Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Load of Fun here


  • Please log in to reply
40 replies to this topic

#1 ZelZanza

ZelZanza

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 28 June 2005 - 10:24 AM

Hey guys. I'm back again :thumbsup: . I got on today and noticed, "Hey! My computer is as slow as a sloth". I've already run Ad-Aware and Spybot. Below is my HijackThis log. I've googled xgfbgr but can't find a thing. Also, there's a KavSvc in the log, and I don't remember it being there a few days previously when I ran it. Since I know you guys are great at this sort of stuff, I didn't want to remove/delete anything that would affect my computer worse. Thanks in advance for the help. =D.

Logfile of HijackThis v1.99.1
Scan saved at 11:24:47 AM, on 6/28/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\PLNAKK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS2\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [xgfbgr] c:\windows\system\xgfbgr.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\plnakk.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O15 - Trusted Zone: *.gmail.com
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
ZelZanza

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 28 June 2005 - 06:00 PM

You have a qoologic infection. If you could, I would like to get a sample of that. Go to this page:
http://www.bleepingcomputer.com/submit-malware.php

In the submit box, paste in the following text:
C:\WINDOWS\plnakk.exe

As soon as you have done that, I will help you get the rest cleaned up. :thumbsup:

#3 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 29 June 2005 - 05:56 AM

Okay! I submitted it. Have fun with it :thumbsup: . Now on to the dirty work.
ZelZanza

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 29 June 2005 - 09:15 AM

Thank you. Now we'll see if this is going to go down ewasy, or of it is going to go down hard...

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

O4 - HKLM\..\Run: [xgfbgr] c:\windows\system\xgfbgr.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\plnakk.exe reg_run

***********************************************************************

Reboot and post a new log please. :thumbsup:

#5 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 29 June 2005 - 05:36 PM

Here's the new log:



Logfile of HijackThis v1.99.1
Scan saved at 6:34:34 PM, on 6/29/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\XGFBGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ACCWIZ.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS2\HIJACKTHIS.EXE

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [xgfbgr] c:\windows\system\xgfbgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O15 - Trusted Zone: *.gmail.com
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx


So far, no pop-ups have occured. Every time I turned on the computer, pop ups would come up. X_x. Also, I think that 02- BHO: CeresObj... is bad. Some of the pop ups that I got said "Ceres" at the title bar on them. :thumbsup:
ZelZanza

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 29 June 2005 - 05:45 PM

That one is bad.. I looked right over it. :thumbsup: Oddly enough, the hard one is gone, but the easy ones are still there, so let's try again.

Remove these with HJT:
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

Reboot and post a new log.

#7 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 30 June 2005 - 06:00 AM

I think I spoke too soon about those pop ups x_x. Maybe they'll stop this time!

Heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 6:55:59 AM, on 6/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\XGFBGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\ACCWIZ.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS2\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [xgfbgr] c:\windows\system\xgfbgr.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O15 - Trusted Zone: *.gmail.com
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx


When I fixed both 02's the first time, they didn't delete. I figured out why when I found out I had IE open o_O. So I closed it, ran it again, and they are gone :thumbsup:. My bad XD.

Xgfbgr is still there =o.
O4 - HKLM\..\Run: [xgfbgr] c:\windows\system\xgfbgr.exe

And I was wondering what KB891711 was? I think I read somewhere that it is good, but I don't quite remember =(.
ZelZanza

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 30 June 2005 - 09:27 AM

I suppose we need to find out what that one last file is. Go here:
http://virusscan.jotti.org/

Paste the following line into the box, and then submit it:
c:\windows\system\xgfbgr.exe

Let me know what Jotti says it is.

***************

The file KB891711.exe file is  found on Windows 98, Windows 98 SE, and Windows Millenium operating systems. Its a Windows security update file protecting against a "Vulnerability in cursor and icon format handling could allow remote code execution". With the April 12, 2005 release of the file it runs as a service from the following registry entry:


http://www.pchell.com/support/kb891711.shtml

#9 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 30 June 2005 - 07:01 PM

What Jotti Says:

File: xgfbgr.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 64af08f1fc45796c23b3fa6c7ebbb18a
Packers detected: PE_PATCH, UPX
Scanner results
AntiVir Found TR/Dldr.BetterIne.D
ArcaVir Found Trojan.Agent.Ay
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.3256
F-Prot Antivirus Found nothing
Fortinet Found W32/Agent.53CB-tr
Kaspersky Anti-Virus Found Trojan.Win32.Agent.ay
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found Trojan.Win32.Agent.ay

Edit: (Found this at the bottom of the page).

Statistics
Last file scanned at least one scanner reported something about: Invader.c in Small Live Virus Collection 190 total.zip, detected by:

Scanner Malware name
AntiVir AT-144 ©
ArcaVir ASH.1604
Avast Tic-101
AVG Antivirus AntiCAD.4096.Mozart
BitDefender AntiCAD.4096.Mozart.A
ClamAV Plastique.5
Dr.Web Jerusalem.Invader
F-Prot Antivirus AntiCad.4096.R
Fortinet AntiCad.4096.R
Kaspersky Anti-Virus Virus.Boot-DOS.Invader.b
NOD32 Anticad.4096.Mozart
Norman Virus Control AntiCad.2224-4096
VBA32 Invader.c




Okay...I thought that KB891711.exe was for security. Couldn't remember though =o.

Edited by ZelZanza, 30 June 2005 - 07:04 PM.

ZelZanza

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 30 June 2005 - 07:10 PM

That's interesting. Your antivirus can't find it, but the one I use did. :thumbsup:

I have a couple of suggestion, an d you can really take your pick. You can temporarily disable AVG, download AntiVir Personal, and let it remove the incfection. Or you can try one of the online scanners, and see if they will remove it:I would try the TrendMicro scan first if you choose to go that route.

There is a manual fix that is quite lengthy, and we can go that route also. It is really up to you. Everything else is gone except for that one infection, so we don't have much to go yet. :flowers:

#11 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 30 June 2005 - 09:04 PM

I'll try running the online scanners first, and if that fails to pick it up, I can try the first option. And then we'll go to the third. I'll do that tomarrow, since it's 10PM here, and I have to get up for work at 5:30AM tomarrow. I'll just edit this Post with a new log after the scans.
ZelZanza

#12 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 30 June 2005 - 09:20 PM

Go ahead and just add to the post if you would please, otherwise I might overlook your post, and I wouldn't want that to happen. :thumbsup:

#13 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 01 July 2005 - 05:58 AM

For these online scanners, should I set them to autofix?
ZelZanza

#14 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:48 AM

Posted 01 July 2005 - 09:17 AM

Yes, they should be set t oautofix..sorry about that. I should have mentioned that before.

#15 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 01 July 2005 - 04:33 PM

On second thought, let's just go through the manual way. I have satelite internet and it likes to slow down around this time of day, making any online scan slow as all >.
ZelZanza




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users