Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked with a fake codec request


  • Please log in to reply
13 replies to this topic

#1 johnmacinnis

johnmacinnis

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 05 December 2009 - 10:45 AM

thanks for your patience.

i downloaded a torrent file video. when i selected the file in WMP a popup requested that i execute a file to install a codec. the file simply disappeared and the trouble began. when i run internet explorer or firefox they both provide the initial google search response, but if i click a search link the link redirects to various search pages with URLS that don't match the original link.

here is the dds file and i will upload the attach file. i could not make rootrepeal work even with sophos virus diabled. i am sorry, but i thought this would be a start.
i will follow your directions to the word. i am using a release candidate of windows 7 based on my purchased copy of vista. i will no doubt upgrade to retail in a few months.

thanks again for helping me,
john


DDS (Ver_09-12-01.01) - NTFSx86
Run by John at 10:47:26.13 on Sat 12/05/2009
Internet Explorer: 8.0.7100.0 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.2048.1377 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.2\SetHook.exe
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\qsmkfsjv.default\
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-30 64288]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2009-8-7 93192]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-4-21 48128]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-4-21 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-5 80936]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-6-11 172032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-21 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-9-25 13352]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-4-21 14336]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-8-7 20288]

=============== Created Last 30 ================

2009-12-05 12:30:39 0 d-----w- c:\program files\Trend Micro
2009-12-01 02:13:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-30 23:12:32 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-30 23:12:21 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-30 23:09:56 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-30 23:09:35 0 d-----w- c:\program files\Lavasoft
2009-11-30 23:09:34 0 d-----w- c:\programdata\Lavasoft
2009-11-29 14:02:46 0 d-----w- c:\program files\Win7codecs
2009-11-29 14:01:17 0 d-----w- c:\programdata\Win7codecs
2009-11-26 02:50:26 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-26 02:50:26 180224 ----a-w- c:\windows\system32\xvidvfw.dll

==================== Find3M ====================

2009-11-03 00:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 19:12:41 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-17 19:12:41 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2009-10-17 19:12:41 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2009-10-17 19:12:41 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-04-22 08:14:13 174 --sha-w- c:\program files\desktop.ini
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-29 18:06:26 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-07-29 18:06:26 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-07-29 18:06:26 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-07-29 15:40:17 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-29 07:18:33 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-29 08:39:59 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-29 08:39:59 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-29 08:39:59 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

============= FINISH: 10:49:37.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 13 December 2009 - 07:09 PM

hi johnmacinnis,

Your log is a few days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 johnmacinnis

johnmacinnis
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 14 December 2009 - 03:28 PM

hello shelf life,

yes i still need help. things are getting worse i believe. if you leave me instructions i will follow them.

thank you,
john

#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 14 December 2009 - 06:35 PM

see if you can download and install MBAM:

Please download Malwarebytes to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click *Remove Selected.*



*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*



When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 johnmacinnis

johnmacinnis
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 16 December 2009 - 01:03 PM

hello shelf life,

i downloaded the software to a usb key on my laptop. i tried to install it on my pc but after the first step, language, it produced a violation error and i could not install it.

thanks,
john

#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 16 December 2009 - 06:27 PM

Navigate to C:/Program Files and locate the Malwarebytes anti-malware folder (C:\Program Files\Malwarebytes' Anti-Malware)
click on the folder and locate the MBAM.exe icon inside the folder
Right click on it and chose rename.
change it to: MBAM1.exe
then double click the icon and see if it starts up ok.

How Can I Reduce My Risk to Malware?


#7 johnmacinnis

johnmacinnis
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 December 2009 - 08:37 AM

hello shelf life,

i would do that but when i got home i logged in using my password and the system started, but instead of the normal screen it was just a blue screen with nothing except the windows 7 build info on the lower right hand corner. i tried ctrl alt del to get the task manager but if i tried anything, just to check, at a process or service level it said no access. i rebooted a couple of times and the same events occurred. the user icons for my daughter and i were there, selection and password brought both accounts to the empty screen. i had disabled the wifi adapter when it was still working, other than that, that is the situation.

thanks for your help,
john

#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 18 December 2009 - 07:53 PM

ok. try this--Reboot the computer and tap the f8 key. A option screen should show up. Chose the first one form the list: safe mode
At the safe mode desktop navigate to the Malwarebytes folder and try renaming, then running malwarebytes.

