Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computers about to die.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Staffordz

Staffordz

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 02 April 2009 - 12:54 PM

Well, so i think so anyway!
I'm using Windows XP

Here is a brief overview of the problems I have experienced over the past 2 days starting from the first up to now!


Firefox Browser is being redirected by "adwarefeed.com" everytime i followed a link on google!
Unusual Popups started to appear on Google Chrome and Firefox while visiting sites that i had frequently visited in the past!
My Computer started to get very slow and started to freeze! (I have never had these problems before)
Freezing is getting more frequent and makes me have to reboot!
When rebooting, the computer will freeze about 7/10 times on a black screen after loading up the Windows XP Screen and sometimes just as I am signing into my user account!
I know this will properly sound silly but my computer is starting to make some weird noises coming from inside of it, like it was loading something from the hard drive when I'm not doing anything!
Last night after rebooting my computer, it was running stupidly slow and at the same time i got about 5 warnings from "GIANTAntiSpyware" telling me that something was trying edit my my IP and name or something!? And loads of programs that I had never seen before were trying to connect to the internet! I denied them all.
Also I got a warning from my Outdated by about 2 months Norton Anti Virus, telling me that "SVCHOST.EXE" has been modified and is trying to connect, I denied it.
I also have about 5 cases of SVCHOSE.EXE running in my processes, all taking up different kinds of memory in the range of 26,000k - 5000k

I have ran scans with GIANTAntiSpyware which turns up nothing.
I have ran scans with DR Web and it came up with quite a lot of files
I Also scanned with Goored and ATF Cleaner.
I tried to run a scan with SDFix but my computer froze, later on Dr Web said it contained Infected Objects.
Malwarebytes AntiMalware will only install in safe mode but will not run on any occasion.
SuperAntiSpyware will not even install i get a "this program has encountered an error" message.

DDS IS ATTACHED!

Thank you for taking the time to read this and any future assistance you may offer!
I really need help :thumbup2:

Ah, I just got an error saying "explorer has failed" as well.

Attached Files

  • Attached File  DDS.txt   13.96KB   6 downloads


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 PM

Posted 02 April 2009 - 04:18 PM

Hi Staffordz,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 02 April 2009 - 04:26 PM

Hey M0le!

Thank you for your time!

That's just fine!

I will await further instructions :thumbup2:

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 PM

Posted 04 April 2009 - 04:33 AM

Hi Staffordz,

You have a few infections which we can deal with.

Firstly,

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 04 April 2009 - 09:14 AM

maan, I downloaded combofix onto my desktop but it then disapeared :| now my Google Chrome isnt working i get an error message saying "Chrome failed to initialise" every time i try load it up again!

i've also tryed to follow those links to download Combofix with firefox but the download screen disapears as soon as it pops up :|
i'm going to download internet explorer again and try d/l with that!

argh, it wouldnt let me install internet explorer. it just waited on the microsoft download screen while it transfered data from "doubeclick" and "tribalfusion" and others.

i dont know what to doo? is there any other way i can remotely download this program!?

edit - i'm going to try get my friend to send me the program over MSN instant messenger :thumbup2:

Edited by Staffordz, 04 April 2009 - 09:23 AM.


#6 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 04 April 2009 - 10:18 AM

Hey

I managed to recieve combofix of a friend on MSN and ran the program after disabling all anti virus/spyware programs.

When i start my computer up now though, the login screen is different and when i do log in.. i just get a background picture and thats it.. no windows or taskbars or anything. I'm in Safe Mode with Networking just now...

The log is attached!

Please help me get my computer back to normal!


Also i may add, when combofix was running, after it told me it was downloading windows recovery console.. i got a norton popup asking me if i wanted to allow winlogon.exe.. even though i disabled it.

I just left the popup as it was, to not disturb ComboFix but it then told me that something wasnt able to download..

sorry if i bleeped it up or sumit :thumbup2:

Attached Files


Edited by Staffordz, 04 April 2009 - 10:22 AM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 PM

Posted 05 April 2009 - 06:32 AM

Hi Staffordz,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case crackz software). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

------------------------------------------------------------

Back to the fix...

Also i may add, when combofix was running, after it told me it was downloading windows recovery console.. i got a norton popup asking me if i wanted to allow winlogon.exe.. even though i disabled it.


Don't worry about the Norton warning the winlogon.exe should be allowed as the recovery console won't be installed otherwise.

Please don't run Combofix without the recovery console being installed.

Please run Combofix again, allow winlogon.exe this time and then post the new logs.
Posted Image
m0le is a proud member of UNITE

#8 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 05 April 2009 - 07:52 AM

Hey, i have taken your warnings about p2p sharing into consideration! thank you for that information.

Okay! i could only run Combofix in safe mode due to the normal startup not working! i hope thats not a problem.

I got asked to download the windows recovery console and allowed it, I agree'd to the EULA then after 15 minutes of Combofix not doing anything i restarted the program. It didnt ask me to install Windows Recovery again and just went straight to the scan!

