Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde?

Started by Jaybirdz , Nov 06 2005 05:50 AM

  • This topic is locked This topic is locked

#1
Jaybirdz
Posted 06 November 2005 - 05:50 AM

Jaybirdz

    New Member

  • Member
  • Pip
  • 2 posts
having problems getting rid of this Virtumonde. Really could use some help sorry forgot to post the Ewido log with the HJT the first time so I edited with fresh logs for both.



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:38:48 AM, 11/6/2005
+ Report-Checksum: 99912A5B

+ Scan result:

C:\Documents and Settings\James V. Calhoun\Local Settings\Temporary Internet Files\Content.IE5\Y78XSX8B\mm[2].js -> Spyware.Chitika : Cleaned without backup
:mozilla.10:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.12:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Hotlog : Error during cleaning
:mozilla.13:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.14:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.15:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexcounter : Error during cleaning
:mozilla.16:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.17:C:\Program Files\Support.com\backup\Co\cookies.txt\1391_511cf068e_/cookies.txt -> Spyware.Cookie.Sexlist : Error during cleaning
:mozilla.7:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
:mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.17:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.18:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.19:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.21:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.28:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Trafficmp : Error during cleaning
:mozilla.51:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
:mozilla.52:C:\Program Files\Support.com\backup\Co\cookies.txt\6308_5d71c59f7_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
C:\WINDOWS\system32\vtsqp.dll -> Spyware.Virtumonde : Cleaned without backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 10:51:54 AM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Hijackthins\HijackThis 2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\vtsqp.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports....ommon/ieell.cab
O16 - DPF: {85AC0EFC-2CA1-4C1C-82AE-5C31184A13EF} (VAMCtrl Class) - http://24.72.97.196/...in/h263ctrl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe







Thanx Jay

Edited by Jaybirdz, 06 November 2005 - 10:53 AM.

  • 0

Advertisements

#2
g2i2r4
Posted 06 November 2005 - 11:17 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Jay to Geeks to Go!

Remove eAcceleration Stop-Sign:
Move to Start > Settings > Control Panel
Double click Add/Remove Programs.
Within Add/Remove programs click the "Install/Uninstall" tab or click the "Change or Remove Programs" button.
Within this section you will see a listing of programs that are currently installed that support this feature. If the program I’m advising you to uninstall is listed within this list, highlight it and click the Add/Remove or uninstall option or button.

***

Please print these instructions out for use in Safe Mode.
Please note: your Antivirus program may prompt you to a malicious script trying to run. Allow the entire script once.

Please download VundoFix.exe by Atribune© to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\vtsqp.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\pqstv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\vtsqp.dll

    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k

    O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Run the Free use Panda Active Scan.

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
Jaybirdz
Posted 06 November 2005 - 11:49 PM

Jaybirdz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Cool thanx seems to have cleaned it off . I still had some stuff show up on the Panda Active Scan. Not sure tbh what those 3 are.

Panda Active Scan


Spyware:Spyware/ShopNav No disinfected C:\WINDOWS\system32\file.zip[file]
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v124.cpl
Adware:adware/sahagent No disinfected

HJT Log


Logfile of HijackThis v1.99.1
Scan saved at 11:41:21 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthins\HijackThis 2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports....ommon/ieell.cab
O16 - DPF: {85AC0EFC-2CA1-4C1C-82AE-5C31184A13EF} (VAMCtrl Class) - http://24.72.97.196/...in/h263ctrl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Thanx

Jay
  • 0

#4
g2i2r4
Posted 07 November 2005 - 02:57 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please update and run AdAware SE 1.06. Let it remove what it can find.

Remove P2Pnetworking:
Move to Start > Settings > Control Panel
Double click Add/Remove Programs.
Within Add/Remove programs click the "Install/Uninstall" tab or click the "Change or Remove Programs" button.
Within this section you will see a listing of programs that are currently installed that support this feature. If the program I’m advising you to uninstall is listed within this list, highlight it and click the Add/Remove or uninstall option or button.

Use Windows Explorer to remove this file:
C:\WINDOWS\system32\file.zip

Reboot the computer.

Let me know how things are now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP