Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows police pro, other infections


  • Please log in to reply
14 replies to this topic

#1 stagemanager1

stagemanager1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 27 October 2009 - 05:13 PM

Greetings! I recently got a bad infection. It started with Windows Police Pro. It locked me out of task manager, would not allow exe files, and the works. It seems to be a newer version, as it would not allow me to merge the reg fixes I could download onto the desktop. I followed the WPP removal guide, but could not run malwarebytes software from the desktop, as the exe file was lost during (several attempted) installations. I finally installed it on a memory stick on another computer, and when the "file not found" popup came up, i directed it to the memory stick. Not sure how I was able to stop WPP initially - oh yea. I found a site that used group tools or something with XP pro - to stop it.

Anyway - then I was re-infected with Security Tool. Although it blocks task manager, I restared the machine and was able to start Task Manager before ST loaded. I could then stop it with task manager. I seemed to be able to remove it, using the wonderful logs here at bleepingcomputer.

Still - I am not clean. When I open IE or Firefox it they open, but if I click on a link I am taken to a bogus site. Something is monitoring my browsers, and attacking me. Even links in firefox start an IE window bogus site.

I need help. I will begin downloading the tools mentioned as I signed up.

thanks!

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 27 October 2009 - 06:38 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 27 October 2009 - 11:40 PM

I got a lot of notifications of bad dlls when the computer was re-starting.
"the application or DLL c:\windows\system32\lusiyuge.dll is not a valid windows image. Please check this against your intstallation diskette." got one of these for just about every item in the processes list. And "Error loading c:\docume-1\networ-1\ntuser.dll %1 is not a valid Win32 application."

Plus - something seems like it is is still monitoring. The highlighted process flashes in the task manager - never did that before.

I had to run Mbam from a memory stick again.

Here is the Mbam log. Third one in about 5 days....

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/27/2009 11:16:55 PM
mbam-log-2009-10-27 (23-16-55).txt

Scan type: Quick Scan
Objects scanned: 122060
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lusiyuge.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b32577c1-05f1-4e53-a8dd-4e6ed61bb7a9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nenosetab (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\91847534 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b32577c1-05f1-4e53-a8dd-4e6ed61bb7a9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fafiwihuj (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lusiyuge.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lusiyuge.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\91847534 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\lusiyuge.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\91847534\91847534.bat (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\91847534\91847534.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rotirufe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

Edited by stagemanager1, 27 October 2009 - 11:44 PM.


#4 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 27 October 2009 - 11:50 PM

I just opened cnn.com and tried a link. Still infected - still tries to link me to bogus sites.

#5 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 27 October 2009 - 11:54 PM

Comodo is my AV. It just told me "iexplore.exe could not be recognized and is abut to modify thecontents of C:\windows\system32\calc.dll..."


every service is getting modified!

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 28 October 2009 - 06:53 PM

Could you please update your version of Malwarebytes as it is outdated. Please go to the "Update" tab in the program and update the definitions. Then please rerun a Quick Scan and post back the log.
Computer Pro

#7 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 28 October 2009 - 11:01 PM

cant update Mbam. (just typed a whole reply, and accidentally closed the window. CRAP!!)

Can not add system files. Access is denied.

this is the second of two messages:

"error writing to registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnc

RegSetValueEx failed; code 5.
Access is denied"

How do I paste the images in this reply? I try to alt-prtscrn, but can not paste here.

thanks!

what next?

#8 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 29 October 2009 - 12:16 AM

Finally found a manual update, and installed it with a memory stick.

