002-12-20 14:02 1,077,336 --a------ C:\Windows\system\MSCOMCTL.OCX
2008-09-04 21:05 . 2002-12-06 21:32 180,224 --a------ C:\Windows\System32\SFmpq.dll
2008-09-04 21:05 . 2002-12-06 21:32 180,224 --a------ C:\Windows\system\SFmpq.dll
2008-09-04 11:44 . 2008-09-05 05:08 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\gtk-2.0
2008-09-04 11:44 . 2008-09-04 11:44 <DIR> d-------- C:\Users\shmifty5\.thumbnails
2008-09-04 11:43 . 2008-09-08 06:46 <DIR> d-------- C:\Users\shmifty5\.gimp-2.4
2008-09-04 11:42 . 2008-09-04 11:42 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-04 09:52 . 2008-09-04 09:53 <DIR> d-------- C:\Program Files\DivX
2008-09-04 06:50 . 2008-09-07 12:47 <DIR> d-------- C:\Program Files\Glitchy's Model Editing Suite
2008-09-04 05:44 . 2008-09-04 05:44 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\vlc
2008-09-04 02:22 . 2008-09-04 07:44 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\DivX
2008-09-04 02:13 . 2008-09-04 02:13 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-01 07:22 . 2008-09-01 07:22 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\InstallShield Installation Information
2008-09-01 07:01 . 2008-09-01 07:01 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2008-09-01 07:00 . 2008-09-01 07:00 <DIR> d-------- C:\Windows\System32\AGEIA
2008-09-01 07:00 . 2008-09-05 07:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-01 07:00 . 2008-09-01 07:00 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-08-30 13:32 . 2008-09-09 04:57 <DIR> d-------- C:\Program Files\World of Warcraft
2008-08-30 03:58 . 2008-01-02 16:33 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-08-30 03:52 . 2008-09-05 02:50 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-08-30 03:52 . 2008-09-04 09:53 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-08-30 03:52 . 2007-11-27 22:45 91,200 --a------ C:\Windows\System32\drivers\msfwdrv.sys
2008-08-30 03:52 . 2008-05-15 16:15 53,168 --a------ C:\Windows\System32\drivers\MpFilter.sys
2008-08-30 03:52 . 2007-11-27 22:44 37,440 --a------ C:\Windows\System32\drivers\msfwhlpr.sys
2008-08-30 00:09 . 2008-04-11 20:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-08-29 08:10 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Searches
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Videos
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Saved Games
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Pictures
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Music
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Links
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> dr------- C:\Users\Guest\Downloads
2008-08-29 08:09 . 2008-08-29 08:11 <DIR> dr------- C:\Users\Guest\Documents
2008-08-29 08:09 . 2008-08-29 08:09 <DIR> dr------- C:\Users\Guest\Contacts
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> d--h----- C:\Users\Guest\AppData
2008-08-29 08:09 . 2008-08-29 08:10 <DIR> d-------- C:\Users\Guest
2008-08-29 07:37 . 2008-08-29 07:37 <DIR> d-------- C:\PerfLogs
2008-08-29 06:16 . 2008-08-29 06:16 <DIR> dr-h----- C:\MSOCache
2008-08-29 04:17 . 2008-01-19 00:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-08-29 04:16 . 2008-01-18 23:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-08-29 04:15 . 2008-01-19 00:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-08-29 04:15 . 2008-01-19 00:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-08-29 04:15 . 2008-01-19 00:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-08-29 04:15 . 2008-01-19 00:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-08-29 04:15 . 2008-01-19 00:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-08-29 04:15 . 2008-01-19 00:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-08-29 04:15 . 2008-01-19 00:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-08-29 04:15 . 2008-01-19 00:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-08-29 04:15 . 2008-01-19 00:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-08-29 03:24 . 2008-08-29 03:24 <DIR> d-------- C:\Program Files\PHILIPS
2008-08-29 03:24 . 2007-06-14 10:25 839,680 --a------ C:\Windows\System32\FDRpage.dll
2008-08-29 03:24 . 2007-06-04 15:34 208,896 --a------ C:\Windows\System32\CreateDir.exe
2008-08-29 03:24 . 2006-01-04 15:39 77,824 --a------ C:\Windows\System32\FDRdriver.dll
2008-08-29 03:24 . 2006-01-07 11:09 7,548 --a------ C:\Windows\System32\drivers\Samhid.sys
2008-08-28 20:16 . 2008-09-07 02:20 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-08-28 12:39 . 2008-09-05 09:38 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-28 12:38 . 2008-08-28 12:38 <DIR> d-------- C:\Program Files\Veoh Networks
2008-08-28 12:37 . 2008-08-29 00:22 <DIR> d-------- C:\Windows\Downloaded Installations
2008-08-28 07:52 . 2008-09-15 13:35 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-08-28 07:38 . 2008-09-14 01:43 <DIR> d-------- C:\Users\shmifty5\Incomplete
2008-08-28 07:37 . 2008-09-14 01:43 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\FrostWire
2008-08-28 07:35 . 2008-08-29 09:09 <DIR> d-------- C:\Program Files\Java
2008-08-28 07:35 . 2008-08-28 07:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-28 07:30 . 2008-09-10 11:22 <DIR> d-------- C:\Program Files\FrostWire
2008-08-28 01:39 . 2008-08-28 01:39 <DIR> d-------- C:\Windows\PCHEALTH
2008-08-28 01:36 . 2008-08-28 01:39 <DIR> d-------- C:\Program Files\Windows Live
2008-08-28 01:36 . 2008-08-28 01:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-28 01:35 . 2008-08-28 01:35 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-08-28 01:35 . 2008-08-28 01:35 <DIR> d-------- C:\ProgramData\WLInstaller
2008-08-27 22:08 . 2008-09-15 17:12 <DIR> d-------- C:\Users\shmifty5\AppData\Roaming\Azureus
2008-08-27 22:08 . 2008-08-27 22:08 <DIR> d-------- C:\Users\All Users\Azureus
2008-08-27 22:08 . 2008-08-27 22:08 <DIR> d-------- C:\ProgramData\Azureus
2008-08-27 22:08 . 2008-09-15 15:47 <DIR> d-------- C:\Program Files\Vuze
2008-08-27 22:07 . 2008-08-27 22:07 <DIR> d-------- C:\Windows\System32\Macromed
2008-08-27 21:40 . 2008-08-27 21:40 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-08-27 21:31 . 2008-08-27 21:31 269,312 --a------ C:\Windows\System32\es.dll
2008-08-27 21:28 . 2008-08-27 21:28 <DIR> d-------- C:\Intel
2008-08-27 21:20 . 2008-08-27 21:20 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-27 21:20 . 2008-08-27 21:20 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-27 21:20 . 2008-08-27 21:20 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-27 21:20 . 2008-08-27 21:20 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 14:43 174 --sha-w C:\Program Files\desktop.ini
2008-08-29 14:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-29 14:37 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-29 14:37 --------- d-----w C:\Program Files\Windows Mail
2008-08-29 14:37 --------- d-----w C:\Program Files\Windows Defender
2008-08-29 14:37 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-29 14:37 --------- d-----w C:\Program Files\Windows Calendar
2008-08-29 14:25 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-29 14:25 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-28 03:55 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-28 03:55 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-08-08 67112]

