Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe I Have A Virtumundo Trojan Or Other Spyware


  • This topic is locked This topic is locked
2 replies to this topic

#1 jpcan

jpcan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 19 February 2008 - 10:18 PM

Hello,

Sorry about this but I have no clue how to fix my computer. I have some spyware/trojan on my computer. I've run the Vundo and VirtuMundoBeGone free removal tools that I found on this site. Also, I have Trend Micro Antivirus Software that is up to date, but cannot remove the program(s). The pop-ups have stopped but it is still running a lot of programs that I have been turning off through taskmanager. They're not on the log, because I stopped them to run the HiJackThis tool.

Some of the programs are:
ctfmon.exe
svchost.exe
spool32.exe
MDM.exe

and there is one that pops up right before another process would turn on and it starts with vic(I think something like that). I'm posting the log and also the VirtuMundoBeGone log. Thanks alot for all of your help.

-JP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:03 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {421398E2-5957-2ADC-0213-5300BCBCDFBB} - C:\WINDOWS\system32\kvjndn.dll (file missing)
O2 - BHO: (no name) - {4643CCE5-0702-2C8B-0213-5300BCBD88BE} - C:\WINDOWS\system32\inaso.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AB6AFDE9-57FA-4EE9-863F-3235AA0D27B9} - C:\Program Files\Online Services\rety89104.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {C485ABF4-587C-4D50-A77E-1EEDEF67F937} - C:\WINDOWS\system32\wvuts.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKCU\..\Run: [Rvws] C:\WINDOWS\?racle\??ool32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\DOBE~1\dllhost.exe" -vt ndrv
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6269 bytes


[02/19/2008, 18:31:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" )
[02/19/2008, 18:31:12] - Detected System Information:
[02/19/2008, 18:31:12] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2008, 18:31:12] - Current Username: Owner (Admin)
[02/19/2008, 18:31:12] - Windows is in SAFE mode.
[02/19/2008, 18:31:12] - Searching for Browser Helper Objects:
[02/19/2008, 18:31:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/19/2008, 18:31:12] - BHO 2: {421398E2-5957-2ADC-0213-5300BCBCDFBB} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\kvjndn
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\kvjndn, continuing.
[02/19/2008, 18:31:12] - BHO 3: {4643CCE5-0702-2C8B-0213-5300BCBD88BE} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\inaso
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\inaso, continuing.
[02/19/2008, 18:31:12] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/19/2008, 18:31:12] - BHO 5: {AB6AFDE9-57FA-4EE9-863F-3235AA0D27B9} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\rety89104
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\rety89104, continuing.
[02/19/2008, 18:31:12] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/19/2008, 18:31:12] - BHO 7: {C485ABF4-587C-4D50-A77E-1EEDEF67F937} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\wvuts
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\wvuts, continuing.
[02/19/2008, 18:31:12] - BHO 8: {E180F496-8A4B-44E2-9FE0-0364E345DB7F} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\hggdbcc
[02/19/2008, 18:31:12] - Found: HKLM\...\Winlogon\Notify\hggdbcc - This is probably Virtumundo.
[02/19/2008, 18:31:12] - Assigning {E180F496-8A4B-44E2-9FE0-0364E345DB7F} MSEvents Object
[02/19/2008, 18:31:12] - BHO list has been changed! Starting over...
[02/19/2008, 18:31:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/19/2008, 18:31:12] - BHO 2: {421398E2-5957-2ADC-0213-5300BCBCDFBB} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\kvjndn
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\kvjndn, continuing.
[02/19/2008, 18:31:12] - BHO 3: {4643CCE5-0702-2C8B-0213-5300BCBD88BE} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\inaso
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\inaso, continuing.
[02/19/2008, 18:31:12] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/19/2008, 18:31:12] - BHO 5: {AB6AFDE9-57FA-4EE9-863F-3235AA0D27B9} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\rety89104
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\rety89104, continuing.
[02/19/2008, 18:31:12] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/19/2008, 18:31:12] - BHO 7: {C485ABF4-587C-4D50-A77E-1EEDEF67F937} ()
[02/19/2008, 18:31:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:12] - Checking for HKLM\...\Winlogon\Notify\wvuts
[02/19/2008, 18:31:12] - Key not found: HKLM\...\Winlogon\Notify\wvuts, continuing.
[02/19/2008, 18:31:12] - BHO 8: {E180F496-8A4B-44E2-9FE0-0364E345DB7F} (MSEvents Object)
[02/19/2008, 18:31:12] - ALERT: Found MSEvents Object!
[02/19/2008, 18:31:12] - Finished Searching Browser Helper Objects
[02/19/2008, 18:31:12] - *** Detected MSEvents Object
[02/19/2008, 18:31:12] - Trying to remove MSEvents Object...
[02/19/2008, 18:31:13] - Terminating Process: IEXPLORE.EXE
[02/19/2008, 18:31:13] - Terminating Process: RUNDLL32.EXE
[02/19/2008, 18:31:13] - Disabling Automatic Shell Restart
[02/19/2008, 18:31:13] - Terminating Process: EXPLORER.EXE
[02/19/2008, 18:31:13] - Suspending the NT Session Manager System Service
[02/19/2008, 18:31:13] - Terminating Windows NT Logon/Logoff Manager
[02/19/2008, 18:31:13] - Re-enabling Automatic Shell Restart
[02/19/2008, 18:31:13] - File to disable: C:\WINDOWS\system32\hggdbcc.dll
[02/19/2008, 18:31:13] - Removing HKLM\...\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
[02/19/2008, 18:31:13] - Removing HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
[02/19/2008, 18:31:13] - Adding Kill Bit for ActiveX for GUID: {E180F496-8A4B-44E2-9FE0-0364E345DB7F}
[02/19/2008, 18:31:13] - Deleting ATLEvents/MSEvents Registry entries
[02/19/2008, 18:31:13] - Removing HKLM\...\Winlogon\Notify\hggdbcc
[02/19/2008, 18:31:13] - Searching for Browser Helper Objects:
[02/19/2008, 18:31:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/19/2008, 18:31:13] - BHO 2: {421398E2-5957-2ADC-0213-5300BCBCDFBB} ()
[02/19/2008, 18:31:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:13] - Checking for HKLM\...\Winlogon\Notify\kvjndn
[02/19/2008, 18:31:13] - Key not found: HKLM\...\Winlogon\Notify\kvjndn, continuing.
[02/19/2008, 18:31:13] - BHO 3: {4643CCE5-0702-2C8B-0213-5300BCBD88BE} ()
[02/19/2008, 18:31:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:13] - Checking for HKLM\...\Winlogon\Notify\inaso
[02/19/2008, 18:31:13] - Key not found: HKLM\...\Winlogon\Notify\inaso, continuing.
[02/19/2008, 18:31:13] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/19/2008, 18:31:13] - BHO 5: {AB6AFDE9-57FA-4EE9-863F-3235AA0D27B9} ()
[02/19/2008, 18:31:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:13] - Checking for HKLM\...\Winlogon\Notify\rety89104
[02/19/2008, 18:31:13] - Key not found: HKLM\...\Winlogon\Notify\rety89104, continuing.
[02/19/2008, 18:31:13] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/19/2008, 18:31:13] - BHO 7: {C485ABF4-587C-4D50-A77E-1EEDEF67F937} ()
[02/19/2008, 18:31:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:31:13] - Checking for HKLM\...\Winlogon\Notify\wvuts
[02/19/2008, 18:31:13] - Key not found: HKLM\...\Winlogon\Notify\wvuts, continuing.
[02/19/2008, 18:31:13] - Finished Searching Browser Helper Objects
[02/19/2008, 18:31:13] - Finishing up...
[02/19/2008, 18:31:13] - A restart is needed.
[02/19/2008, 18:31:22] - Attempting to Restart via STOP error (Blue Screen!)