Malwarebytes' Anti-Malware 1.41
Database version: 3030
Windows 5.1.2600 Service Pack 3

10/29/2009 12:09:49 AM
mbam-log-2009-10-29 (00-09-49).txt

Scan type: Quick Scan
Objects scanned: 126182
Time elapsed: 10 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 47

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Downloader) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isapeep (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDefend (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Login Software 2009 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inixs (Trojan.FakeAlert) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\38021418 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\90562931 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.
C:\tfdp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dejezibi.dll.tmp (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\demayoha.exe (Rogue.SecurityTool) -> Delete on reboot.
C:\WINDOWS\system32\dokakuru.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\system32\fojawuka.exe (Rogue.SecurityTool) -> Delete on reboot.
C:\WINDOWS\system32\gasowihu.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\isapeep.sys (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\kusawezu.dll.tmp (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\laroriwa.exe (Rogue.SecurityTool) -> Delete on reboot.
C:\WINDOWS\system32\nelufuyu.exe (Rogue.SecurityTool) -> Delete on reboot.
C:\WINDOWS\system32\poviwumi.exe (Rogue.Installer) -> Delete on reboot.
C:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Delete on reboot.
C:\WINDOWS\system32\romopifo.dll.tmp (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ronigofu.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\system32\wawavara.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zewewegi.exe (Rogue.SecurityTool) -> Delete on reboot.
C:\Documents and Settings\Chris\Local Settings\Temp\3919282608.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\jcy97xe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\rundll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\~.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\IXP000.TMP\by.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\LO8BVPV4\SetupAdvancedVirusRemover[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\adjjkma[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\clzmanoopc[1].htm (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\hrobc[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\mollmz[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\unaooftg[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\vqnnb[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\OXN0DTSM\vsoptt[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\38021418\38021418.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\38021418\38021418.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\90562931\90562931.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Start Menu\Programs\Startup\scandisk.dll (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Chris\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\defariha.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Chris\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\nuar.old (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\skynet.dat (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\Chris\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

#9 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 29 October 2009 - 04:46 PM

Please run ATF and SAS:
Credits to Boopme

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note 2: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Edition

Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
Computer Pro

#10 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 01 November 2009 - 10:17 AM

Computer Pro - I appreciate the time you have spent with me helping me get out of the woods with this virus. I am confident that we could get the infection eradicated, however my system install is about a year and a half old, and I am ready to format this disk. I have backed up all of my vital info onto an external, and am searching (without luck, so far) for the factory install disk.

I can tell this system is corrupted to the core.

Again - thanks for your help.

It might be a few days before I find the disk. I know you are helping others. If you are curious about my infection, let me know. Otherwise - THANK YOU SO MUCH FOR GIVING ON THIS SITE. I know that many people feel my gratitude to you and the other helpers here.

#11 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 01 November 2009 - 10:49 AM

Your very welcome. If you cannot find the install disk, then just let me know, and we could get back to disinfection. I am not recommending against the reformat, but I havent reformatted my hard disk in six years, and everything still runs smoothly. But it would be probably be good for you, since you got infected, and it would give you a fresh start.

But like I said, let me know if you dont find the disk.

Edited by Computer Pro, 01 November 2009 - 10:49 AM.

Computer Pro

#12 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 01 November 2009 - 11:06 AM

Thanks. I am enjoying the learning process of the disinfection - I love learning more about the workings of the OS. But yea - I want a clean install.

Thanks. I will be in touch if the disk does not re-surface.

c

#13 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 01 November 2009 - 11:12 AM

Yes it is very interesting to disinfect as each computer is different. But once you have reformatted, make sure to keep Windows and all of your programs updated. Also make sure to have an active and updated Antivirus and Antispyware. Run scans with these often. This should help keep you from getting reinfected.
Computer Pro

#14 stagemanager1

stagemanager1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 01 November 2009 - 02:55 PM

I am very careful. I use Comodo - I have liked it. I know where not to click.

I get news from fark.com - and one of the (very questionable) news links was slow to load. I was being impatient and accidently clicked in the border of the news site. Then the attack began. Has been a nose dive from there. As long as I do not open web browsers (either one) it does not run. If I open a web browser the attacks begin again. crazy. Very, very clever programmers. Are they Russian? Police Pro has some odd grammatical errors.

#15 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 01 November 2009 - 03:03 PM

Most likely they are, as most attacks come from Russia. But the attack could have come from any where in the world.
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users