Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Troj Cass-A in system32\dist001.exe [RESOLVED]


  • This topic is locked This topic is locked

#46
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Let's do it this way then :tazz:

download look.zip from here: Attached File  look.zip   198bytes   98 downloads

Unzip it to your desktop. Double-click look.bat, when it's done a notepad will open with text, copy everything and paste it here please :)
  • 0

Advertisements


#47
chicagochicklett

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Not much luck....

I ran look.bat and an MS-DOS looking window popped up with this:

C:\Documents and Settings\Family\Desktop>regedit /e C:\look.txt "HKEY_LOCAL_MACH
INE\SOFTWARE\CrPT4Aw2YM7D"

C:\Documents and Settings\Family\Desktop>notepad c:\look.txt

Then notepad opened but it was empty.
  • 0

#48
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Doh! I hope Michelle doesn't mind me posting but I think I know why this isn't working for you!

Please boot your computer to safe mode and try look.bat again.

What you have is known as a rootkit and when it is running it cannot be seen by windows. Good thing about most rootkits is they don't run in safe mode and this happens to be one of them.
  • 0

#49
chicagochicklett

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks! Boy I sure do have a lot of people trying to help me..... my mother keeps saying "will the computer be fixed before you leave?? [for college on friday!]"

Thanks so much
  • 0

#50
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
I'm almost positive Michelle :tazz: will have you fixed by then. She's one of the best!
  • 0

#51
chicagochicklett

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Okay, think I got it!

From the look.txt:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\CrPT4Aw2YM7D]
"Device"="\\\\.\\mjp8Igrg"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\clat4usb9.sys"
"DriverName"="Plustry"
"HideUninstallerName"="C:\\Program Files\\Sopaim\\ntkclien.exe"
"HDll"="C:\\WINDOWS\\system32\\icfpdmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.SAV2"
"InstallationId"="{X77c8b53-4dde-4259-0d53-2ee1f7a67407}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Sopaim\\offdecod.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\norio804.exe"
"Version"="2.0.81"

[HKEY_LOCAL_MACHINE\SOFTWARE\CrPT4Aw2YM7D\AU2]
"AP"="/DVNM=\"\\\\.\\mjp8Igrg\" /INSC=\"AU\""
"SU"="http://au.contextplu...vices/AUServer"
"NPT"="2005:09:07-13:13:45:421"
"TO"=dword:0036ee80
"LastCLRestoreMsgTS"="2005:09:06-11:59:47:796"

[HKEY_LOCAL_MACHINE\SOFTWARE\CrPT4Aw2YM7D\AU2\RGR]

[HKEY_LOCAL_MACHINE\SOFTWARE\CrPT4Aw2YM7D\AU2\RGR\Messages]

[HKEY_LOCAL_MACHINE\SOFTWARE\CrPT4Aw2YM7D\AU2\RGR\Properties]
"CP.cv"=hex:43,50,2e,63,76,00,32,2e,30,2e,38,31,00,31,36,30,31,3a,30,31,3a,30,\
31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.id"=hex:43,50,2e,69,64,00,7b,58,37,37,63,38,62,35,33,2d,34,64,64,65,2d,34,\
32,35,39,2d,30,64,35,33,2d,32,65,65,31,66,37,61,36,37,34,30,37,7d,00,31,36,\
30,31,3a,30,31,3a,30,31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.pc"=hex:43,50,2e,70,63,00,43,50,2e,53,41,56,32,00,31,36,30,31,3a,30,31,3a,\
30,31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.st"=hex:43,50,2e,73,74,00,41,00,31,36,30,31,3a,30,31,3a,30,31,2d,30,30,3a,\
30,30,3a,30,30,3a,30,30,30,00,00
"CP.is"=hex:43,50,2e,69,73,00,4c,52,00,31,36,30,31,3a,30,31,3a,30,31,2d,30,30,\
3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.it"=hex:43,50,2e,69,74,00,32,30,30,35,30,38,32,38,32,31,33,32,30,30,00,31,\
36,30,31,3a,30,31,3a,30,31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.os"=hex:43,50,2e,6f,73,00,5b,32,5d,20,35,2e,31,2e,32,36,30,30,20,22,53,65,\
72,76,69,63,65,20,50,61,63,6b,20,32,22,00,31,36,30,31,3a,30,31,3a,30,31,2d,\
30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\CrPT4Aw2YM7D\AU2\TDH]
  • 0

#52
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Yep that's the one. Hopefully Michelle will be around shortly to help you get through the rest of this
  • 0

#53
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please download remsav2.zip from here: Attached File  remsav2.zip   506bytes   57 downloads

Unzip it to your desktop but don't run it yet.

Reboot into Safe Mode.

Once in Safe Mode, go into the remsav2 folder and double-click remsav2.bat
You'll see a window open for a few seconds, then close that's normal.

Reboot into normal mode and post a new HiJackThis log and let me know if you're still having problems please :tazz:
  • 0

#54
chicagochicklett

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
That IE window didn't pop up! But I think my antivirus found something...

Logfile of HijackThis v1.99.1
Scan saved at 11:25:44 AM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.01\cactusspamfilter.exe" -minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: www.hotelrwanda.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107183886500
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61948E37-F456-45AA-A81F-DC5436FB3927}: NameServer = 199.224.86.15 199.224.86.16
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
  • 0

#55
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That's great news! :tazz:

Let's do this next, please:

I would like you to go ahead and run Cleanup again, please :)

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, if it does go ahead and reboot.

Then, please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.
  • 0

Advertisements


#56
chicagochicklett

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:07:46 PM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.01\cactusspamfilter.exe" -minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: www.hotelrwanda.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107183886500
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61948E37-F456-45AA-A81F-DC5436FB3927}: NameServer = 199.224.86.15 199.224.86.16
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS


ActiveScan Log:

Incident Status Location

Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/apropos No disinfected Windows Registry
  • 0

#57
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello Chicagochicklett :)

I just need you to do one thing for me, if you don't mind:

Using Windows Explorer, please locate this folder:

C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs

Right-click on it and go to "Send to > Compressed (zipped) folder". It will create a zipped folder called cache32dsrf4535dfs.zip inside the system32 folder. Please e-mail that zipped folder to submit@atribune.org

We're almost done! :tazz:
  • 0

#58
chicagochicklett

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Just wondering what the next step is.....i sent that zip attachment to the email you'd given me. Now what?
  • 0

#59
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Thank you :tazz:

Please delete both of these folders:

C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs.zip

Then, post another HiJackThis log, please, and let me know if you're having any other problems!
  • 0

#60
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP