Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Guard 2008


  • Please log in to reply
33 replies to this topic

#1 Dodgermel

Dodgermel

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 28 December 2008 - 04:32 PM

Hi eveyone.
I have a continuous Spyware Guard 2008 popup.
Cannot get into IE as a popup gives me the option to Activate the program or proceed without protection.
I choose no protection and I get "Explorer has encountered a problem and needs to close
Windows Defender comes up with a warning from time to time..WIN32 \fakespyguard.
remove all option is chosen but it will reoccur.
Have Malwarebytes but it will not run
Adaware has been run several times and is clear now.
cannot do an update as it says there is no connection to download server.
Have removed Spyguard from Startup but it reappears.
Spybot search and destroy wont run.
Hijack this does work though if you need a log.
A rundll error comes up on reboot Error loadingC:\WINDOWS\system32\hemenozu.dll specified module could not be found
I am tapping to you on another computer as I have no IE access on the other one as mentioned
Please take a breath after reading my long winded entry.
I look forward to your assistance.
Kind regards
Dodgermel

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 28 December 2008 - 05:52 PM

Hi let's start here.
Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.


For the dll error please see quietmn7's ,Post #2 here about Rundlll and autoruns.
http://www.bleepingcomputer.com/forums/ind...amp;hl=autorubs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 28 December 2008 - 07:57 PM

Thank you for the quick response Boop me
It loaded ok without any change needed, so tried changing in program files after it wouldn't open.
Changed .exe to all the suggestions one after the other and it came up with Windows Explorer has encountered a problem and needs to close for every attempt
??

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 28 December 2008 - 08:45 PM

OK then perhaps we can start this way then.

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Next run SAS:
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 28 December 2008 - 09:11 PM

Before I do any of you suggestions, I was just about to send an update to you.

I kept trying to open Malwarebytes, and on one attempt I noticed that even though nothing was happening on screen, that in Task Manager there were still two Mbam processes open.

So...I walked away to resist the temptation to click on anything, as it was apparently running a lot slower than I had imagined.

It finally did open, I did an update, ran the scan and it deleted all the found items.

I am very pleased to say that I am replying on the problem computer (and it feels great!!!! :thumbsup: )

I thought it best to let you know all this first before going ahead with any of your latest suggestions

The log is as follows.

Malwarebytes' Anti-Malware 1.31
Database version: 1564
Windows 5.1.2600 Service Pack 3

29/12/2008 12:44:44 PM
mbam-log-2008-12-29 (12-44-40).txt

Scan type: Quick Scan
Objects scanned: 41781
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 14
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 35

Memory Processes Infected:
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\tztfdmfxay.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Ulanariveha.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af3b5869-237d-4d3f-a944-4674850711d7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af3b5869-237d-4d3f-a944-4674850711d7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{18e5c973-d0c9-4bee-937a-cefa352a2e51} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77d74062-288c-4ea7-a7be-813a32c740d1} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sopofuroyo (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\iemodule (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\internetconnection (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ycayupohofusocac (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.Spyguard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SYSTEM.rt32 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\tztfdmfxay.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Ulanariveha.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> No action taken.
C:\WINDOWS\system32\TDSSarxx.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSnvuv.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSoity.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSvoql.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSmplt.sys (Trojan.TDSS) -> No action taken.
C:\gschgm.exe (Trojan.Downloader) -> No action taken.
C:\ocjn.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\temp\TDSS1222.tmp (Trojan.TDSS) -> No action taken.
C:\WINDOWS\temp\TDSS2cdd.tmp (Trojan.TDSS) -> No action taken.
C:\WINDOWS\temp\TDSS35c.tmp (Trojan.TDSS) -> No action taken.
C:\WINDOWS\temp\TDSSa03.tmp (Trojan.TDSS) -> No action taken.
C:\WINDOWS\temp\TDSSfdaf.tmp (Trojan.TDSS) -> No action taken.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\mlJDtRJy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> No action taken.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 28 December 2008 - 09:43 PM

Hi Ok that's good. The malware is fighting the tools. They are getting nastier.
Two things. the "No Action Taken " reply may be the result of Not having clicked the remove selected button.

So do this....

Open MBAM and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot.

Then run the ATF and SAS,post the SAS log also. You have a couple serious infections there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 December 2008 - 01:11 AM

OK,
I noticed the no action taken myself, and was sure I had selected remove all.

There was originally 60 plus as I mentioned earlier, but only a handful when I ran it again.
Ran it a 3rd time to make sure there were none left.

I have included both logs below.

Ran ATS and it did its thing.

Ran SAS which took the longest and found 61 files.

In the scan log there are none to select for inclusion in my post.

I looked in the Applogs file in SAS and there were two files there, both were .SDB files that I was unable to open and attach for you.



First re run of Malwarebytes

Malwarebytes' Anti-Malware 1.31
Database version: 1564
Windows 5.1.2600 Service Pack 3

29/12/2008 2:22:54 PM
mbam-log-2008-12-29 (14-22-54).txt

Scan type: Quick Scan
Objects scanned: 55590
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ycayupohofusocac (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\temp\TDSS428f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\TDSS4389.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\TDSSf320.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.


END..........................................


last run of Malwarebytes

Malwarebytes' Anti-Malware 1.31
Database version: 1564
Windows 5.1.2600 Service Pack 3

29/12/2008 2:25:50 PM
mbam-log-2008-12-29 (14-25-50).txt

Scan type: Quick Scan
Objects scanned: 55611
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 29 December 2008 - 01:20 PM

Hi well this is a great impeovement. But as to the types of malware found i think we still need wo more scans..
I not sure if you ran the SAS and ATF yet so if not please do them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 December 2008 - 03:54 PM

Hi,

I haven't worked out how to do a "quote" yet.

The results of those two scans are mentioned at the top of the post.

Would you like me to do them again?

Dodger

#10 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 December 2008 - 04:04 PM

Ran ATS and it did its thing.

Ran SAS which took the longest and found 61 files.

In the scan log there are none to select for inclusion in my post.

I looked in the Applogs file in SAS and there were two files there, both were .SDB files that I was unable to open and attach for you.


As my Father used to say

"When all else fails....read the Instructions"

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 29 December 2008 - 04:11 PM

it's all live and learn here.. Do a reboot and see if the SAAS log comes back. Some times that happens.
Also how is the machine now any pop ups or errors?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 December 2008 - 04:23 PM

No Appslogs folder there to check now?

Did a search for .sdb files and found nothing related to SAS at all

No pop ups at all

No Errors coming up.

Should I run it again in safe mode for you?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 29 December 2008 - 04:32 PM

Please, :thumbsup: your a nice person.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Dodgermel

Dodgermel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 December 2008 - 06:38 PM

Thank you,

All done

ATS did its thing again.

Sas did the same, finding no threats at all

I guess no log file as a result?

Couldn't fine one anyway.

Your thoughts from here?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 PM

Posted 29 December 2008 - 06:49 PM

Hi, this is progress. Tho unfortunately I'm confident we still have more in there. So we will beat them down with...


Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users