Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Spyware Protect 2009 and Vundo Trojan


  • This topic is locked This topic is locked
13 replies to this topic

#1 chi-girl

chi-girl

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 28 February 2009 - 09:27 PM

Hi,

I appear to be infected with both the Vundo Trojan and Spyware Protect 2009. After countless hours of trying and many failed attempts at fixing myself, I am begging for your help!

I am running Symantec AV, but the Defs were a few days old. (Learned my lesson there, huh.)

Here's what I've done.

1) Updated my Def files and ran Symantec virus scan. It found the spyware and removed it (or so it said.)
2) I tried to manually remove the Spyware instances in the registry.
3) I couldn't get malwarebytes to run (the trojan must be blocking the executable.) I renamed it, booted into safe mode and ran it. If found the Vundo virus, said it fixed it...but nah. Still there.

I cannot get Spybot, SuperAnti Spyware, Malwarebytes...anything to run. (With the exception of malwarebytes in safe mode and renamed.) I can't even get to the websites that allow me to download the files--gives me some nonsense about the website being not available. Thank goodness for two computers...

Anyhow, here I am. My file is probably going to look a little odd because of what I've tried. Just wanted to give you a head's up. May as well own up to it and save the both of us some trouble down the road.

Here goes the DDS.TXT file:

DDS (Ver_09-02-01.01) - NTFSx86
Run by user at 19:53:53.12 on Sat 02/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINDOWS\System32\rconsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\NavNT\SavRoam.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compuware\Vantage Agent\OPTSA.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\WWW.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\svcho.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.att.net
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://my.att.net
uInternet Connection Wizard,ShellNext = hxxp://exchange.********.net/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [rundll32.exe] rundll32.exe "c:\documents and settings\user\application data\macromedia\common\9f54e0141.dll""
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [WWW] c:\windows\WWW.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [vptray] c:\progra~1\navnt\vptray.exe
mRun: [Email-Fix] regedit.exe /s EmailFix.reg
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malware\mbamgui.exe /install /silent
dRun: [rundll32.exe] rundll32.exe "c:\windows\system32\config\systemprofile\application data\macromedia\common\9f54e0141.dll""
uExplorerRun: [svcho] c:\windows\svcho.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\PowerReg SchedulerV2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office xp\office10\OSA.EXE
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)
uPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoWindowsUpdate = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231633192437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 TivoliAP

============= SERVICES / DRIVERS ===============

R1 NHostNT1;NetOp Driver 1 ver. 7.65 (2004342);c:\windows\system32\drivers\NHOSTNT1.SYS [2005-3-30 65808]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2003-8-11 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\navnt\rtvscan.exe [2003-10-7 655482]
R2 RCONSVC;Remote Console;c:\windows\system32\RCONSVC.EXE [2003-4-30 99328]
R2 SAVRoam;SAVRoam;c:\progra~1\navnt\SavRoam.exe [2003-10-7 139264]
R2 VantageAgent;Vantage Agent;c:\program files\compuware\vantage agent\OPTSA.exe [2003-4-30 90112]
R3 Enprobe;Vantage Windows 2000/XP Protocol Driver;c:\windows\system32\drivers\enprobe.sys [2003-4-30 1297743]
R3 NAVAP;NAVAP;c:\progra~1\navnt\NAVAP.sys [2003-8-11 224768]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090228.003\NAVENG.sys [2009-2-28 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090228.003\NAVEX15.sys [2009-2-28 876144]
R3 NHOSTNT3;NetOp Driver 3 ver. 7.65 (2004342) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2005-3-30 3216]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-21 24652]
S3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [2003-4-10 72832]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-3-22 80384]
S3 lcfd;Tivoli Endpoint;c:\program files\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2003-10-8 96256]
S3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mt3d.sys [2003-4-10 41216]