C:\Users\shmifty5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-05 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F19EE16D-475E-4229-8926-A7595020311C}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{8B1986D8-83A7-4826-8222-C3386A8D5E45}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{9A266F60-8489-4DB6-B041-3678990AC437}C:\\program files\\unreal tournament 3\\binaries\\unrealconsole.exe"= UDP:C:\program files\unreal tournament 3\binaries\unrealconsole.exe:UnrealConsole
"UDP Query User{2679B20D-3612-4B9A-A173-C3C37EDB073D}C:\\program files\\unreal tournament 3\\binaries\\unrealconsole.exe"= TCP:C:\program files\unreal tournament 3\binaries\unrealconsole.exe:UnrealConsole
"TCP Query User{A691B2D2-2853-4A7C-8BF3-E771E71EE267}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D3A8D7FE-A2EE-448C-AB93-0E5202C6A92A}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"{1F596582-4E42-4C1E-A508-B9E47B83FF8C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{33F32469-85FD-4C19-86E9-1C9E2273313E}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{2257933C-48C5-4708-B53D-36A29E7B0171}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"{6ED60FAA-A830-447F-A533-362374B0BCD3}"= UDP:25303:vuze
"TCP Query User{BFD39A15-4255-4861-B868-9C373D727498}C:\\users\\shmifty5\\appdata\\local\\temp\\rar$ex00.146\\wow-burningcrusade-engb-installer-downloader.exe"= UDP:C:\users\shmifty5\appdata\local\temp\rar$ex00.146\wow-burningcrusade-engb-installer-downloader.exe:wow-burningcrusade-engb-installer-downloader.exe
"UDP Query User{D4FBC9A8-770B-453B-9FBB-9C1F512A7E14}C:\\users\\shmifty5\\appdata\\local\\temp\\rar$ex00.146\\wow-burningcrusade-engb-installer-downloader.exe"= TCP:C:\users\shmifty5\appdata\local\temp\rar$ex00.146\wow-burningcrusade-engb-installer-downloader.exe:wow-burningcrusade-engb-installer-downloader.exe
"TCP Query User{A7BB2016-0FF0-4B16-B163-C3A2385B91E3}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C2AF6A13-E9D7-4FA3-87DF-6FCA9216D0D0}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{01CDD19E-D198-4E43-AF36-5E8A6BFA2DCC}C:\\users\\shmifty5\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:C:\users\shmifty5\world of warcraft\wow-2.3.0-enus-downloader.exe:wow-2.3.0-enus-downloader.exe
"UDP Query User{69062F9C-2278-46BC-978F-FC1FC54001B3}C:\\users\\shmifty5\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:C:\users\shmifty5\world of warcraft\wow-2.3.0-enus-downloader.exe:wow-2.3.0-enus-downloader.exe
"TCP Query User{060565AF-B4B7-4EBE-AA8C-CE9D7475FF5C}C:\\users\\shmifty5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\o0fhbtw9\\wotlk-intro_en_us-downloader[1].exe"= UDP:C:\users\shmifty5\appdata\local\microsoft\windows\temporary internet files\content.ie5\o0fhbtw9\wotlk-intro_en_us-downloader[1].exe:wotlk-intro_en_us-downloader[1].exe
"UDP Query User{DDEE193B-F0F7-446B-A110-AFC1E50DD219}C:\\users\\shmifty5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\o0fhbtw9\\wotlk-intro_en_us-downloader[1].exe"= TCP:C:\users\shmifty5\appdata\local\microsoft\windows\temporary internet files\content.ie5\o0fhbtw9\wotlk-intro_en_us-downloader[1].exe:wotlk-intro_en_us-downloader[1].exe
"TCP Query User{4AF70FA7-011D-4C06-9C4A-F499E1FCFEA7}C:\\users\\shmifty5\\world of warcraft\\repair.exe"= UDP:C:\users\shmifty5\world of warcraft\repair.exe:repair.exe
"UDP Query User{C3D429CB-BC7F-4516-A192-3903B6EE9B13}C:\\users\\shmifty5\\world of warcraft\\repair.exe"= TCP:C:\users\shmifty5\world of warcraft\repair.exe:repair.exe
"{28A2E8EE-6F52-403A-BF63-FBCBA40D0C6E}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{C49BE208-FAA2-4787-B9C5-BF6E2CC0AACB}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{4EC06FE5-AAF2-436E-94AE-1DBAA9A33CD4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
S3 samhid;samhid;C:\Windows\system32\drivers\samhid.sys [2006-01-07 7548]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c5fe537-7ef4-11dd-8906-0019d11f428d}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{708972f1-7256-11dd-8b15-806e6f6e6963}]
\shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2300ca-7ab7-11dd-abad-0019d11f428d}]
\shell\AutoRun\command - I:\OblivionLauncher.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 19:05:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-15 19:07:42
ComboFix-quarantined-files.txt 2008-09-16 02:07:33

