Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Culprit Mallware or Virus etc.


  • Please log in to reply
13 replies to this topic

#1 rikkidegraz

rikkidegraz

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 25 February 2010 - 08:06 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/298223/ive-been-hacked-i-think/ ~ OB

crazy.gif I'm sure I screwed up somewhere. Give me hell. I deserve it. Was I supposed to have uninstalled AVG?

Attached Files


Edited by Orange Blossom, 25 February 2010 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 27 February 2010 - 08:31 AM

hi,

I looked at your other post. It looks like your blog may have been compromised, not your machine. Web sites can be hacked to dish out malware and/or redirects etc.

How Can I Reduce My Risk to Malware?


#3 rikkidegraz

rikkidegraz
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 February 2010 - 01:50 PM

My virus software tells me the virus is js/downloader agent. What can I do to clean it out? I honestly thought I'd done something wrong following previous instructions.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 27 February 2010 - 07:39 PM

so does AVG put it in quarantine? Does it find again on a re-scan?

How Can I Reduce My Risk to Malware?


#5 rikkidegraz

rikkidegraz
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 February 2010 - 09:52 AM

Yes, AVG puts it in quarantine. I emptied the vault and did another scan. AVG didn't pick up the downloader agent. I wonder why?

I clicked on my site again - http://ceconn.com/what-smells-so-good and it did not show a virus but there was an error on the page:
Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Timestamp: Sun, 28 Feb 2010 14:54:03 UTC


Message: Expected ';'
Line: 1
Char: 31
Code: 0
URI: http://itsallbreaksoft.net/tds/in.cgi?2&am...yword=notdefine

Does that mean anything?

I just went back to my site again and - if you can believe this - it's infected more than before. No matter where I click, the virus alert comes up, I click to force it into the vault, refresh and there it is again.

Edited by rikkidegraz, 28 February 2010 - 10:22 AM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 28 February 2010 - 01:46 PM

When you browse to other sites, not your web page. do you get pop ups? cruise around any place other than your web site and see how it goes.
Like i said before maybe your website is compromised and the popups/redirects are originating from your page, when you or somebody else visits it that is.

How Can I Reduce My Risk to Malware?


#7 rikkidegraz

rikkidegraz
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 February 2010 - 05:40 PM

QUOTE(shelf life @ Feb 28 2010, 01:46 PM) View Post
When you browse to other sites, not your web page. do you get pop ups? cruise around any place other than your web site and see how it goes.
Like i said before maybe your website is compromised and the popups/redirects are originating from your page, when you or somebody else visits it that is.

No, I get no pop-ups anywhere else. It's pretty scary to think that site is scaring people away. I'm losing money.

Do I have to delete the site and start over?

I've attached the HJT in case you think it will help.

Attached Files



#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 28 February 2010 - 08:37 PM

I was trying to confirm when you were getting the popups, during normal web browsing or just when visiting your site. I would leave your web site as it is. We will get another tool to use on your machine. Its called combofix. There is a guide to read first, read through the guide and download combofix to your desktop. Follow the instructions in the guide and the prompts from combofix. Post the combofix log in your reply.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#9 rikkidegraz

rikkidegraz
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 01 March 2010 - 06:22 AM

I did as you said and have attached the log.

BTW, thank you for all your help. It is so appreciated.

Attached Files

  • Attached File  log.txt   26.54KB   9 downloads


#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 01 March 2010 - 05:15 PM

Log pasted in:

ComboFix 10-02-28.03 - Erika 03/01/2010 6:06.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.511 [GMT -5:00]

Running from: c:\documents and settings\Erika\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\twain_32.dll

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe



.

((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))

.



2010-02-28 18:54 . 2010-02-28 18:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-28 18:54 . 2010-02-28 18:54 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-02-28 18:54 . 2010-02-28 18:54 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-02-28 18:54 . 2010-02-28 18:54 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-02-28 18:54 . 2010-02-28 18:54 221408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2010-02-28 18:54 . 2010-02-28 18:54 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-02-28 18:54 . 2010-02-28 18:54 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-02-28 18:53 . 2010-02-28 18:53 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll

2010-02-28 18:47 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-02-28 18:24 . 2010-02-28 18:24 -------- d-----w- c:\program files\Trend Micro

2010-02-28 15:50 . 2010-02-28 15:50 -------- d-----w- c:\windows\Sun

2010-02-28 15:49 . 2010-02-28 15:49 503808 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d733b4e-n\msvcp71.dll

2010-02-28 15:49 . 2010-02-28 15:49 499712 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d733b4e-n\jmc.dll

2010-02-28 15:49 . 2010-02-28 15:49 348160 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d733b4e-n\msvcr71.dll

2010-02-28 15:49 . 2010-02-28 15:49 61440 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e9fdc9a-n\decora-sse.dll

2010-02-28 15:49 . 2010-02-28 15:49 12800 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e9fdc9a-n\decora-d3d.dll

2010-02-27 19:27 . 2010-02-28 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- c:\windows\ERUNT

2010-02-27 11:28 . 2010-03-01 10:57 83248 ----a-w- c:\windows\system32\pguard.dat

2010-02-27 11:28 . 2010-03-01 10:57 103904 ----a-w- c:\windows\system32\pghash.dat

2010-02-27 11:27 . 2010-02-27 11:28 -------- d-----w- c:\program files\ProcessGuard

2010-02-27 11:27 . 2008-07-25 18:33 26688 ----a-w- c:\windows\system32\drivers\procguard.sys

2010-02-27 11:27 . 2008-07-25 18:11 44544 ----a-w- c:\windows\system32\procguard.dll

2010-02-27 00:27 . 2010-02-27 12:52 -------- d-----w- c:\program files\Reimage

2010-02-26 19:39 . 2010-02-26 19:39 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-02-25 14:58 . 2010-02-28 18:49 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Temp

2010-02-25 00:27 . 2010-02-25 00:27 -------- d-----w- c:\windows\system32\wbem\Repository

2010-02-25 00:26 . 2010-02-25 00:26 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\PC_Drivers_Headquarters

2010-02-25 00:26 . 2010-02-25 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2010-02-25 00:26 . 2010-02-25 00:26 -------- d-----w- c:\program files\Driver Whiz

2010-02-24 19:42 . 2010-02-24 19:42 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-24 18:23 . 2010-02-25 00:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-24 18:23 . 2010-02-24 18:23 -------- d-----w- c:\documents and settings\Erika\Application Data\SUPERAntiSpyware.com

2010-02-24 17:43 . 2010-02-24 17:43 -------- d-----w- c:\documents and settings\Erika\Application Data\Malwarebytes

2010-02-24 17:43 . 2010-02-24 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-24 17:43 . 2010-02-25 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-17 13:16 . 2010-02-28 18:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-02-13 23:00 . 2010-02-25 18:04 -------- d-----w- c:\documents and settings\Erika\Application Data\CameraWindowDC

2010-02-13 23:00 . 2010-02-13 23:00 -------- d-----w- c:\documents and settings\Erika\Application Data\CANON INC

2010-02-13 22:48 . 2010-02-25 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2010-02-13 22:28 . 2010-02-13 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2010-02-13 20:10 . 2010-02-25 18:04 -------- d-----w- c:\documents and settings\Erika\Application Data\ZoomBrowser EX

2010-02-13 20:08 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-02-13 20:08 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-02-11 21:49 . 2009-12-17 22:14 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-11 21:47 . 2010-02-11 21:47 152576 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-11 21:46 . 2010-02-11 21:46 79488 ----a-w- c:\documents and settings\Erika\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-11 20:03 . 2010-02-28 15:48 -------- d-----w- c:\program files\Java

2010-02-11 20:02 . 2010-02-28 15:50 -------- d-----w- c:\program files\Common Files\Java

2010-02-11 19:32 . 2010-02-11 19:33 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Installer5660

2010-02-11 19:08 . 2010-02-11 19:08 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Installer5352