=============== Created Last 30 ================

2009-02-28 19:14 <DIR> --d----- c:\program files\Malware
2009-02-28 18:30 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-28 12:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-28 12:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 12:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 12:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-28 10:26 16,896 a------- c:\windows\syssvc.exe
2009-02-28 10:26 16,896 a------- c:\windows\svcho.exe
2009-02-28 09:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-28 09:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-21 20:09 <DIR> --d----- c:\docume~1\user\applic~1\GARMIN
2009-02-21 20:09 <DIR> --d----- c:\program files\Garmin GPS Plugin
2009-02-21 20:09 <DIR> --d----- c:\program files\Garmin
2009-01-31 10:09 57 a------- c:\windows\TaxACT08.ini
2009-01-31 10:09 <DIR> --d----- c:\program files\2nd Story Software
2009-01-30 11:01 197,976 a----r-- c:\windows\system32\cpnprt2.cid
2009-01-30 11:01 <DIR> --d----- c:\program files\Coupons

==================== Find3M ====================

2009-01-10 19:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2004-05-03 09:47 3,602 a------- c:\program files\INSTALL.LOG
2001-06-20 13:46 161,792 a------- c:\program files\UNWISE.EXE

============= FINISH: 19:54:44.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 11 March 2009 - 02:18 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTListIt2.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTListIt.txt where OTListIt.exe is located.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 chi-girl

chi-girl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 11 March 2009 - 04:37 PM

Hi Panda,

Thanks for replying. I'm not sure if you will be able to help. I'm hoping I'm not your worst nightmare. I actually succeeded in screwing up the computer even more. I decided to try to run Malwarebytes again, this time not in safe mode, and I finally got it to work. I ran it a couple of times until it came out clean. Then I updated and ran Spybot. Life was grand. Then all of a sudden I got hit with another virus (according to Symantec.) This time Virtumondo? Spybot went crazy and I kept saying "no" to the changes that the virus (this type something like Spyware Protect, but a different name) was trying to make. I turned the PC off. (Side bar question...is there something that is on there that is attracting viruses? I've never had problems until this all started. And I'm running Symantec AV behind a firewall--although obviously not a good enough firewall.)

So now, I can no longer even get the OS to load properly. It won't let me boot into Safe Mode, but I can force it by turning off Windows as its loading. (Basically won't except the F8 or F5 keys.) Within regular Windows XP, and within Safe mode, I can log in, but it immediately logs me off. Tried my account, administrator and a hidden adminstator (different name) account. I have the original XP CD, so I tried to run that to fix it (the R option) but it won't accept the admin password, or no password at all. Tried many combinations. I tried to reinstall windows (using the option to fix it) but same deal, it logs me on to log me right off.

I'm at wits end. I'm guessing that there must be some way to fix this. But I'm not sure what it is. I'm almost at the point of re-imaging, but don't want to lose the pictures and so forth. And if I re-image, do you know if the virus will still be on there?

I'm willing to try pretty much anything at this point.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 11 March 2009 - 07:39 PM

Hello.

If this much damage was done, I would suggest a reimage.

We may be able to salvage the data from the disk before hand though.

Do you have a blank CD, a CD burner, an external drive? I'm thinking of burning a bootable disk, then copying files off the harddisk.

With Regards,
The Panda

#5 chi-girl

chi-girl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 11 March 2009 - 07:49 PM

I have a Burner, lots of blank CD's and an external HDD (USB). I've also got a fairly large-capacity USB thumb drive. I can use whichever is easier for you. I have never had the external HDD hooked up to this particular computer...not sure whether or not that matters...just thought I'd throw that out there...in case that's important.

I'm ready to go whenever you are. :thumbup2:

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 12 March 2009 - 07:09 AM

Hello.

Either should work fine, whichever is the most convenient.

