Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virtumonde and smitfraud


  • This topic is locked This topic is locked
2 replies to this topic

#1 smashing

smashing

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 09 February 2009 - 07:06 AM

Hi there,

Have just picked up the virtumonde and smitfraud malwares 3 days ago. Have tried SpyBot, Symantec and Trend House Call but none were able to fully remove the malwares successfully. Upon startup my desktop background is now blue (this happened after i used Smitfraudfix.exe) and Windows Automatic Update is disabled and cannot be enabled. Also when shutting down or rebooting the explorer.exe is always slow to end. Have also run several Hijackthis scans and uploaded logs to the hijackthis.de site. This resulted in the removal of O4 - HKLM\..\Run: [4805f234] rundll32.exe "C:\WINDOWS\system32\jrfohgux.dll",b but did not remove the malware. The malware has also affected the operation of my firefox browser, preventing it from opening download windows, or file upload windows.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Byron at 22:53:56.00 on Mon 09/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2558.1926 [GMT 11:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)
FW: Symantec Endpoint Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Byron\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {19DCF5B0-820D-4D47-8138-974848A5B719} - No File
BHO: {2C0C178E-D79F-4899-8B5D-F5C2CDA5455D} - No File
BHO: {36AC1C8B-4786-478C-A57B-24E9CE463549} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {656BF129-67E2-488B-ADC1-9ED2E6D69038} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnnNfGA.dll
BHO: {72EF342C-7809-4519-B6D7-CA0881220CE9} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {929bb64a-9fc2-45af-a61a-e0f35c0ece39} - c:\windows\system32\fcccyWoo.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Audio Kontrol 1] c:\program files\native instruments\audio kontrol 1\Audio Kontrol 1.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless G DWA-110] c:\program files\d-link\d-link wireless g dwa-110\AirGCFG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1234150915681&h=24c94c548487ef799dd012299f9ba682/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: pmnnNfGA - pmnnNfGA.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnnNfGA.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fcccyWoo

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\byron\applic~1\mozilla\firefox\profiles\s3cxy24s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.abc.net.au/news/