How Can I Reduce My Risk to Malware?


#9 johnmacinnis

johnmacinnis
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 20 December 2009 - 12:09 PM

Hello shelf life,

as mper your instructions, i entered safe mode and ran malwarebytes. it went through many infections and i rebooted. then it refused to allow me to login. response was "the interactive process has failed. please consult the event log for more detail. sort of back to square one. i went back to f8 at book and performed a repair at system recovery options to restore to the previous point on dec/16/2009. did what you said again, but my sophos virus was going nuts and crashing with file after file so i managed to terninate and remove the program. malbytes has cleaned up a lot more now and looks pretty good. however trojan remover found that wininit is large or suspicious, but i was hestitan to do anything without your approval. i will need to get offline until i hear from you until i reinstall virus protection. the wininit is a concern and rootrepeal doesn't work.

thanks for your ongoing support. i am work so i am not able to respond as quickly as i would like.
i will send another malbyte log today. just wanted to respond.

john

#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 20 December 2009 - 09:07 PM

hi,

thanks for all the info. We will get another download to use. Its called combofix. There is a guide you need to read first which you can do on another computer if you have to. I assume you have internet access on the malware computer. You would need to download combofix.exe to that one.
Read the guide, download combofix, disable any AV or antimalware that may be running, double click the combofix icon and follow the prompts. Post the combofix log. You are currently without a antivirus app? Do you plan to reinstall sophos? We can get another.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#11 johnmacinnis

johnmacinnis
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 20 December 2009 - 10:45 PM

Hi shelf life,

I downloaded combofix. Followed th instructions, but the app says that it only works with windows 2000 and xp.
I'm using windows 7 rc based on my retail copy of vista. Another error window alerts that the combofix package might be compromised and that it may be infected with a file patching virus called "virut".

Thanks again. I will wait to hear your thoughts.
John

#12 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 21 December 2009 - 11:26 AM

hi,

ok thanks for the info. My mistake I didnt look and see that you are running W7. Another thing, I suspected a file infecting virus when you said:

but my sophos virus was going nuts and crashing with file after file


This is a virus that infects all your files with extensions: .exe and .scr. It may also communicate with a IRC server. (back door)
You have loads and loads of .exe files on your machine. The bads news is that the best and safest way to deal with this type of virus is to reformat and reinstall Windows.

For more info just do a search for:

W32/virut virus

It may be possible to clean it up with some tools or running antivirus. UP to you how you want to proceed.

How Can I Reduce My Risk to Malware?


#13 johnmacinnis

johnmacinnis
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 21 December 2009 - 01:47 PM

hi shelf life,

no worries, you have helped me from a black hole with no light, thanks. i would like to beat this, if i can, but i do not want to monopolize your time and effort; others need help. if you wish to try, i will try. malbyte has cleaned things up a lot, but the userinit, and other virut patching is held in check by malbyte screening. i see popups from the tray that malicious ips have been blocked by the screening, so it is somewhat in stasis, but only just. i have read the virut info. i am in no rush to to do this. if your advice is simply to reformat the drive i will do so. is there any safe way to save files from an infected drive?
so i am pro clean up, but aware of the possible effort load for all involved. thoughts? and by the way i am interested in your anti virus software as i am not very trusting of sophos.

thanks
john

#14 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:47 PM

Posted 22 December 2009 - 07:00 PM

hi,

No problem. You can try cleaning it up with some tools and I wouldnt transfer any files right now.

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit icon to start the program.
* press start
* Allow the program to run the initial express scan
* This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.

Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.

* Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
* Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
* During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.

Note:(If the file cannot be cured, Dr.Web will automatically delete the file)

* Once the scan is complete, on the menu bar, click file and choose report list.
* Save the report to your desktop. The report will be called DrWeb.csv
* Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
* Close Dr.Web Cureit.

* Please post the Dr.Web.txt report in your next reply

After you run Dr.Web it wont hurt to use AVG's removal tool also:
http://www.avg.com/us-en/virus-removal.ndi-67762

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users