I have good news :thumbup2: After it restarted my computer i'm back onto Normal Mode now :) looks like its getting better!

I am still being asked by Norton to allow "niddle" to connect to the internet though, i'm guessing thats malware of some-sort.

Also.. i think you should know that i'm getting a hardware instalation popup everytime i reboot now, asking me if i want to install the correct drivers for CIS Single Chip or something, i'm not sure if thats the correct name though, i'll need to double check!

I'm hoping thats not for my asus motherboard/proccesor!

Log is Attached!

Thank you for your time, once again! looking forward to hearing from you!

Attached Files


Edited by Staffordz, 05 April 2009 - 07:57 AM.


#9 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 06 April 2009 - 09:00 AM

hey man, quick update! I dont have any good news anymore lol.

My computers not functioning in Normal Mode properly again, it was after combofix restarted the computer and gave me a log that it was running fine but now, after another bootup Explorer is not functioning, when i try and open the application through Task Manager i get an error named "Windows Execution Prevention" saying that it has closed the program to help protect my computer.

Also, on startup i get the same error but for a program called "Run Dll as App"

pretty brutal man..

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 PM

Posted 07 April 2009 - 02:58 AM

Hey Staffordz,

Thanks for the thanks.

Yes, the majority of the malware has gone. We need to do a little bit more before you are clean though.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following files and click Submit.

C:\windows\system32\rtsdnif.exe
c:\windows\$NtServicePackUninstall$\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe
c:\windows\system32\winlogon.exe
c:\windows\$NtServicePackUninstall$\ctfmon.exe
c:\windows\ServicePackFiles\i386\ctfmon.exe
c:\windows\system32\ctfmon.exe
c:\windows\$NtServicePackUninstall$\userinit.exe
c:\windows\ServicePackFiles\i386\userinit.exe
c:\windows\system32\userinit.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal

Next....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Owner\Application Data\psvrr.exe
c:\documents and settings\Owner\Application Data\nidle\nidle.exe
c:\documents and settings\Owner\Application Data\_75558131a4dbc2cf8a7b402559051ebc\down\nDler001.exe
c:\windows\system32\ovfsthlwhxiypiqrstxdwqeppfuxtyywurmehe.dll
c:\windows\system32\ovfsthxubvmafvasrprdxlnssibnrewxhlmyqe.db
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\ovfsthvtoiiuxvsxwfmhxtmtqybmhxvmxcpobi.dat
c:\windows\system32\ovfsthufkdjwupmufpllvwghvsspayrnuqirtl.dat
c:\documents and settings\Owner\Application Data\svchost.exe
c:\windows\TEMP\ms1238851137.exe
c:\windows\mswinlogon.exe
c:\windows\Tasks\A90B49749180C468.job
c:\docume~1\owner\applic~1\bluenoun\SlowErrorGlobal.exe
c:\windows\system32\drivers\590a6cd8.sys
c:\windows\system32\drivers\54b56976.sys
c:\documents and settings\Owner\Desktop\Windows SP3 Keygen.exe

Folder:
c:\documents and settings\Owner\Application Data\nidle
c:\docume~1\owner\applic~1\bluenoun

Drivers::
bfastfao
590a6cd8

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"*ctfmon32"=-
"Frag Ooze Cash Scr"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinProx32_1"=-
"nidle"=-
"nDler001"=-
"owns funk"=-
"eyeBeam SIP Client"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nidle"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InetChk"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\590a6cd8]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswinlogon]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 07 April 2009 - 09:20 AM

Hey

Okay i'm scanning With Jotti

--------------------------------------------------------------------------------------------------------------------------
C:\windows\system32\rtsdnif.exe
- Nothing Found

c:\windows\$NtServicePackUninstall$\winlogon.exe

A-Squared
Found Trojan.Win32.Patched!IK
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.Virut.56
F-Prot Antivirus
Found W32/Virut.AI!Generic
F-Secure Anti-Virus
Found Virus.Win32.Virut.ce
Ikarus
Found Trojan.Win32.Patched
Kaspersky Anti-Virus
Found Virus.Win32.Virut.ce
NOD32
Found Win32/Virut.NBM
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found W32.Virut.G
Sophos Antivirus
Found W32/Scribble-B
VirusBuster
Found nothing
VBA32
Found nothing

c:\windows\ServicePackFiles\i386\winlogon.exe

A-Squared
Found nothing
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.Virut.56
F-Prot Antivirus
Found W32/Virut.AI!Generic
F-Secure Anti-Virus
Found Virus.Win32.Virut.ce
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Virus.Win32.Virut.ce
NOD32
Found Win32/Virut.NBM
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found W32.Virut.G
Sophos Antivirus
Found W32/Scribble-B
VirusBuster
Found nothing
VBA32
Found Virus.Win32.Virut.1 (probable variant)