2010-02-11 12:08 . 2010-02-28 18:54 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-11 12:08 . 2010-02-28 18:54 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-11 12:08 . 2010-02-28 18:54 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-11 12:08 . 2010-02-28 18:54 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-11 12:08 . 2010-02-28 18:54 562272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-11 12:08 . 2010-02-28 18:54 390320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-11 12:08 . 2010-02-28 18:54 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-11 12:07 . 2010-02-28 18:54 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-11 12:07 . 2010-02-28 18:53 329048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-11 12:07 . 2010-02-28 18:53 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-11 12:07 . 2010-02-28 18:53 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-11 12:07 . 2010-02-11 12:07 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-11 12:07 . 2010-02-28 18:53 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-11 12:07 . 2010-02-28 18:53 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-11 12:07 . 2010-02-28 18:53 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-11 12:07 . 2010-02-28 18:53 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-11 12:07 . 2010-02-28 18:52 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-11 12:02 . 2010-02-18 09:50 -------- d-----w- c:\program files\Lavasoft

2010-02-11 11:55 . 2010-02-11 11:55 -------- d-----w- c:\documents and settings\Erika\Application Data\Lavasoft

2010-02-10 19:53 . 2010-02-10 19:53 -------- d-----w- c:\program files\NOS

2010-02-10 10:13 . 2010-02-10 10:13 -------- d-----w- c:\windows\system32\Macromed(2)

2010-02-07 14:43 . 2000-01-24 10:01 453632 ----a-w- c:\windows\system32\stdvcl40.dll

2010-02-07 14:43 . 2010-02-07 14:43 -------- d-----w- c:\program files\Web CEO

2010-02-06 23:13 . 2010-02-27 18:25 -------- d-----w- C:\SDFix

2010-02-06 23:12 . 2010-02-06 23:12 -------- d-----w- c:\program files\AVIedit

2010-02-06 23:10 . 2010-02-06 23:10 -------- d-----w- c:\documents and settings\Erika\Application Data\AVS4YOU

2010-02-06 23:09 . 2010-02-06 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-02-06 23:09 . 2010-02-06 23:09 -------- d-----w- c:\documents and settings\Erika\Application Data\NoteTab Light

2010-02-06 23:09 . 2010-02-06 23:09 -------- d-----w- c:\program files\NoteTab Light

2010-02-06 23:03 . 2010-02-06 23:03 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Help

2010-02-06 22:46 . 2010-02-06 23:17 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-02-06 22:46 . 2010-02-06 23:18 -------- d-----w- c:\program files\AVS4YOU

2010-02-06 22:46 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-02-06 22:28 . 2010-02-25 17:11 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\CANON_INC

2010-02-06 22:24 . 2010-02-06 22:24 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Identities

2010-02-06 22:21 . 2010-02-06 22:21 108 ------w- c:\windows\st3sys.sys

2010-02-06 21:39 . 2010-02-06 21:39 -------- d-----w- c:\program files\Frostbow

2010-02-06 21:38 . 2010-02-11 12:08 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-06 20:58 . 2010-02-06 20:58 122880 ----a-w- c:\documents and settings\Erika\Application Data\Mozilla\Plugins\npPxPlay.dll

2010-02-06 20:58 . 2010-02-06 20:58 -------- d-----w- c:\program files\Photodex Presenter

2010-02-06 20:57 . 2010-02-06 20:57 -------- d-----w- c:\program files\Photodex

2010-02-06 20:47 . 2010-02-06 20:47 -------- d-----w- c:\documents and settings\Erika\Application Data\NCH Software

2010-02-06 20:46 . 2010-02-06 20:52 -------- d-----w- c:\program files\NCH Software

2010-02-06 20:46 . 2010-02-08 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2010-02-06 20:19 . 2010-02-10 19:51 -------- dc----w- c:\windows\system32\DRVSTORE

2010-02-06 20:19 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-06 20:16 . 2010-02-11 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-06 19:56 . 2010-02-06 19:56 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Threat Expert

2010-02-06 19:05 . 2010-02-06 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-06 18:32 . 2010-02-27 19:29 -------- d-----w- c:\documents and settings\Erika\Application Data\FileZilla

2010-02-06 18:18 . 2010-02-28 15:57 -------- d-----w- c:\program files\CCleaner

2010-02-06 12:38 . 2010-02-06 12:38 10134 ----a-r- c:\documents and settings\Erika\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

2010-02-06 12:38 . 2010-02-06 12:38 -------- d-----w- c:\windows\Downloaded Installations

2010-02-06 12:28 . 2010-02-06 12:28 -------- d-----w- c:\documents and settings\Erika\Application Data\Canon

2010-02-05 17:27 . 2010-02-05 17:27 -------- d-----w- c:\documents and settings\Erika\Application Data\AVG9

2010-02-05 14:26 . 2010-02-05 14:26 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\PCHealth

2010-02-04 13:39 . 2010-02-13 22:41 -------- d-----w- c:\program files\Common Files\Canon

2010-02-04 13:29 . 2004-01-14 01:10 163840 ----a-w- c:\windows\BJPSUNST.EXE

2010-02-04 13:28 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe

2010-02-04 13:26 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-02-04 13:26 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-02-04 13:20 . 2010-02-18 20:08 -------- d-----w- c:\windows\StartHtmico

2010-02-04 13:18 . 2010-02-04 13:18 -------- d-----w- c:\program files\MSXML 4.0

2010-02-04 13:07 . 2010-02-04 13:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-02-04 13:03 . 2010-02-04 13:03 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\WMTools Downloaded Files

2010-02-04 12:52 . 2010-02-13 22:49 -------- d-----w- c:\program files\Canon

2010-02-04 12:44 . 2010-02-04 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-02-04 12:35 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Erika\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-04 12:35 . 2010-02-04 12:35 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-02-04 12:34 . 2010-02-04 12:34 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-02-04 12:34 . 2010-02-10 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-02-04 12:31 . 2010-02-10 18:50 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\Adobe

2010-02-04 12:25 . 2010-02-04 12:25 -------- d-----w- c:\program files\Bonjour

2010-02-04 12:13 . 2010-02-04 12:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-09 10:29 . 2010-02-10 19:47 178012 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

2010-02-04 17:35 . 2010-02-03 21:07 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-03 21:59 . 2006-08-29 19:05 2206720 ----a-w- c:\windows\system32\drivers\w29n51.sys

2010-02-03 21:59 . 2006-08-29 19:01 2732032 ----a-w- c:\windows\system32\Netw2r32.dll

2010-02-03 21:59 . 2006-08-29 19:00 557056 ----a-w- c:\windows\system32\Netw2c32.dll

2010-02-03 21:58 . 2010-02-03 21:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-03 21:53 . 2010-02-03 21:53 162176 ----a-w- c:\windows\system32\drivers\tifm21.sys

2010-02-03 21:46 . 2010-02-03 21:46 -------- d-----w- c:\program files\TOSHIBA

2010-02-03 21:45 . 2010-02-03 21:45 -------- d-----w- c:\program files\Windows Media Connect 2

2010-02-03 21:45 . 2010-02-03 21:45 -------- d-----w- c:\program files\Apoint2K

2010-02-03 21:45 . 2010-02-03 21:38 -------- d-----w- c:\program files\Common Files\InstallShield

2010-02-03 21:45 . 2010-02-03 21:45 87865 ----a-w- c:\windows\system32\Vxdif.dll

2010-02-03 21:45 . 2010-02-03 21:45 101874 ----a-w- c:\windows\system32\drivers\Apfiltr.sys

2010-02-03 21:44 . 2010-02-03 21:44 -------- d-----w- c:\program files\Realtek AC97

2010-02-03 21:44 . 2010-02-03 21:44 77824 ----a-w- c:\windows\soundman.exe

2010-02-03 21:44 . 2010-02-03 21:44 9410048 ----a-w- c:\windows\system32\RTLCPL.exe

2010-02-03 21:43 . 2010-02-03 21:44 156672 ----a-w- c:\windows\system32\RTLCPAPI.dll

2010-02-03 21:43 . 2010-02-03 21:44 2324480 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS

2010-02-03 21:43 . 2010-02-03 21:44 40960 ----a-w- c:\windows\system32\ChCfg.exe

2010-02-03 21:43 . 2010-02-03 21:44 176 ----a-w- c:\windows\system32\drivers\alcxhweq.dat

2010-02-03 21:43 . 2010-02-03 21:44 176 ----a-w- c:\windows\system32\drivers\alcxeq.dat

2010-02-03 21:43 . 2010-02-03 21:44 1256 ----a-w- c:\windows\system32\drivers\alcxinit.dat

