Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seekfor.info is redirecting google searches


  • This topic is locked This topic is locked
5 replies to this topic

#1 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 02 July 2009 - 05:28 PM

I recently installed XP SP2 after a virus infected my PC. I got it cleaned but I never trust a system after that. I noticed that when I google search things that seekfor.info would appear in the address bar and I would be taken to some weird website. I have run MalwareBytes, SuperAntiSpyware, Hijackthis and CCleaner in normal and Safe mode, they found and cleaned things but still have the issue. I use Firefox only. I have not installed SP3 yet, when I noticed this I wanted to get it cleaned up before I install. Minus SP3 I have all the Windows updates.

Thanks for the help =)


DDS (Ver_09-06-26.01) - NTFSx86
Run by Tom at 18:14:41.92 on Thu 07/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1501 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\ihcekf1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [2009-7-1 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [2009-7-1 5632]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-1 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-1 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-1 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-1 298776]
R2 USBDriver;USBDriver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 34304]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-02 17:10 48,640 a------- c:\windows\services.exe
2009-07-02 17:10 0 a------- c:\windows\system32\5.tmp
2009-07-02 17:10 20,480 a------- c:\documents and settings\tom\reader_s.exe
2009-07-02 17:10 48,640 a------- c:\windows\system32\4.tmp
2009-07-02 17:10 20,480 a------- c:\windows\system32\reader_s.exe
2009-07-02 17:10 120 a------- c:\windows\system32\2.tmp
2009-07-02 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-02 11:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-02 11:28 <DIR> --d----- c:\docume~1\tom\applic~1\SUPERAntiSpyware.com
2009-07-02 11:27 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-02 11:19 <DIR> --d----- c:\docume~1\tom\applic~1\Malwarebytes
2009-07-02 11:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 11:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-02 11:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 11:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-02 11:04 1,077,344 a------- c:\windows\system32\mscomctl.ocx
2009-07-02 11:03 <DIR> --d----- C:\UBCD4Win
2009-07-02 10:46 1,155 a------- c:\windows\system32\nwnzmzse.dat
2009-07-02 10:17 109,354 a------- c:\windows\system32\nwnzmzse.dll
2009-07-02 10:17 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-02 05:02 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-01 22:06 <DIR> --d----- c:\program files\Marvell
2009-07-01 22:05 <DIR> --d----- c:\documents and settings\Tom
2009-07-01 22:04 <DIR> --ds---- c:\windows\system32\Microsoft
2009-07-01 22:04 8,192 a------- c:\windows\REGLOCS.OLD
2009-07-01 22:02 103,424 ac------ c:\windows\system32\dllcache\uihelper.dll
2009-07-01 22:01 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-07-01 22:00 829,440 ac------ c:\windows\system32\dllcache\inetmgr.dll
2009-07-01 21:59 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-07-01 21:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-07-01 21:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-01 21:59 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-07-01 21:59 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-07-01 21:59 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-01 21:59 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-07-01 21:59 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-07-01 21:59 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-07-01 21:59 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-07-01 21:59 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-07-01 21:59 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-01 21:58 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-01 21:56 <DIR> --d----- c:\program files\Online Services
2009-07-01 21:56 <DIR> --d----- c:\program files\Messenger
2009-07-01 21:56 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-07-01 21:55 <DIR> --d----- c:\program files\Windows NT
2009-07-01 21:23 <DIR> --d----- c:\program files\JRE
2009-07-01 21:23 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-07-01 11:07 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-07-01 11:02 <DIR> --d----- c:\program files\DivX
2009-07-01 11:02 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-01 10:39 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-07-01 10:35 <DIR> --d----- c:\program files\CCleaner
2009-07-01 10:28 <DIR> --d----- c:\program files\TGTSoft
2009-07-01 10:27 <DIR> --d----- c:\program files\Executive Software
2009-07-01 10:22 <DIR> --d----- c:\program files\AVG
2009-07-01 10:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-01 10:17 <DIR> --d----- c:\program files\D-Tools
2009-07-01 10:08 <DIR> --d----- c:\program files\Analog Devices
2009-07-01 10:07 <DIR> --d----- c:\documents and settings\tom\WINDOWS
2009-06-30 12:34 <DIR> --d----- c:\program files\common files\ODBC
2009-06-30 12:34 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-30 12:34 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-07-02 16:46 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-07-01 21:56 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-01 21:34 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-01 21:01 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-01 21:01 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-07-01 10:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-01 10:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-01 10:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-01 10:22 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 188,484 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 163,840 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-02 12:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-29 17:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-29 17:31 881,664 a------- c:\windows\system32\xvidcore.dll
2009-05-13 17:56 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-13 17:56 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-13 17:54 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-13 17:54 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-13 17:54 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-13 17:54 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-13 17:54 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-13 17:54 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-13 17:54 685,056 a------- c:\windows\system32\DivX.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 00:52 659,456 a------- c:\windows\system32\wininet.dll
2009-04-29 00:52 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 18:14:54.79 ===============

Attached Files


Edited by CaveDweller2, 02 July 2009 - 05:29 PM.

Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 03 July 2009 - 02:54 AM

Hello CaveDweller2,

I'm afraid it's not good news here. :thumbup2:

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 CaveDweller2

CaveDweller2
  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 03 July 2009 - 10:28 AM

Thank you for the response. I did a little searching on the files the scans picked up and wasnot pleased with what I was reading.

I do have a question or 2. I have 2 hard drives in my PC with a few partitions. Is it just my C partition that I have to worry about or do I need to wipe out all of it and start new? I read a few posts out there that mentioned having to wipe all info on the PC but never saw a clear answer. Also I see it infects EXE, SCR and HTML files. I am curios if my pictures are safe? And I have been editing a few movies...are those files safe?

Thank you

Edited by CaveDweller2, 03 July 2009 - 10:37 AM.

Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 03 July 2009 - 05:31 PM

Hello,

Nothing is safe once infected.........your safest route would be to cut your losses and start over. :thumbup2: You have no idea how hard it is for me to tell you that, but it's in your best interest that I do. I have a person right now that was told the same thing, but he went ahead and put pictures and other things on a DVD from the infected machine anyway, and reinfected his nice clean install of Windows. He didn't listen and now has to do it all over again.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 CaveDweller2

CaveDweller2
  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 03 July 2009 - 06:52 PM

I read a few more posts and almost everyone said the same: you have to format all drives connected. So I started that process. I too backed up a few things but I have the disk labeled Infected and didn't put the stuff back on my PC. But it was pics of friends that are no longer with us so I sorta had to. My hope is since this thing is so rampant right now that they might have a cleaner for it in the future and I can look at them again. I am getting updates and stuff now. Fingers crossed its over. :)

To all those reading this: This is only the 2nd time I have lost everything on all drives in the many many years of owning a PC. BACK YOUR STUFF UP!! lol.

Thank you Teacup :thumbup2:

You can go ahead and close this or whatever ya'll do lol :)

Edited by CaveDweller2, 03 July 2009 - 06:53 PM.

Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 06 July 2009 - 07:04 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users