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
R3 ak1avs;ak1avs;c:\windows\system32\drivers\ak1avs.sys [2009-2-7 25088]
R3 ak1usb;ak1usb;c:\windows\system32\drivers\ak1usb.sys [2009-2-7 84992]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-7 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090208.022\NAVENG.SYS [2009-2-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090208.022\NAVEX15.SYS [2009-2-9 876112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-02-09 22:22 2,268 a------- c:\windows\system32\tmp.reg
2009-02-09 19:45 381,490 a--sh--- c:\windows\system32\ooWycccf.ini2
2009-02-09 19:00 <DIR> --d----- c:\windows\pss
2009-02-09 17:42 120 ---sh--- c:\windows\system32\euoqxewr.ini
2009-02-09 17:42 68,608 a------- c:\windows\system32\rwexqoue.dll
2009-02-09 14:56 <DIR> --d----- c:\documents and settings\byron\.housecall6.6
2009-02-09 14:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-09 14:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 10:30 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-02-09 10:30 1,080 a------- c:\windows\system32\settings.sfm
2009-02-09 10:29 <DIR> --d----- c:\program files\Trend Micro
2009-02-09 10:28 812,344 a------- c:\program files\HJTInstall.exe
2009-02-08 17:43 120 ---sh--- c:\windows\system32\aliyshae.ini
2009-02-08 17:43 68,608 a------- c:\windows\system32\eahsyila.dll
2009-02-07 18:21 95 a------- c:\windows\wininit.ini
2009-02-07 17:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-07 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-07 17:44 16,409,960 a------- c:\program files\spybotsd162.exe
2009-02-07 17:40 381,490 a--sh--- c:\windows\system32\ooWycccf.ini
2009-02-07 17:40 236,032 a------- c:\windows\system32\fcccyWoo.dll
2009-02-07 17:35 49,664 a------- c:\windows\system32\pmnnNfGA.dll
2009-02-07 17:21 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-02-07 17:21 225,280 a------- c:\windows\system32\ReWire.dll
2009-02-07 17:21 <DIR> --d----- c:\docume~1\byron\applic~1\Propellerhead Software
2009-02-07 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Propellerhead Software
2009-02-07 15:33 376 a------- c:\windows\ODBC.INI
2009-02-07 15:32 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-02-07 15:31 <DIR> --d----- c:\windows\ShellNew
2009-02-07 15:31 <DIR> --d----- c:\program files\common files\ODBC
2009-02-07 15:21 30,120 a------- c:\windows\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-02-07 15:21 30,120 a------- c:\windows\system32\BMXState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-02-07 15:21 27,408 a------- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-02-07 15:21 27,408 a------- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-02-07 15:21 11,564 a------- c:\windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-02-07 15:20 3,162,278 a------- c:\windows\{00000002-00000000-00000000-00001102-00000004-00511102}.BAK
2009-02-07 15:17 91,008 a------- c:\windows\system32\drivers\SysPlant.sys
2009-02-07 15:16 136,496 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-07 15:16 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-07 15:16 10,652 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-07 15:16 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-07 15:16 1,060,864 a------- c:\windows\system32\MFC71.DLL
2009-02-07 15:16 503,808 a------- c:\windows\system32\MSVCP71.DLL
2009-02-07 15:16 348,160 a------- c:\windows\system32\MSVCR71.DLL
2009-02-07 15:16 <DIR> --d----- c:\program files\Symantec
2009-02-07 15:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-07 15:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-02-07 15:15 4,174,814 -------- c:\windows\system32\CT4MGM.SF2
2009-02-07 15:15 <DIR> --d----- c:\windows\system32\Defaults
2009-02-07 15:14 10,624 ac------ c:\windows\system32\dllcache\gameenum.sys
2009-02-07 15:14 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-02-07 15:14 <DIR> --d----- c:\program files\Creative
2009-02-07 15:14 3,162,278 a------- c:\windows\{00000002-00000000-00000000-00001102-00000004-00511102}.CDF
2009-02-07 15:14 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-02-07 15:14 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-02-07 15:13 <DIR> --d----- c:\windows\system32\Data
2009-02-07 15:06 <DIR> --d----- C:\HP
2009-02-07 14:53 <DIR> --d----- c:\program files\common files\Native Instruments
2009-02-07 14:52 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-02-07 14:52 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-02-07 14:52 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-02-07 14:52 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-02-07 14:52 129,536 a------- c:\windows\system32\ksproxy.ax
2009-02-07 14:52 4,096 a------- c:\windows\system32\ksuser.dll
2009-02-07 14:52 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-02-07 14:52 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-02-07 14:52 84,992 a------- c:\windows\system32\drivers\ak1usb.sys
2009-02-07 14:52 25,088 a------- c:\windows\system32\drivers\ak1avs.sys
2009-02-07 14:52 <DIR> --d----- c:\program files\Native Instruments
2009-02-07 14:47 7 a------- c:\windows\system32\ANIWZCSUSERNAME
2009-02-07 14:44 6 a------- c:\windows\system32\ANIWZCSUSERNAME{CDA821EF-AC48-4CDF-8487-DD769C850746}
2009-02-07 14:44 1,327,189 a------- c:\windows\system32\odSupp_M.dll
2009-02-07 14:44 667,648 a------- c:\windows\system32\ANIWZCS2.dll
2009-02-07 14:44 249,856 a------- c:\windows\system32\wnicapi.dll
2009-02-07 14:44 225,280 a------- c:\windows\system32\WlanApp.dll
2009-02-07 14:44 204,800 a------- c:\windows\system32\aIPH.dll
2009-02-07 14:44 49,152 a------- c:\windows\system32\JJAKEn.dll
2009-02-07 14:44 49,152 a------- c:\windows\system32\AQCKGen.dll
2009-02-07 14:44 45,115 a------- c:\windows\system32\ANICtl.dll
2009-02-07 14:43 48,128 a------- c:\windows\system32\ANIO64.sys
2009-02-07 14:43 36,864 a------- c:\windows\system32\ANIOApi.dll
2009-02-07 14:43 28,195 a------- c:\windows\system32\ANIO.sys
2009-02-07 14:43 16,997 a------- c:\windows\system32\ANIO.VXD
2009-02-07 14:43 11,904 a------- c:\windows\system32\anio4.sys
2009-02-07 14:43 <DIR> --d----- c:\program files\ANI
2009-02-07 14:43 429,440 a------- c:\windows\system32\drivers\Dr71WU.sys
2009-02-07 14:43 <DIR> --d----- c:\program files\D-Link
2009-02-07 14:41 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-02-07 14:41 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-07 14:40 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-02-07 14:40 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-06 09:17 176,128 a------- c:\windows\system32\nvudisp.exe
2009-02-06 09:17 14,435 a------- c:\windows\system32\nvdisp.nvu
2009-02-06 09:17 <DIR> --d----- c:\windows\nview
2009-02-05 16:07 <DIR> --d----- c:\windows\system32\scripting
2009-02-05 16:07 <DIR> --d----- c:\windows\system32\en
2009-02-05 16:07 <DIR> --d----- c:\windows\system32\bits
2009-02-05 16:07 <DIR> --d----- c:\windows\l2schemas
2009-02-05 16:06 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-05 16:03 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-04 13:00 <DIR> --d----- c:\windows\network diagnostic
2009-02-04 03:00 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-04 03:00 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-02-04 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-02-04 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-03 10:51 <DIR> --d----- c:\windows\Downloaded Installations
2009-02-03 10:51 <DIR> --d----- c:\program files\HP
2009-02-03 10:28 13,646 a------- c:\windows\system32\wpa.bak
2009-02-03 10:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-03 09:45 <DIR> --d----- c:\documents and settings\Byron
2009-02-03 09:36 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-03 09:33 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-03 02:35 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-02-03 02:34 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-02-03 02:34 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-02-03 02:34 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2009-02-03 02:34 74,240 a------- c:\windows\system32\usbui.dll
2009-02-03 02:32 605,050 ac------ c:\windows\system32\dllcache\r1033tts.lxa
2009-02-03 02:32 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-02-03 02:32 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-02-03 02:31 <DIR> --d----- C:\Documents and Settings
2009-02-03 02:30 261 a------- c:\windows\system32\$winnt$.inf
2009-02-02 16:50 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-02 16:48 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-02 16:47 <DIR> --d----- c:\program files\Online Services
2009-02-02 16:47 <DIR> --d----- c:\program files\Messenger
2009-02-02 16:47 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-02 16:46 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-02-09 10:54 194,838 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-05 16:08 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-02 16:47 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-20 20:44 149,760 a------- c:\windows\system32\drivers\WpsHelper.sys
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe

============= FINISH: 22:54:54.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 20 February 2009 - 01:56 PM

Hello smashing,

I apologise for the delay the forum is busy.

I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
  • If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 25 February 2009 - 01:27 PM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users