[02/19/2008, 18:33:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" )
[02/19/2008, 18:33:38] - Detected System Information:
[02/19/2008, 18:33:38] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2008, 18:33:38] - Current Username: Owner (Admin)
[02/19/2008, 18:33:38] - Windows is in SAFE mode.
[02/19/2008, 18:33:38] - Searching for Browser Helper Objects:
[02/19/2008, 18:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/19/2008, 18:33:38] - BHO 2: {421398E2-5957-2ADC-0213-5300BCBCDFBB} ()
[02/19/2008, 18:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:33:38] - Checking for HKLM\...\Winlogon\Notify\kvjndn
[02/19/2008, 18:33:38] - Key not found: HKLM\...\Winlogon\Notify\kvjndn, continuing.
[02/19/2008, 18:33:38] - BHO 3: {4643CCE5-0702-2C8B-0213-5300BCBD88BE} ()
[02/19/2008, 18:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:33:38] - Checking for HKLM\...\Winlogon\Notify\inaso
[02/19/2008, 18:33:38] - Key not found: HKLM\...\Winlogon\Notify\inaso, continuing.
[02/19/2008, 18:33:38] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/19/2008, 18:33:38] - BHO 5: {AB6AFDE9-57FA-4EE9-863F-3235AA0D27B9} ()
[02/19/2008, 18:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:33:38] - Checking for HKLM\...\Winlogon\Notify\rety89104
[02/19/2008, 18:33:38] - Key not found: HKLM\...\Winlogon\Notify\rety89104, continuing.
[02/19/2008, 18:33:38] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/19/2008, 18:33:38] - BHO 7: {C485ABF4-587C-4D50-A77E-1EEDEF67F937} ()
[02/19/2008, 18:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 18:33:38] - Checking for HKLM\...\Winlogon\Notify\wvuts
[02/19/2008, 18:33:38] - Key not found: HKLM\...\Winlogon\Notify\wvuts, continuing.
[02/19/2008, 18:33:38] - Finished Searching Browser Helper Objects
[02/19/2008, 18:33:38] - Finishing up...
[02/19/2008, 18:33:38] - Nothing found! Exiting...

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:29 AM

Posted 23 February 2008 - 05:20 PM

Hello jpcan,


We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Trend Micro Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.


To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts



Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to install the Windows XP Recovery Console in case you have not installed it yet. <== IMPORTANT

Post the ComboFix log.

Edited by SifuMike, 23 February 2008 - 05:20 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:29 AM

Posted 05 March 2008 - 02:48 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users