Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a smart one


  • Please log in to reply
18 replies to this topic

#1 cybermancer2k1

cybermancer2k1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 20 April 2009 - 01:42 PM

Hi all,

This first post of mine will be a little long, but I wanted to let the experts know what I was up against.

I've got a smart one, and it's driving me crazy trying to get rid of it. I need help very badly. Dell Inspiron 1100 laptop running Windows XP/SP3; Internet browser IE8; recently downloaded Firefox (to try and workaround malware-caused browser crashes, see below); wireless Internet connection, disabled (for now). Until recently, running McAfee 2009 as the AV using both McAfee's and Windows' firewalls.

The symptoms I've noticed, organized roughly from from most to least annoying:
  • The malware will not let me connect to any AV websites (immediately crashes browser upon connection).
  • It will not let me download AV from other websites (such as mirror sites or Download.com)
  • It has completely disabled my AV (McAfee); will not let McAfee scan, report on malware activity or conneect to website.
  • It seems to know what AV will kill it, and will not let me load such on my machine through setup, even with renamed filenames (tried HJT, MBAM, Avira, Avast, AVG). Of course, being unable to load HJT, I cannot provide a log file.
  • Along with the above, it seems to know what is useless against it and lets me run those all I want (so far tried ClamWin, McAfee Stinger, Spybot S&D (did find some minor spy/adware which it killed), Sysclean and Microsoft's Malware Removal Tool). All were run in both Safe and normal modes.
  • It sometimes will begin using 100% of the CPU (as reported by Task Manager). This is not a regular thing, however. Sometimes, the computer rolls merrily along at normal usage.
  • A string of icons appears in the system tray as though McAfee is trying to scan or connect, but the icons go away to instant I move my cursor over them.
  • It can apparently infect and travel over USB sticks, becuase it tried to infect another computer from one of them (see below)
  • Sometimes it looks as though McAfee is trying to run an onboard scan but it runs extremely slowly. Even with me constantly booting and shutting down the machine, it's taken over a week to scan 30,000 files (there are over 900,000 on the machine)
  • My printer/scanner (a Lexmark 3600) will not scan from the console or from PhotoShop; I can only get it to scan through Windows' Printer/Scanner Wizard
  • I can't double-click on either USB stick or my c:/ drive to open them; I have to right-click>Open to open them
  • Autorun will not shut off, even though I have gone in and set the parameters ("Take no action") several times. Noticed a little while ago that two Autoruns appeared in the dialogue box when I plugged in my flash.
Actions I've taken so far, in no particular order:
  • Thinking at first I had Conficker (even though I took steps to prevent Conficker infection) I ran a Conficker Removal Tool, which found nothing.
  • I've run Microsoft's latest security patches. I realize it was closing the barn door after the horse had escaped, but still...
  • I've tried to research this thing; I have a tentative identification of it (obtained only because it tried to infect a protected computer): Trojan.Agent.akza, but I can't find much useful information on it.
  • In the course of providing info for this post, I had no choice but to plug my USB in and found out the first bug tried to infect this computer along with another: Trojan.Agent.zzba.
  • I've thrown whatever (free) AV will run on my machine at it; in fact, I've come to realize that if it runs at all, the bug "knows" the AV is useless against it.
  • Some of the AV I've used has supposedly identified infections, but then wanted me to buy an upgrade; TrojanHunter 5.0 found two suspicious registry errors, but would not fix them without payment. I removed TH 5.0 and another that supposedly found over 600 infections before I realized it was just a scam and stopped it (name escapes me at the moment, but I don't believe it was more malware)
  • I've disabled the radio so the machine can't connect to the Internet (and maybe whistle up more bugs). I don't dare reconnect until this thing is dead.
  • I've opened the registry (it will let me open RegEdit) and looked at it, comparing what little I knew of it with info I've gleaned from the Internet. I did delete the two suspicious entries that TH 5.0 found, but only after backing them, and the entire registry, up. So far, there has been no lack of performance
  • I've looked in Task Manager for suspicious processes (particularly any extra smss processes) but found nothing.
  • I've rendered all files visible and glanced through some folders I thought might harbor the thing. Nothing found.
  • I found a program called HJTFree that the bug seems to let me load and run; I've used it to make some log files, but I don't think they approach HJT's thoroughness. I can post these if anyone asks.
  • After reading on another forum that the bug might be using the Hosts file to block the AV sites, I downloaded a copy of HostsXpert to reset my Hosts file. No apparent change in the bug's behavior.
  • Before I disabled the Internet connection, I tried to run a few online virus scans. They went very slowly and I always stopped the scan and killed the connection before they finished for fear this bug would summon more if its friends or export my personal info
My most immediate need is for someone to tell me what steps I can take to get this thing to let me load some effective AV (even one) on my computer. That's the major problem I'm having in killing it.

Thanks in advance for any and all help.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:29 PM

Posted 20 April 2009 - 02:03 PM

Use a clean computer and a usb drive to transfer but first run this on both

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Now we need MBAM and the definitions

Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/


Try this to install MBAM

Try renaming the setup file to install.com

try installing in safe mode

here's a random renamer for the program if you can get it installed

http://kixhelp.com/wr/files/mb/randmbam.exe
Chewy

No. Try not. Do... or do not. There is no try.