Pre-Run: 24,197,267,456 bytes free
Post-Run: 24,173,838,336 bytes free

245 --- E O F --- 2008-09-10 04:50:38

alright here they both are i hope this does the trick, :)
  • 0

#9
Essexboy
Posted 16 September 2008 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I believe it has as they both show clean. Does onecare still alert ? If so I would really like to know the file name and location
  • 0

#10
shmifty52
Posted 17 September 2008 - 12:31 PM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok i ran the onecare scan again and this is all it says

Under software:
TrojanDownloader:Win32/Zlob.gen!CD

under action:
Remove Failed

thats all it says sorry.
Note: this time at the end it lists "CD" while first it listed "BS" should i be worried about this? :)
  • 0

Advertisements

#11
Essexboy
Posted 17 September 2008 - 01:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have found an on-line scan which will detect this variant (...Unless it is a false positive)

TrendMicro™ HouseCall ActiveX Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
  • You may receive a prompt to install the ActiveX, click install.
  • If you are taken back to the main page, click Launching HouseCall>> button again.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

Although you will not be able to copy the report, if it finds this element could you note the file name and location
  • 0

#12
shmifty52
Posted 18 September 2008 - 12:34 AM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
okay at first i couldn't see any damadge but now onecare is popping up over and over again with the old "BS" message, and other such phenomena are occuring mostly with onecare but its starting to become a problem and i'm running the scan right now.
  • 0

#13
shmifty52
Posted 18 September 2008 - 12:21 PM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
trend micro didnt find anything wrong.
  • 0

#14
Essexboy
Posted 18 September 2008 - 01:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Methinks that you may have a false positive here. What I really need is the file name and location i.e. C:\windows\system32\badfile.exe

The problem with checking this out with other Antivirus on line scans is that they take an inordinate amount of time

But if you are game then we could try Dr.Web to confirm the false positive

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

  • 0

#15
shmifty52
Posted 20 September 2008 - 05:00 AM

shmifty52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
so what do i do with the scan report post it or what? :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP