Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/nsanti Virus Problem


  • This topic is locked This topic is locked
13 replies to this topic

#1 Mayank_n

Mayank_n

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 03 January 2008 - 11:54 PM

Hii

I am facing a problem with thhe virus named Win32/nSanti, AVG is detecting it but is not able to clean up. Please help.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 04 January 2008 - 11:07 AM

Did AVG provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?

"Win32/NSAnti" is a heuristic detection and a name provided to possible new variants of malware. This detection is usually related to a packed (protected) file that may have been obfuscated or encrypted in order to conceal itself from antivirus software. Packed files often trigger anti-virus alerts because they are resistant to scanning and considered suspicious.

AVG uses heuristic detection which incorporates the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Reducing the detection sensitivity will minimize the risk but then that increases the possibility for new malware to infect your system.

See How AVG Heuristic Analysis Works.

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive , turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.

forum.grisoft: instructions for suspected FP's
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Mayank_n

Mayank_n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 04 January 2008 - 12:28 PM

Thanks for the response, actually the file is in the temp directory in the local setting, its a dll file. AVG keeps showing the message and the file name it shows is not a single one. Moreover I am not able to see my hidden files as when I change the setting in the folder options it comes back to "do not show hidden files" automatically. I have scnned the comp with Ad-aware, Spybot - Search and Destroy, AVG antivirus, sysclean, Mcafee Stinger but the problem still persists.

Please help.

Mayank

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 04 January 2008 - 02:28 PM

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program and reboot normally.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Download RatsCheddar.zip and save it to your desktop. It is a Policy Controller program written by Rathat to remove certain restrictions on XP systems often disabled by malware.
  • Extract (unzip) the file to the desktop. (Click here for information on how to do this if not sure.)
  • Double-click on RatsCheddar.exe to launch the tool.
  • Select Enable for everything listed, then click Exit.
  • Restart your computer.
Warning: This program was developed for Windows XP ONLY. Do not run this program in any other Operating System.

The repeat your scans in "Safe Mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Mayank_n

Mayank_n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 06 January 2008 - 04:06 AM

Hii, thanx for the guidance, I followed the steps as instructed, but still the problems are same as before, after running Ratscheddar, I ran the scans in the safe moe, I used Ad-aware and sysclean from trendmicro, they detect no viruses but I am getting the threat alert from AVG again and again.Pls guide.

Mayank

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 06 January 2008 - 08:42 AM

Again, did AVG provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?

Restore "Show Hidden Files and Folders" Option in XP, go to Start Run and type: regedit
  • Click OK.
  • On the left side, click to highlight My Computer at the top.
  • Go up to File Export
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File Exit.
Go to Start > Run and type: regedit
  • Click OK.
  • Navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • In the right pane, double-click on Hidden
  • In the Edit DWORD Value box, if the 'Value data' is set to 0, edit it to 1
  • Repeat the same for HideFileExt
  • Press Ok and close regedit.
  • Reboot your computer.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Mayank_n

Mayank_n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 06 January 2008 - 02:03 PM

Hii,

The filename with path is c:\docume~1\mayank~1\locals~1\temp\hp2d.dll, but the file name keeps on changing, once it was 2.dll, 1.dll etc.
I followed the steps given by you, there is a bit of confusion, I reached till the hidden folder on the right pane, there is no Reg_dword, under hidden folder there are two subfolders, Nohidden and showall, am I suppose to change there settings?, also they contain multiple entries of type Reg_dword, which one am I supposed to change. The hidefilext also has the multiple dword entries. Please clarify.

Thanks a ton for the help.

mayank

Edited by Mayank_n, 06 January 2008 - 02:16 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 06 January 2008 - 04:29 PM

The file is probably changing names on reboot. Skip the Show Hidden Files and Folders instructions for now and lets see about those .dll files and what else may be on your system.

Please download SDFix by AndyManchesta and save it to your desktop.
alternate download
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.
  • Copy and paste the contents of Report.txt in your next reply.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe


Now navigate to c:\docume~1\mayank~1\locals~1\temp\ and list the .dll files. Write out the full file path, don't use ~1 and don't reboot.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Mayank_n

Mayank_n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 07 January 2008 - 03:00 AM

