Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I give up.


  • Please log in to reply
14 replies to this topic

#1 _53V3N_

_53V3N_

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 13 March 2009 - 06:21 PM

Windows XP Home.

Firefox (latest version).

Getting the same re-directs through google search results as so many others here. I've tried following the advice in other threads so I wouldn't have to bother you with my problem but I'm not having any luck.

Thank you ever so much for any help you can provide.

I will patiently await your instructions.
Everything is relative said the speed of light...

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 AM

Posted 13 March 2009 - 07:41 PM

Well we can only star with a description of wherea re you being sent . I is common? Have you noticed if the searches include goored, zfsearch.com or goougly.com
Perhaps an MBAM scan will give us a clue.

Next run MBAM:
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 13 March 2009 - 07:49 PM

Some of the re-direct info that appears in the progress bar at the bottom of the browser window:

siteik.com

js.doubleclick.net

First MBAM scan results:

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/13/2009 4:41:05 PM
mbam-log-2009-03-13 (16-41-05).txt

Scan type: Quick Scan
Objects scanned: 68814
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.206,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.206,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.206,85.255.112.116 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Start Menu\Programs\WatchFree (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

***With the following error messages during the actual cleanup process***

Posted Image

Posted Image


Because of the error messages I ran the scan again after re-booting and it came up clean though the symptoms persist.
Everything is relative said the speed of light...

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 AM

Posted 13 March 2009 - 08:09 PM

Hello the MBAM is alittle outdated, to be sure Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

The first image has me concerned.

Now do a search your drive for ctfmon.exe files on your PC.
Next upload the file(s) toVirus Total
Post there reply here,thanks.

Edited by boopme, 13 March 2009 - 08:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 13 March 2009 - 08:42 PM

Not sure what you mean by outdated. The application and the definition file came from your post.

I am unable to perform an update via the software itself though it appeared that the manual update of the definitions was successful. I re-downloaded the software from cnet and got it to install after changing the name of the setup file but now the executable will not launch (even after changing the name).

For the time being I cannot get MBAM to launch.

I'm going to go ahead and continue with your second request.

3 ctfmon.exe files were found on my computer. I scanned all three and the reports appeared to be identical.


File size: 15360 bytes
MD5...: 24232996a38c0b0cf151c2140ae29fc8
SHA1..: b36d03b56a30187ffc6257459d632a4faac48af2
SHA256: d2fed8ccae118f06fd948a4b12445aa8c29a3e7bb5b6fe90970fbc27f426f0b0
SHA512: c7b855a664d3359c041c68dffe75c118f9b6cef6c91f150686fb51ad63c1b7da
a1b37c0a5de04ec078646f83a2bdea695d7d5e283e651135624208c04dc1cab1
ssdeep: 384:3Ax107NY8MPTIaW7/l9lNgRdJSW781gW:3AwpITIaWh9gn+1
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x41107bfa (Wed Aug 04 06:02:34 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 e75af9431e119ddb814611dfdeca25c1
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x880 0xa00 3.86 32c660509abcbefb521d4bd2b88fe0fc

( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar


Thank you for your help.


edit: I just got MBAM to run and here are the scan results:


Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/13/2009 7:03:08 PM
mbam-log-2009-03-13 (19-03-08).txt

Scan type: Quick Scan
Objects scanned: 68854
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by _53V3N_, 13 March 2009 - 09:04 PM.

Everything is relative said the speed of light...

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 AM

Posted 13 March 2009 - 09:19 PM

You are showing signs of a VIrut infection.. Mbam' s database is at 1848. things like the inability to update and the memory error earlier are leading me.
Please do an online scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 13 March 2009 - 09:52 PM

I've tried twice to perform that scan and both times I get the following message:

Posted Image
Everything is relative said the speed of light...

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 AM

Posted 14 March 2009 - 09:59 AM

Hello again. i am almost certain that this is a virut infection now. Tho I cannot get to see the indicators.perhaps it's a new form.
bad news is a fulll wipe and reinstall is probably inevitable. I want you to read this.. Your other option is thru the HJT/DDs tools and that may be 3 days.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

**********
Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help
*********
OR We need to run HJT/DDS.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 March 2009 - 10:44 AM

Thank you, boopme.

I appreciate your help on this matter and I would rather skip to what will likely be the inevitable step (clean install) now instead of after a long and fruitless wild goose chase.

Again, thank you for your time and expertise.

:thumbsup:
Everything is relative said the speed of light...

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 AM

Posted 14 March 2009 - 10:52 AM

Your welcome and at least in the long run it has a happy ending.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 March 2009 - 01:54 AM

Sorry, a couple final questions.

I wasn't sure what to do about all my music files that I had on the infected drive so I ended up getting another temporary drive and installing an OS on that for now.

I'm wondering if I can now safely install my infected drive as a slave to this drive and do one of the following things:

1. Create a partition on the infected drive, move my music files onto the new partition and then perform a clean install on the infected partition or

2. Transfer my music files onto this new drive without fear of bringing the infection over?

Because the infected drive is much larger than this current drive and because I have so much music, it would be much easier for me to do option #1 if that would be a safe route.

Since I've never dealt with an infection like this, I'm nervous to even plug that drive in but it has all my music which I both need and want.

Finally... since I had my thumb drive plugged into my computer a few times while the infected OS was running, are there any special precautions I need to take before using that drive again?

Thanks again for everything.

Edited by _53V3N_, 18 March 2009 - 02:33 AM.

Everything is relative said the speed of light...

#12 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 March 2009 - 02:05 PM

I'm not being impatient but I was afraid that maybe this thread got lost in the shuffle so I'm bumping it. Whenever you (or anyone) gets a chance (I know you're busy helping people), I would greatly appreciate some advice.

Thanks again. :thumbsup:
Everything is relative said the speed of light...

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 20 March 2009 - 04:00 PM

Hello.

Good questions. :thumbsup:

If you are going to backup, here are the 2 rules I have.

Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

I would rather not try the method you said in your previous post. I still don't think it's that safe. Full format is the way to go here.

Finally... since I had my thumb drive plugged into my computer a few times while the infected OS was running, are there any special precautions I need to take before using that drive again?

I suggest you Format your flash-drive as well. Then run flash-drive disinfector afterwards, there may be infected files on your flash-drive. Make sure all executables or .html or .htm files are not there.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Good luck!

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 _53V3N_

_53V3N_
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 March 2009 - 04:07 PM

Thank you for that advice. I will follow it and move cautiously forward. :thumbsup:

Thanks again.
Everything is relative said the speed of light...

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 20 March 2009 - 04:15 PM

You're welcome :flowers:

Below are some prevention tips to prevent these infections or any other infections. These infections usually come from flash-drives or visiting cracks/keygene related sites..

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users