Perform these steps on the working, undamaged machine.
  • Please download the Microsoft Diagnostics and Recovery Toolset, and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Follow the onscreen instructions to install the Microsoft Diagnostics and Recovery Toolset.
  • When asked, select "Typical" installation.
  • If on Windows XP, go to Start -> Run, and enter the following into the run dialog and press enter. If on Vista, enter the following into the search box and press enter.
    "%homedrive%\Program Files\Microsoft Diagnostics and Recovery Toolset"
  • Burn the file, ERD50.ISO to your blank CD. Note that you aren't burning the data file to the CD, you need to burn the file as a disk image to the cd. Your favorite CD burning utility should be able to do this. If unsure, see the How to Burn an ISO File Tutorial.
The previous instructions created your very own ERD Commander boot disk, which is able to perform offline System Restore operations. Note that the CD you just burned will cease to work after thirty days.

Perform these instructions from the machine which is not working correctly:
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive. If you are unable to force a CDRom boot, reply with the make and model of your machine and I should be able to get you exact instructions.
  • If you did it correctly, you'll see this at the bottom of your screen:
    Posted Image
    Wait for ERD Commander to start itself.
  • When you see this screen, select your Windows installation by clicking on it once, and pressing OK:
    Posted Image
    (Be patient as the desktop loads. It may take awhile.)
  • Plug in you USB drive. Navigate just like you would in Windows, and copy the data files to the USB drive.
  • Click on Start -> System Tools -> System Restore.
  • Click Next.
  • Select Posted Image and press Next.
  • Choose a restore point taken before your system was unbootable, using the callender and restore point list. Press Next.
  • Press Next.
  • Accept the prompt by pressing Yes. Allow ERD Commander to perform the System Restore.
  • Press Finish.
  • Remove the CD and allow the system to reboot. Windows should begin loading.
Plug in your USB flash drive.

Tell me how it goes. Are you able to boot now on the damaged machine?

----
Back on the clean machine, you may uninstall the Microsoft Diagnostics and Recovery Toolset from Windows XP machines from Start -> Control Panel -> Add/Remove Programs or from Vista machines using Start -> Control Panel -> Uninstall a Program. You may also delete the saved installer for the Microsoft Diagnostics and Recovery Toolset from your desktop now.

With Regards,
The Panda

Edited by PropagandaPanda, 12 March 2009 - 07:09 AM.


#7 chi-girl

chi-girl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 12 March 2009 - 11:40 AM

Hi Panda,

I'm part of the way there! I was able to boot the damaged PC with the CD, and I was able to get the files off. I tried to do a system restore, but there were no system restore points available. (I'm not surprised as I'm pretty sure that it's disabled for that machine.) Either that or something else is going on. The other thing that was odd, is that it failed to load the unboard NIC. It gave me the following message: failed to install network adapter--check winbom. When I was having the logging on, logging on deal, it was giving me a winsock error. I didn't mention it because I didn't think it would help with what we were doing. I can get the exact error message if you think it would be helpful.

So the good news is that I have all my files. The bad news is that I don't have the option to do a system restore.

Thanks!

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 12 March 2009 - 02:29 PM

Hello.

At this point, I would stress a reimage, or reinstall, if that is at all possible.

Even if we were able to restore booting, there is likely damage that cannot be repaired.

With Regards,
The Panda

#9 chi-girl

chi-girl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 12 March 2009 - 03:16 PM

Okay, I'll reimage. Can we leave this open until I see how that goes? I'm concerned about the errors I'm seeing on the NIC. I should be able to get to it today. Once it's on it's way and appears to be working, I'll let you know.

Thanks for all your help in getting the files back. :thumbup2:

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 12 March 2009 - 03:58 PM

Okay, I'll leave this topic open.

The Panda

#11 chi-girl

chi-girl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 12 March 2009 - 05:00 PM

Hi Panda,

The reimage appears to have worked. (Network connection and all.)

Thanks for all of your help! Much appreciated.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 12 March 2009 - 05:08 PM

Glad we could help.

Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.
Do you have any questions or concerns?

With Regards,
The Panda

#13 chi-girl

chi-girl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 12 March 2009 - 05:56 PM

Hi Panda,

I think I'm good. :)

I learned my lesson. No more trusting my just my AV software and router firewall to keep me protected. It's rough out there. :thumbup2:

Take care and thanks again!

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 12 March 2009 - 07:19 PM

Welcome :thumbup2: .

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users