Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heur trojan?


  • Please log in to reply
1 reply to this topic

#1 riddlerrob

riddlerrob

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 02 March 2009 - 05:53 PM

Recently I was infected with the Virtumonde trojan, and I've dealt with it a few times so I knew how to remove it. I did successfully remove it (I think.. nothing is picking it up), but now I'm seeing something I've never seen before. AVG pops up alot saying it's HEUR. What do I do?


DDS (Ver_09-02-01.01) - NTFSx86
Run by Rob at 17:49:12.14 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.233 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
svchost.exe C:\WINDOWS\TEMP\VRT4.tmp
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe C:\WINDOWS\TEMP\VRT26.tmp
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Rob\Desktop\dds.scr
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.aim.com/redirects/inclient/vec.adp
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MagicSpeed] c:\program files\samsungodd\magic speed\MagicSL.exe /autorun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [DPAgnt] c:\program files\digitalpersona\bin\DPAgnt.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [vxvetszl.exe] c:\windows\vxvetszl.exe
dRun: [vxkaqxbw.exe] c:\windows\vxkaqxbw.exe
StartupFolder: c:\docume~1\rob\startm~1\programs\startup\allian~1.lnk - c:\program files\alliance\Alliance.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\waz\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: precisionlabelcorp.com\gateway
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197033615750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: DPWLN - c:\windows\system32\DPWLEvHd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ApiSet - {199ADEDB-5F15-10C7-9700-0663A13EA9DF} - c:\program files\geshpef\ApiSet.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rob\applic~1\mozilla\firefox\profiles\ct4rixif.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q=
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\ct4rixif.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-6 27656]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-27 298264]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2007-12-2 49152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 113664]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2006-9-16 35584]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);c:\windows\system32\drivers\hcwPVRP2.sys [2007-12-6 806464]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S2 gupdate1c95288e6b8dbde;Google Update Service (gupdate1c95288e6b8dbde);c:\program files\google\update\GoogleUpdate.exe [2008-11-29 133104]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2007-12-2 240384]
S3 restore;restore;c:\windows\system32\drivers\restore.sys [2009-3-2 136128]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-03-02 17:40 136,128 a------- c:\windows\system32\drivers\ethtvwjr.sys
2009-03-02 17:40 47,616 a------- c:\documents and settings\rob\reader_s.exe
2009-03-02 17:40 11,776 a------- c:\windows\vxkaqxbw.exe
2009-03-02 17:40 24,577 a------- c:\windows\system32\29.tmp
2009-03-02 17:38 162,816 a------- c:\windows\system32\28.tmp
2009-03-02 17:38 124 a------- c:\windows\system32\27.tmp
2009-03-02 17:28 <DIR> --d----- c:\program files\XoftSpySE
2009-03-02 17:19 47,616 a------- c:\windows\system32\reader_s.exe
2009-03-02 17:19 0 a------- c:\windows\system32\10.tmp
2009-03-02 17:19 136,128 a------- c:\windows\system32\drivers\restore.sys
2009-03-02 17:19 11,776 a------- c:\windows\vxvetszl.exe
2009-03-02 17:19 24,577 a------- c:\windows\system32\E.tmp
2009-03-02 17:16 162,816 a------- c:\windows\system32\9.tmp
2009-03-02 17:16 124 a------- c:\windows\system32\8.tmp
2009-03-01 21:29 124 a------- c:\windows\system32\A.tmp
2009-03-01 21:15 64,512 a------- c:\windows\system32\hhupd.exe
2009-03-01 21:13 124 a------- c:\windows\system32\6.tmp
2009-03-01 20:54 124 a------- c:\windows\system32\7.tmp
2009-03-01 19:59 24,577 a------- c:\windows\system32\37.tmp
2009-03-01 19:59 67,585 a------- c:\windows\system32\36.tmp
2009-03-01 19:59 124 a------- c:\windows\system32\5.tmp
2009-03-01 19:48 64,512 a------- c:\windows\system32\vmware-ufad.exe
2009-03-01 19:48 24,577 a------- c:\windows\system32\35.tmp
2009-03-01 19:47 67,585 a------- c:\windows\system32\34.tmp
2009-03-01 19:46 124 a------- c:\windows\system32\2.tmp
2009-03-01 18:46 676,352 a------- c:\windows\system32\rtl60.bpl
2009-03-01 18:46 406,016 a------- c:\windows\system32\tmpxccacj0.ex_
2009-03-01 18:46 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-03-01 18:45 38,913 a------- c:\windows\services.ex_
2009-03-01 18:44 0 a------- c:\windows\system32\646.tmp
2009-03-01 18:44 64,000 a------- c:\windows\system32\i386kd.exe
2009-03-01 18:44 38,913 a------- c:\windows\system32\644.tmp
2009-03-01 18:43 <DIR> --d----- c:\docume~1\rob\applic~1\comidle
2009-03-01 18:43 155,114 a------- c:\windows\system\xccef090131.exe
2009-03-01 18:43 <DIR> --d----- c:\windows\system32\inf
2009-03-01 18:43 67,585 a------- c:\windows\system32\639.tmp
2009-03-01 18:43 124 a------- c:\windows\system32\636.tmp
2009-02-21 23:34 <DIR> --d----- c:\docume~1\rob\applic~1\Windows Search
2009-02-21 18:32 <DIR> --d----- c:\windows\system32\Adobe
2009-02-06 19:29 <DIR> --d----- c:\program files\Jackpot Capital

==================== Find3M ====================

2009-03-01 22:05 1,660 a------- c:\windows\bthservsdp.dat
2009-03-01 18:46 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-01-31 11:35 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-01-31 11:34 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-28 20:20 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-28 20:20 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-17 01:01 432,664 a------- c:\windows\system32\LVUI2RC.dll
2008-12-17 01:00 494,104 a------- c:\windows\system32\LVUI2.dll
2008-12-17 00:55 195,096 a------- c:\windows\system32\lvci11901262.dll
2008-12-17 00:55 416,280 a------- c:\windows\system32\lvcodec2.dll
2008-12-17 00:37 29,562 a------- c:\windows\system32\Repository.reg
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-09-21 14:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 17:49:56.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:44 PM

Posted 03 March 2009 - 05:02 PM

Hello Riddlerrob,

I'm afraid I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users