Hii

Did as instructed, the report generated is as follows


SDFix: Version 1.124

Run by MAYANK_NAGAR on Mon 01/07/2008 at 01:11 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\NSPRS.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH2.DLL - Deleted
C:\WINDOWS\SYSTEM32\SSPRS.DLL - Deleted
C:\autorun.inf - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 13:16:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C4CB9BF-C349-203E-5A14-E37E87F8C532}]
"eakfbiegon"=hex:66,61,61,66,69,70,6e,68,6b,6a,63,68,00,fc
"dafggkon"=hex:64,62,67,69,70,62,68,6e,6f,62,67,65,67,6b,64,6a,6d,67,62,6e,70,..
"iacibngedkidkbomee"=hex:6a,61,6f,6a,6c,66,6e,6d,6c,62,6a,6b,6f,6f,6e,66,64,6d,6a,6f,00,..
"haihpbjincjkobbg"=hex:6a,61,6f,6a,6c,66,6e,6d,6c,62,6a,6b,6f,6f,6e,66,64,6d,6a,6f,00,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89F7AAAE-19B0-81FD-0AB2-88F2EB89FCB8}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Huawei\\MT841\\dslagent.exe"="C:\\Program Files\\Huawei\\MT841\\dslagent.exe:*:Enabled:dslagent"
"C:\\Program Files\\Blue Coat Systems\\WinProxy 6\\WinProxy.exe"="C:\\Program Files\\Blue Coat Systems\\WinProxy 6\\WinProxy.exe:*:Enabled:WinProxy Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 6 Jan 2008 105,408 ..SHR --- "C:\semo2x.exe"
Mon 7 Jan 2008 105,325 ..SHR --- "C:\WINDOWS\system32\amvo.exe"
Mon 7 Jan 2008 54,784 ..SHR --- "C:\WINDOWS\system32\amvo0.dll"
Mon 7 Jan 2008 54,784 ..SHR --- "C:\WINDOWS\system32\amvo1.dll"
Thu 7 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\MAYANK_NAGAR\My Documents\My Music\License Backup\drmv1key.bak"
Tue 19 Dec 2006 20 A..H. --- "C:\Documents and Settings\MAYANK_NAGAR\My Documents\My Music\License Backup\drmv1lic.bak"
Thu 7 Sep 2006 312 ...H. --- "C:\Documents and Settings\MAYANK_NAGAR\My Documents\My Music\License Backup\drmv2key.bak"
Tue 19 Dec 2006 1,536 A..H. --- "C:\Documents and Settings\MAYANK_NAGAR\My Documents\My Music\License Backup\drmv2lic.bak"

Finished!


in the file path suggested by you i.e. c:\docume~1\mayank~1\locals~1\temp\ , there are no dll files. Please let me know the next step.

Thanks a lot

Mayank

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 07 January 2008 - 08:37 AM

Please download OTMoveIt2 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt2.exe to launch the program.
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.

C:\semo2x.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll

  • Then in OTMoveIt, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results for each line will be displayed in the right-hand pane.
  • Highlight everything in the Results window, press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process.
If asked to reboot, choose Yes.


Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.


Go to Start Run and type: regedit
  • Click OK.
  • On the left side, click to highlight My Computer at the top.
  • Go up to File Export
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File Exit.
Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #129 and click "Restore Folder Options Under Tools" in the left column. Go to File, choose "Save page as" All Files and save folderoptions.reg to your desktop. Double-click on that file and choose "Yes" to merge it into the registry when prompted. Once you get a successful message delete the file and reboot.

in the file path suggested by you i.e. c:\docume~1\mayank~1\locals~1\temp\ , there are no dll files

That was the path you originally provided to me where hp2d.dll and others were located. Are you saying those .dll files are not longer present?

Is AVG still detecting Win32/nSanti?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Mayank_n

Mayank_n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 07 January 2008 - 11:18 AM

hii

I followed all the steps as instructed by you, the results as desired are as follows

C:\semo2x.exe moved successfully.
C:\WINDOWS\system32\amvo.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo0.dll NOT unregistered.
C:\WINDOWS\system32\amvo0.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo1.dll NOT unregistered.
C:\WINDOWS\system32\amvo1.dll moved successfully.

OTMoveIt2 v1.0.5 log created on 01072008_212958


The path I gave you was the one shown by the AVG, when it showed threat alert, every time a threat alert is shown I moved the file to the vault, right now I can't see any .dll file in the temp folder although it keeps on showing me the threat alerts from time to time, this time the file name is somewhat different than the previous ones. Also can you please elaborate on the process I followed, what was the objective, because I am still not able to rectify that hidden file problem

Thanx a lot for your help

Mayank

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 07 January 2008 - 12:48 PM

The link I provided was an automatic fix to restore your folder options which includes the option to hide/unhide hidden files and folders. Some types of malware will disable folder options features. If the fixes I have provided are not working, then I suspect the responsible malware is still on your system and stopping the fix.

Its time to have a deeper look as to what malware may be causing your problems by creating and posting a hijackthis log.

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Mayank_n

Mayank_n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 January 2008 - 01:48 AM

Thanx a lot for your support, I will do as instructed and get back to you

Mayank

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 08 January 2008 - 08:03 AM

I see your hijackthis log is posted here and you are already getting assistance.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users