Cybertechexpert.com said ip address was infected by koobface virus
Posted 23 July 2016 - 09:25 PM
Posted 27 July 2016 - 05:55 PM
Removed Java and Real Player. Number was still there when booted in safe mode.
Posted 27 July 2016 - 07:30 PM
Posted 09 August 2016 - 04:50 PM
autoruns.txt 76.92KB 37 downloads
File attached. Sorry it took so long to reply.
Posted 09 August 2016 - 07:07 PM
Looking at your last FRST scan again I see:
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
This is probably a valid file but I cannot see how it starts running. Also we usually use the cmd.exe file in C:\Windows\System32 not in SysWOW64.
Run Process Explorer again and sort things by name by clicking once or twice on Process. Then find cmd.exe and right click on it and Suspend. Does anything happen to your number?
Another possibility is something tacked into Explorer:
Posted 17 August 2016 - 06:11 PM
The number is still there but my mom's not really worried about it as long as there's nothing malicious associated with it. Unless this has become personal for you, I think we're good
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users