#3 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 20 April 2009 - 02:48 PM

Thank you, DaChew! I'll go through your steps tonight and let you know tomorrow what's changed.

#4 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 20 April 2009 - 06:48 PM

OK, mixed results so far:

I burned the software you mentioned so far to a CD along with your instructions. I was able to run Flash Disinfector and disinfect my USB sticks (could not disable McAfee and could not even remove it; had to stop it's processess just to get Flash Disinfector on the desktop), but was unable to open MBAM. Tried renaming it, running it in safe mode and moving it around the drive -- nothing. When I try to open it, I'll get the language select dialog, then upon OK'ing that, either the program will not open/load, or I'll actually get a glimpse of the welcome screen before the program shuts down again.

I'm wide open to suggestions at this point...

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:29 PM

Posted 20 April 2009 - 07:00 PM

See if you can use safe mode(F8) to install a renamed installer, you might even have to rename it before putting on a usb drive
Chewy

No. Try not. Do... or do not. There is no try.

#6 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 21 April 2009 - 07:08 PM

OK, I did everything you said; I downloaded a fresh copy of MBAM onto my flash, renaming it before it downloaded. I tried to run it in both Safe and Normal modes on my machine from both the USB and the desktop. No dice. This bug is incredible. No matter what I named MBAM, or how I tried to install it, or even where it was on the drive, the instant it tried to install, the malware stopped it cold.

I even installed in on the flash drive and physically dragged the MBAM folder onto C:\Program Files. Tried to launch it. Nothing. Same result. Somehow, this malware is looking deep into MBAM and other AV software, seeing what it is, and stopping it.

Thinking that maybe MBAM was faulty somehow, I tried loading it onto a machine I knew to be clean. Installed quickly and perfectly. Scanned the drive and declared that computer malware-free. So it's back to the malware.

I'm at my wit's end. Is there someway, somehow to suppress this bug long enough to load its killer?

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:29 PM

Posted 21 April 2009 - 07:20 PM

Avira AntiVir Rescue System

http://www.avira.com/en/support/support_downloads.html

http://www.freedrweb.com/livecd/

These are advanced tools but take full control of the computer away from an infection, you have to boot to the cd tho

Be careful what you delete, they will kill protected infected windows files which you will have to replace with clean copies
Chewy

No. Try not. Do... or do not. There is no try.

#8 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 21 April 2009 - 07:53 PM

OK; I'll try these. Since they're so powerful I want to read over the manuals carefully before I try them, though. Might be a day or two before I get back to you. Sorry to be such a bother; never had an infection this persistent before.

#9 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 23 April 2009 - 12:10 PM

So far, tried the Avira Removal Tool. No change; malware stopped in in its tracks. I've burned the Dr. Web image to CD; I'll try it tonight and get back to you.

One thing I did notice; it seems to be OS specific. It hasn't infected my desktop (running Windows 2000) even though I've used the contaminated flash drives on it. I've installed Avast and MBAM on that machine to keep it clean.

#10 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 25 April 2009 - 02:41 PM

Much progress today after a rocky start. Tried the use the Dr. Web Live CD, but eventhough I burned it according to the directions, my machine wouldn't recgonize it and therefore wouldn't boot properly. While I was on the Dr. Web site, I got a copy of Dr. Web CureIt! in case I'd need it in the future--good thing I did, as it turned out. After the Live CD failed to open, I got a little desperate, figured "what the hell...?" and threw CureIt! at the malware. Took 12 hours, but CureIt! killed it (it was Trojan.Downloader.9530 -- I saved the logfile if you need it). After I closed CureIt! I immediately installed and ran MBAM, which found 14 more infected objects (log's available for that one, too.) Then I updated both McAfee and Windows. I didn't want to run any other tools before reporting back to you first.

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:29 PM

Posted 25 April 2009 - 05:28 PM

Rerun MBAM after updating and post both those logs, that will tell what we need to do next

:thumbsup:

Way to go

:flowers:
Chewy

No. Try not. Do... or do not. There is no try.

#12 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 April 2009 - 12:09 PM

Here ya go...

=====================
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/25/2009 11:36:00 AM
mbam-log-2009-04-25 (11-35-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 192870
Time elapsed: 1 hour(s), 36 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==================

Malwarebytes' Anti-Malware 1.36
Database version: 2046
Windows 5.1.2600 Service Pack 3

4/27/2009 10:43:38 PM
mbam-log-2009-04-27 (22-43-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 200501
Time elapsed: 1 hour(s), 42 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\components\dbeacbebc.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:29 PM

Posted 28 April 2009 - 08:18 PM

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Chewy

No. Try not. Do... or do not. There is no try.

#14 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 29 April 2009 - 12:08 PM

I have the latest instructions; will run these tonight and post again tomorrow. Thanks!

#15 cybermancer2k1

cybermancer2k1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 30 April 2009 - 06:27 PM

OK, I followed the instructions, running ATF Cleaner first, then loading and running SUPERAntiSpyware. SAS destroyed a copy of adware.vundo/variant, but when I went to find the log, nothing appeared in the Scan Log area. I made sure it was set to keep the log(s) and looked in the program folder, but there was none to be had. Should I run SAS again in order to try and capture the log, or move on to another step?

BTW, I've learned my lesson. Now whenever I connect to the Internet, the first thing I do is update McAfee and MBAM. And I keep Dr. Web handy on my USB just in case.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users