2010-02-03 21:43 . 2010-02-03 21:44 294912 ----a-w- c:\windows\alcupd.exe

2010-02-03 21:43 . 2010-02-03 21:44 200704 ----a-w- c:\windows\alcrmv.exe

2010-02-03 21:43 . 2010-02-03 21:38 10134 ----a-r- c:\documents and settings\Erika\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe

2010-02-03 21:43 . 2010-02-03 21:36 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe

2010-02-03 21:42 . 2010-02-03 21:42 -------- d-----w- c:\program files\ltmoh

2010-02-03 21:41 . 2010-02-03 21:42 88358 ----a-w- c:\windows\agrsmmsg.exe

2010-02-03 21:41 . 2010-02-03 21:42 77824 ----a-w- c:\windows\system32\tosmreg.exe

2010-02-03 21:41 . 2010-02-03 21:42 64512 ------w- c:\windows\agrsmdel.exe

2010-02-03 21:41 . 2010-02-03 21:42 45056 ----a-w- c:\windows\system32\csellang.dll

2010-02-03 21:41 . 2010-02-03 21:42 110592 ----a-w- c:\windows\system32\cselect.exe

2010-02-03 21:41 . 2005-03-05 14:02 1066278 ----a-w- c:\windows\system32\drivers\AGRSM.sys

2010-02-03 21:38 . 2010-02-03 21:38 -------- d-----w- c:\program files\Atheros

2010-02-03 21:07 . 2010-02-03 21:07 -------- d-----w- c:\program files\microsoft frontpage

2010-02-03 21:05 . 2010-02-03 21:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-02-03 19:22 . 2010-02-03 19:22 -------- d-----w- c:\program files\MSBuild

2010-02-03 19:18 . 2010-02-03 19:18 -------- d-----w- c:\program files\Reference Assemblies

2009-12-31 16:50 . 2008-10-08 20:12 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:14 . 2008-10-08 20:12 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-16 18:43 . 2010-02-03 21:04 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2008-10-08 20:12 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27 . 2008-10-08 20:12 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2008-04-14 00:01 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2008-10-08 20:12 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]



[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]



[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]



[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-04 39408]

"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-02-03 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-02-03 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-02-03 114688]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2010-02-03 184320]

"AGRSMMSG"="AGRSMMSG.exe" [2010-02-03 88358]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-02-03 196608]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]



c:\documents and settings\Erika\Start Menu\Programs\Startup\

Outlook.lnk - c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe [2010-2-4 845584]



c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-02-04 09:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-02-04 10:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

2005-08-26 03:11 53248 ----a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4100:UDP"= 4100:UDP:uPNP Router Control Port



R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2010 3:19 PM 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/4/2010 4:39 AM 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/4/2010 4:39 AM 360584]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/4/2010 4:38 AM 285392]

R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [2/27/2010 6:27 AM 31744]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]

R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2/27/2010 6:27 AM 26688]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 5:53 AM 135664]

S3 cpuz132;cpuz132;\??\c:\docume~1\Erika\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\Erika\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [?]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder



2010-03-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:53]



2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 10:53]



2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 10:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/ig?sourceid=navclient&ie=UTF-8&hl=en&source=iglk

uInternet Settings,ProxyOverride = *.local

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.



**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-01 06:11

Windows 5.1.2600 Service Pack 3 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



HKLM\Software\Microsoft\Windows\CurrentVersion\Run

!1_pgaccount = "c:\program files\ProcessGuard\pgaccount.exe"??????????????????????????????????????????????



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************

.

Completion time: 2010-03-01 06:14:49

ComboFix-quarantined-files.txt 2010-03-01 11:14



Pre-Run: 65,685,483,520 bytes free

Post-Run: 65,654,538,240 bytes free



WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect



- - End Of File - - 5BD6DF6D9987664FC899FD319E6F3EF9

How Can I Reduce My Risk to Malware?


#11 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 01 March 2010 - 05:21 PM

See if you can locate this file:
st3sys.sys

located here:
c:\windows

(c:\windows\st3sys.sys)

If so go to this site, browse for the file on your computer then upload it using the send button. It will be scanned. When the scan is finished you can copy paste the results in or just the URL (http://)

How Can I Reduce My Risk to Malware?


