Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Win32/PEPatch.AO


  • This topic is locked This topic is locked
14 replies to this topic

#1 healer

healer

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 19 April 2009 - 04:16 AM

I have described the problem in another log http://www.bleepingcomputer.com/forums/t/220562/detected-virus-cannot-be-eliminated/. That was before I tried HijackThis. Now the detection of virus keeps coming up as it attaches to a number of critical files. It comes up almost every time I run something.

DDS (Ver_09-03-16.01) - NTFSx86
Run by SysAdmin at 18:56:58.36 on Sun 19/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.238.46 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Documents and Settings\SysAdmin\Desktop\dds.scr
C:\Program Files\AVG\AVG8\avgcsrvx.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{b93d24b3-928d-4805-b379-4aa47cb3794e}\NewShortcut1_1.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - {47B92A27-8252-420D-9630-378EF61434D7} - c:\progra~1\kingsoft\powerw~1\XDictExB.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - c:\progra~1\kingsoft\powerw~1\XDictExB.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: mQsBCfyGSBTgL - {A4B4A08E-0E1E-0A24-16A0-D07C9BF05319} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sysadmin\applic~1\mozilla\firefox\profiles\0s5tgvwh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-18 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-18 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-18 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [2004-8-30 6784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-18 298264]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [2004-8-30 16000]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-10 124832]

=============== Created Last 30 ================

2009-04-19 17:00 --d----- c:\program files\Trend Micro
2009-04-19 16:53 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-19 16:51 --d----- c:\program files\SUPERAntiSpyware
2009-04-19 16:51 --d----- c:\docume~1\sysadmin\applic~1\SUPERAntiSpyware.com
2009-04-19 16:50 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-19 16:10 --d----- c:\documents and settings\sysadmin\.housecall6.6
2009-04-18 20:40 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-18 20:40 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-18 20:40 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-18 20:40 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-18 20:40 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-18 20:40 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-18 20:40 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-18 20:40 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-18 20:40 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-18 20:39 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-18 20:39 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-18 20:39 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-18 19:35 --d-h--- C:\$AVG8.VAULT$
2009-04-18 18:31 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-18 18:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-18 18:31 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-18 18:30 --d----- c:\windows\system32\drivers\Avg
2009-04-18 18:30 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-12 12:03 118,784 a------- c:\windows\system32\sgcvagj0e9bj.dll
2009-04-12 11:45 --d----- c:\docume~1\sysadmin\applic~1\HAPedit
2009-04-11 22:04 --d----- C:\HAPedit
2009-04-11 21:46 --d----- C:\pebuilder3110a
2009-04-11 21:37 --d----- c:\program files\Windows Resource Kits
2009-04-11 18:10 --d----- c:\program files\Microsoft ActiveSync
2009-04-11 18:08 --d----- c:\windows\SHELLNEW
2009-04-10 12:21 1,905 a------- c:\windows\diagwrn.xml
2009-04-10 12:21 1,905 a------- c:\windows\diagerr.xml
2009-04-02 11:23 --d----- c:\program files\DAEMON Tools Lite
2009-03-29 21:13 --d----- c:\program files\NETGEAR
2009-03-29 16:56 --d----- c:\program files\Glary Utilities
2009-03-29 16:41 --d----- c:\docume~1\sysadmin\applic~1\GlarySoft
2009-03-29 16:33 --d----- c:\program files\Glary Registry Repair
2009-03-29 16:24 --d----- c:\program files\VS Revo Group
2009-03-29 16:14 --d----- c:\program files\Free Window Registry Repair
2009-03-29 16:07 --d----- c:\windows\$regcmp$
2009-03-29 16:07 --d----- c:\program files\Registry Clean Expert
2009-03-29 15:58 --d----- c:\program files\Innovative Solutions
2009-03-25 21:07 --d----- c:\program files\TweakNow RegCleaner
2009-03-25 21:07 --d----- c:\docume~1\sysadmin\applic~1\TweakNow RegCleaner
2009-03-25 20:37 --d----- c:\program files\TweakNow RegCleaner Std
2009-03-22 00:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-11 21:38 78,175 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-14 15:24 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-03-07 17:15 262,144 a------- c:\windows\system32\default_user_class.dat
2009-03-07 17:09 129,784 -------- c:\windows\system32\pxafs.dll
2009-03-07 17:09 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-07 17:09 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-07 17:09 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-03-07 17:09 116,472 -------- c:\windows\system32\pxcpyi64.exe
2009-03-07 17:09 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 10:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 10:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 14:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 20:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 20:20 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 15:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 22:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 22:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 22:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 22:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 21:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 21:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 21:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 21:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 21:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 20:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 20:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 20:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 05:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-04 05:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 18:58:08.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 20 April 2009 - 02:41 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

Let me reiterate what's already been said. You appear to have a very serious infection and there is a definite possibility that you will need to format your drive. You may want to prepare for this now and begin to back up any photos or media files that you would not want to lose. Do NOT backup any exe files as they may be infected.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 20 April 2009 - 11:35 PM

Thanks a lot for your help! I am indeed in big trouble. I think I have infected my whole network of computers because I had backed up some executable files across the network.

