Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win32/alman.nab Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 blister

blister

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 June 2008 - 12:49 PM

Win XP home, NOD32 3.0.650.0 antivirus. I got infected with Win32/Alman.NAB virus. My antivirus show some executable files where infected, plus when browse web with Internet Explorer, system periodically popup error mesages called RUNDLL:
"Error loading C:\Windows\AppPatch\Jview.dll
The specified module could not be found."

(by default I use Firefox).

After running whole computer scan, NOD32 isolated the infected files in a Quarantine folder. I removed the Jview.dll
As far I know, Win32/Alman.NAD is infector, downloader and it has got his own driver. If it sit inside some legit process (IE), then it will add new registry key again. Then removing will be harder.
Then I downloaded and run DSS utility, and got the following report, I browsed though logfile, but not sure which processess and keys are legitimate.

Deckard's System Scanner v20071014.68
Run by User on 2008-06-26 12:28:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-06-26 09:28:42 UTC - RP650 - Deckard's System Scanner Restore Point
50: 2008-06-20 09:36:28 UTC - RP649 - Software Distribution Service 3.0
49: 2008-06-18 14:40:47 UTC - RP648 - System Checkpoint
48: 2008-06-16 14:22:43 UTC - RP647 - System Checkpoint
47: 2008-06-11 09:32:32 UTC - RP646 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-25 07:01:53 UTC - RP600 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:44, on 2008.06.26.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\User.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 84.252.140.138:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3553 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-25 12:52:34 148 --a------ C:\WINDOWS\system32\unxxx.bat
2008-06-17 19:07:04 0 d-------- C:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-06-02 12:19:01 0 d-------- C:\Program Files\xmplay342


-- Find3M Report ---------------------------------------------------------------

2008-06-19 14:57:39 0 d-------- C:\Documents and Settings\User\Application Data\Mozilla
2008-06-02 17:07:14 0 d-------- C:\Program Files\Star Downloader
2008-05-26 20:38:02 0 d-------- C:\Documents and Settings\User\Application Data\Orbit
2008-04-24 13:19:56 1160192 --a------ C:\WINDOWS\system32\Gareks.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003.04.06. 19:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003.04.06. 19:07]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001.07.09. 10:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008.01.11. 23:16]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008.03.13. 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004.08.04. 00:56]
"NetMeter"="C:\Program Files\HooTech\NetMeter\HooNetMeter.exe" [2006.10.09. 02:23]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007.03.28. 19:13:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-26 12:30:30 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.66GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 1015.48 MiB / 713.79 MiB
Pagefile Memory (total/avail): 1294.38 MiB / 1114.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.29 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 34.36 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 149.04 GiB total, 144.99 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - ST3160815A - 149.05 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 149.04 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.
FirewallOverride is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\WM Recorder 10.2\\WMR.exe"="C:\\Program Files\\WM Recorder 10.2\\WMR.exe:*:Enabled:WM Recorder 10.2"
"C:\\Documents and Settings\\User\\SuperScan\\SuperScan4.exe"="C:\\Documents and Settings\\User\\SuperScan\\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALEXANDER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\ALEXANDER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SDImgTemp=C:\Program Files\Sharp\Sharpdesk\Imaging\Temp
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=ALEXANDER
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\User\HijackThis.exe" /uninstall
HTMLPad 2004 Pro v5.2 --> "C:\Program Files\HTMLPad 2004 Pro\unins000.exe"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Net Meter v3.1 build 267 --> "C:\Program Files\HooTech\NetMeter\unins000.exe"
Star Downloader Free --> C:\PROGRA~1\STARDO~1\UNWISE.EXE C:\PROGRA~1\STARDO~1\INSTALL.LOG
SWFText --> C:\PROGRA~1\SWFText\UNWISE.EXE C:\PROGRA~1\SWFText\INSTALL.LOG
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xara3D6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3783869-5D14-4838-A042-910DF816D070}\setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type5213 / Error
Event Submitted/Written: 06/19/2008 11:51:26 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.

Event Record #/Type5212 / Error
Event Submitted/Written: 06/19/2008 11:51:23 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5211 / Error
Event Submitted/Written: 06/19/2008 11:51:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash9e.ocx, version 9.0.115.0, fault address 0x001b48a0.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type5188 / Error
Event Submitted/Written: 06/09/2008 06:09:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 8.1.0.137, faulting module acrord32.dll, version 8.1.2.86, fault address 0x00078434.
Processing media-specific event for [acrord32.exe!ws!]

Event Record #/Type5182 / Error
Event Submitted/Written: 06/05/2008 00:18:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module js3250.dll, version 4.0.0.0, fault address 0x0001ecc6.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25452 / Error
Event Submitted/Written: 06/26/2008 11:47:36 AM
Event ID/Source: 23 / Print
Event Description:
Printer Auto Sharpdesk Composer on JURISB failed to initialize because a suitable Sharpdesk Composer driver could not be found.

Event Record #/Type25432 / Error
Event Submitted/Written: 06/25/2008 03:46:35 PM
Event ID/Source: 23 / Print
Event Description:
Printer Auto Sharpdesk Composer on JURISB failed to initialize because a suitable Sharpdesk Composer driver could not be found.

Event Record #/Type25400 / Error
Event Submitted/Written: 06/25/2008 11:55:40 AM
Event ID/Source: 23 / Print
Event Description:
Printer Auto Sharpdesk Composer on JURISB failed to initialize because a suitable Sharpdesk Composer driver could not be found.

Event Record #/Type25336 / Error
Event Submitted/Written: 06/20/2008 00:39:49 PM
Event ID/Source: 23 / Print
Event Description:
Printer Auto Sharpdesk Composer on JURISB failed to initialize because a suitable Sharpdesk Composer driver could not be found.

Event Record #/Type25313 / Error
Event Submitted/Written: 06/20/2008 00:29:36 PM
Event ID/Source: 23 / Print
Event Description:
Printer Auto Sharpdesk Composer on JURISB failed to initialize because a suitable Sharpdesk Composer driver could not be found.



-- End of Deckard's System Scanner: finished at 2008-06-26 12:30:30 ------------

Edited by blister, 26 June 2008 - 05:26 AM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Location:South Carolina, USA
  • Local time:06:55 PM

Posted 17 July 2008 - 03:45 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Location:South Carolina, USA
  • Local time:06:55 PM

Posted 23 July 2008 - 03:51 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users