#12 rikkidegraz

rikkidegraz
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 02 March 2010 - 04:33 AM

http://www.virustotal.com/analisis/e68342f...19e8-1267522216

Thank you again. Here is the long version:

-squared 4.5.0.50 2010.03.02 -
AhnLab-V3 5.0.0.2 2010.03.02 -
AntiVir 8.2.1.176 2010.03.02 -
Antiy-AVL 2.0.3.7 2010.03.02 -
Authentium 5.2.0.5 2010.03.02 -
Avast 4.8.1351.0 2010.03.01 -
Avast5 5.0.332.0 2010.03.01 -
AVG 9.0.0.730 2010.03.01 -
BitDefender 7.2 2010.03.02 -
CAT-QuickHeal 10.00 2010.03.02 -
ClamAV 0.96.0.0-git 2010.03.02 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.02 -
eSafe 7.0.17.0 2010.03.01 -
eTrust-Vet 35.2.7335 2010.03.02 -
F-Prot 4.5.1.85 2010.03.01 -
F-Secure 9.0.15370.0 2010.03.02 -
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.03.02 -
Ikarus T3.1.1.80.0 2010.03.02 -
Jiangmin 13.0.900 2010.03.02 -
K7AntiVirus 7.10.986 2010.03.01 -
Kaspersky 7.0.0.125 2010.03.02 -
McAfee 5907 2010.03.01 -
McAfee+Artemis 5907 2010.03.01 -
McAfee-GW-Edition 6.8.5 2010.03.02 -
Microsoft 1.5502 2010.03.02 -
NOD32 4907 2010.03.02 -
Norman 6.04.08 2010.03.01 -
nProtect 2009.1.8.0 2010.03.02 -
Panda 10.0.2.2 2010.03.01 -
PCTools 7.0.3.5 2010.03.02 -
Rising 22.37.01.04 2010.03.02 -
Sophos 4.50.0 2010.03.02 -
Sunbelt 5716 2010.03.01 -
Symantec 20091.2.0.41 2010.03.02 -
TheHacker 6.5.1.7.218 2010.03.02 -
TrendMicro 9.120.0.1004 2010.03.02 -
VBA32 3.12.12.2 2010.03.02 -
ViRobot 2010.3.2.2208 2010.03.02 -
VirusBuster 5.0.27.0 2010.03.01 -
Additional information
File size: 108 bytes
MD5...: f85a099c2abb27857b6c29dc43a170c6
SHA1..: 6a967f523b67136aa33f333c9da962b6377f53b8
SHA256: e68342f7528eca389c163f720fe3da21e0e1a38e7d4e8c8bb09348b053e419e8
ssdeep: 3:glrVZlSlc1mtslt:gE6csX

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: PGN (Portable Gaming Notation) Compressed format (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



#13 rikkidegraz

rikkidegraz
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 02 March 2010 - 09:51 AM

I was just at my website http://food911.ceconn.com and it's back to redirecting.

OK, to fill you in what I just did. I deleted that blog. Luckily, I had done a backup and it was on an exterior hard drive, so after downloading a fresh copy of the core files, I copied the saved files and bingo, I think I got it.

As much as I would have liked to have figured out what was happening to my site, I couldn't spend any more time. Man, I'd been working on this issue for nearly a week.

Again, thanks for all your help.

Edited by rikkidegraz, 02 March 2010 - 12:36 PM.


#14 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:53 PM

Posted 04 March 2010 - 08:56 PM

Well it sounds like to me your site may have been compromised if it indeed was dishing out redirects.

some links you might want to check out:

http://stopbadware.org/home/security
http://www.unmaskparasites.com/

You can remove Combofix with this tool:
Please download OTCleanIt and save it to desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.



If all is well some tips to help you remain malware free:

10 Tips that should help *Reduce and Prevent* your risk To Malware:


1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. Use the Alt+F4 key to close your browser. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If these are constantly finding malware on your computer then its time to review your computer habits.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source?

5) Don't click on ads/pop ups or any offer from websites requesting that you need to install software to your computer--*for any reason.* Use the Alt+f4 key to close your browser.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Consider using another browser. Internet Explorer is and will continue to be the most exploited browser as it is the most widely used.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. Using them will cause you all kinds of problems. If you download/install files via p2p networks then you are also much more likely to encounter malicious code. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Edited by shelf life, 04 March 2010 - 09:00 PM.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users