First of all I couldn't wait yesterday because I use that particular laptop a lot. So I restored the ghost disk image that came with my laptop back to my C drive and re-installed everything last night. I thought that would wipe out all the viruses. That laptop had 2 partitions on the hard disk. I left the other partition alone. That partition had some files but I hardly accessed any of them. I had thought it would be all right. Before I did it I backed up my Microsoft Outlook file and some data files as well as some often-used install files I downloaded from the Internet across the local network to another 2 computers. Everything seemed to run fine this morning. I didn't see the virus messages any more. Then I couldn't download file from Internet properly. This problem seemed to spread across the network. Every file I downloaded was corrupt or incomplete. Because I have used up my download bandwidth for this monthly cycle so the Internet has been very slow. I thought that was the cause of the problem. Then I started losing permission to do anything on the laptop, such as installing additional program even I was logged on as an administrator. So before I read your post I already started to reinstall my laptop with a OEM XP Home CD but using the same original product key that came with the laptop. The reason I used another CD because I need the function of deleting all the existing partitions before re-installation. I am in the middle of re-installation at the moment.

What I want to ask now is whether you think what I am doing is sufficient to clear all viruses on this particular laptop. I had hoped to do a low level format but I didn't have the resources. Do you think deleting all partitions will clear the viruses happen to be at the boot sector as well? The next question I would like to ask is what I should do to check the other 2 computers, XP Pro & Vista Home Basic. I have done virus test with AVG 8.5 on the other 2 computers. It hasn't found any problems. I also had another 2 laptops (XP Home & Vista Home Basic) on the same network. No executable file has been exchanged with them but some data files. Your advice will be appreciated. I will have full download bandwidth available tomorrow when I can download any diagnostic program you ask me to. Today is the last day the monthly cycle.

I didn't do what you suggested because I thought there might be no point to do now. Please let me know I am happy to do whatever you recommend if you think otherwise.

#4 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 20 April 2009 - 11:42 PM

Thanks Sam again. I forgot to mention that there were a few other partitions besides the first two belong to Windows on the same laptop. They were Linux partitions. Do you think they could have caught viruses from the neighbouring Windows partition even though there was no file exchange between them? Anyway on the safe side, I have deleted them as well. I look forward to your further advice. Have a good day!

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 21 April 2009 - 04:06 PM

This virus is extremely nasty and variants are common. It's not detected well and not a lot is known about it yet. One of the few programs that seems to do a good job at detecting it is DrWeb. I would proceed to scan all partitions and computers on your network with DrWeb. Let me know what it comes up with.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 21 April 2009 - 08:30 PM

Thanks Sam! I had also noticed that I didn't even see the security tab when booted into safe mode and logged on as an administrator yesterday morning. My system is XP Home. By they way, would you know what else this virus could have done apart from damaging my system? Would it act as spy sending info out of my laptop?

I have scanned with Dr. Web CureIt as you instructed all my computers except the one I had crippling problems before. Since I had formatted and reinstalled the computer I thought I could delay on that one till tonight when I will stop using the computer. I chose to "Start" not "Update" when Dr. Web CureIt starts. I wasn't too sure if virus definition needed to be updated. The 2 computers I backed up files to did have virus problems. They were files Boot_CD.exe and data037 with probably "Trojan.Packed.191". I downloaded them from the Internet lately. In fact I have been downloading files from or for PEBuilder, VistaPE and WinBuilders. I am not too sure whether the virus "PEPatch.AO" had anything to do with them.

One of the computers I believe not related to this disaster has Zlob.Downloader.bs found by SpyBot. Spybot couldn't remove it but got stuck on it. I had to force-terminate the SpyBot program. None of AVG, SuperAntiSpyware, Dr Web CureIt discovered this file. I unhid all the files including system files in the computer and searched for it but found nothing. If you think I should post this to another forum or a separate post please let me know.

Edited by healer, 22 April 2009 - 02:07 AM.


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 22 April 2009 - 11:10 AM

We need to stick with just one computer on this thread to minimize the confusion. If you've got another computer that you want to work with at the same time you will need to start another separate topic for it.

It doesn't sound like you are dealing with the worst case scenario. Can you post the log from the DrWeb scan?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 22 April 2009 - 07:27 PM

Thanks Sam. If you are talking about the computer I had crippling problems with, it appears all right now after deleting all the partitions and reinstallation of the hard disk. I did do a complete scan with DrWebCureIt overnight. It found no problem at all. However I am not too sure whether I did it correctly because I didn't select "Update" before the scan so I wondered if the virus definition was up to date. If unnecessary, does it mean I have to download the program file again when I next use it in order to get the latest virus definition? I also realized this morning I ran the program under limited user by mistake, not an administrator. I will do the scan again if necessary. I have tried to attach the log but the file is 700K after compression with 7-Zip. Please advise!

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 23 April 2009 - 04:44 PM

If the log is that big, what is the primary infection that it's detecting?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 23 April 2009 - 07:43 PM

I can't open the file. I think it's too big because I did a complete scan as well. Both express scan and complete scan didn't report any problem. Do you think I should do one more time? Shall I do the complete scan or just the express scan?

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 24 April 2009 - 10:08 AM

No. There's no reason to run it again if it coming up clean. So I'm a bit confused right now. What issues are you having with this particular computer?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 April 2009 - 06:14 PM

I am sorry to have confused you. If you read my previous post in the same thread I didn't wait for the reply to my first post because I needed the computer badly and this is the one I am working on at the moment. I am sorry I did that to you. I formatted and reinstalled the whole computer twice. I guessed that's how I had improved the computer performance if it hadn't completely cleaned it. I would like to hear your comments.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 25 April 2009 - 08:15 AM

Ok, no problem. So if you formatted, then the computer should be free of malware.
Are you having any issues with this computer?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 healer

healer
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 26 April 2009 - 02:35 AM

Not at the moment. Perhaps we should leave it for the time being.

I appreciate all your time. God bless!

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:42 PM

Posted 26 April 2009 - 10:50 AM

I'm glad I could help you out! :thumbup2:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users