c:\windows\system32\winlogon.ex Found Nothing

c:\windows\$NtServicePackUninstall$\ctfmon.exe
A-Squared
Found Exploit.Win32.IMG-WMF!IK
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found Win32:Vitro
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.Virut.56
F-Prot Antivirus
Found W32/Virut.AI!Generic
F-Secure Anti-Virus
Found Virus.Win32.Virut.ce
Ikarus
Found Exploit.Win32.IMG-WMF
Kaspersky Anti-Virus
Found Virus.Win32.Virut.ce
NOD32
Found Win32/Virut.NBM
Norman Virus Control
Found Sandbox: W32/Virut.CF; [ General information ]* File length: 34304 bytes.
Panda Antivirus
Found nothing
Quick Heal
Found W32.Virut.G
Sophos Antivirus
Found W32/Scribble-B
VirusBuster
Found nothing
VBA32
Found Virus.Win32.Virut.1 (probable variant)

c:\windows\ServicePackFiles\i386\ctfmon.exe
A-Squared
Found Backdoor.Win32.Popwin!IK
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found Win32:Vitro
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.Virut.56
F-Prot Antivirus
Found W32/Virut.AI!Generic
F-Secure Anti-Virus
Found Virus.Win32.Virut.ce
Ikarus
Found Backdoor.Win32.Popwin
Kaspersky Anti-Virus
Found Virus.Win32.Virut.ce
NOD32
Found Win32/Virut.NBM
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found W32.Virut.G
Sophos Antivirus
Found W32/Scribble-B
VirusBuster
Found nothing
VBA32
Found nothing

c:\windows\$NtServicePackUninstall$\userinit.exe
A-Squared
Found nothing
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found Win32:Vitro
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.Virut.56
F-Prot Antivirus
Found W32/Virut.AI!Generic
F-Secure Anti-Virus
Found Virus.Win32.Virut.ce
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Virus.Win32.Virut.ce
NOD32
Found Win32/Virut.NBM
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found W32.Virut.G
Sophos Antivirus
Found W32/Scribble-B
VirusBuster
Found nothing
VBA32
Found nothing

c:\windows\ServicePackFiles\i386\userinit.exe
A-Squared
Found nothing
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found Win32:Vitro
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

:\windows\system32\userinit.exe
A-Squared
Found nothing
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found Win32:Vitro
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found Win32.Virut.56
F-Prot Antivirus
Found W32/Virut.AI!Generic
F-Secure Anti-Virus
Found Virus.Win32.Virut.ce
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Virus.Win32.Virut.ce
NOD32
Found Win32/Virut.NBM
Norman Virus Control
Found W32/Virut.CF
Panda Antivirus
Found nothing
Quick Heal
Found W32.Virut.G
Sophos Antivirus
Found W32/Scribble-B
VirusBuster
Found nothing
VBA32
Found nothing

---------------------------------------------------------------------------------------------------

I'll need to go into safe mode to drag and drop the CFScript.txt into ComboFix, will report back in a few minutes!

#12 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 07 April 2009 - 09:57 AM

Okay, there was a few problems as usual! *sigh* :thumbup2:

I had to run ComboFix in Safe Mode.

I started ComboFix and it warned me about Norton being active but i could not close it down due to there being no little icons to show the program was running in my taskbar to the right, thats where i normally right click and Disable it. I tryed to start Norton through start > programs to disable it but it said it couldnt run in safemode so i took its word for it and went ahead with the scan.

Also.. once ComboFix rebooted my computer into normal mode it done the usual and didnt load up Explorer.. i waited 10 minutes for ComboFix to Popup and start creating the log but nothing happened so i rebooted my computer into safemode where it then produced the Log that is attached.

I hope these problems did not effect the outcome of the scan or make your job any harder!

Thanks.

Attached Files


Edited by Staffordz, 07 April 2009 - 02:13 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 PM

Posted 08 April 2009 - 12:21 PM

Hi Staffordz,

I'm afraid that Jotti has scanned those illegal Windows files and found Virut. :thumbup2:

Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

Sorry mate, this is a newer infection and has no fix at the moment,

Do you have any questions?

m0le
Posted Image
m0le is a proud member of UNITE

#14 Staffordz

Staffordz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 08 April 2009 - 06:46 PM

ahh bleep. worst possible news as none of my media is backed up.

is it safe for me to move a folder of media that was stored in c/media/games over to an external hard drive to transfer back onto my computer without them causing the external any problems!? I already compressed the file, all the names of the applications in it are blue, and now i'm just putting the entire folder into a RAR

thank you for your time man!

Edited by Staffordz, 08 April 2009 - 06:58 PM.


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 PM

Posted 09 April 2009 - 01:21 PM

Staffordz,

You should be okay moving files but don't move any files with these extensions:

.exe
.scr
.html


There is a risk that if your clean hard drive has .exe files on it and it is plugged into the infected one that this could infect those files so be careful.

Happy surfing, mate.

m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users