Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?


  • This topic is locked This topic is locked
2 replies to this topic

#1 blipmepleez

blipmepleez

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 March 2010 - 05:43 PM

Pasting in additional information from another post. ~ OB

Hi,

I received an email from a friend with a link. I clicked the link (yeah, dumb, I know...) and now I am getting dozens of emails from my contacts saying that they have received a similar spam (i.e. an email with a single link) from my email address. The links vary, but they all redirect to an on-line pharmacy retailer. When I went to my 'Sent' email folder in yahoo, I found that the last 2 years of 'sent' emails had been deleted.

I suspect that some kind of malware used my yahoo account to send out a wave of these emails out?

I have three questions
1. is there a trojan / virus / etc. on my computer now?
2. is my email account now accessible to others?
3. how do I fix these problems (if they exist)?

I use a yahoo email account accessed with Firefox 3.5.8 on my Dell laptop (running Vista)

Edi

End of added information. ~ OB

Hi,

I am sorry I do not know the name of my infection.

Main symptoms are momentary monopolizations of internet communications in / out (e.g. new streaming interruptions, freezing of controls of real-time contols) and CPU overload on previously easily handled programs. Neither windows defender or task manager show obviously infected processes running at these times.

Log files attached and pasted below (ark.txt was empty)

NOTE: GMER scan did not seem to work properly. Grinler's guide to posting a topic says that the gmer options should not include Sections, IAT/EAT, Drives/Partition... & Show All, which was the case. However, Grinler's screen capture of the gmer options showed that Systems, Devices, Modules, Processes, Threads and Libraries should be selected. When gmer opened, these were not selected, nor could I select them. I ran the scan anyway... and the ark.txt file was empty. The scan did run, however (took > 15 min) and ended with a message saying 'no abnormal processes' or something similar.

___________________________________________________________________________
DDS log

___________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSX64
Run by bossman at 13:24:09.22 on 04/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.2.1033.18.4093.2301 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bossman\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ipb.quicksilverscreen.com/index.php?showtopic=109305&pid=793952&st=45&#entry793952
uWindow Title = Internet Explorer provided by Dell
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinPatrol] "c:\program files (x86)\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [Adobe Reader Speed Launcher] c:\program files (x86)\adobe\reader 9.0\reader\READER_SL.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: gob.mx\simlex.stps
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files (x86)\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files (x86)\common files\skype\Skype4COM.dll
LSA: Notification Packages = scecli psqlpwd
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup

================= FIREFOX ===================

FF - ProfilePath - c:\users\bossman\appdata\roaming\mozilla\firefox\profiles\ldsp3k29.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.weatheroffice.gc.ca/city/pages/bc-74_metric_e.html|http://ca.mc536.mail.yahoo.com/mc/showFolder;_ylt=AlSvEulzTFY09R3KoguBXKyMIL4X?.rand=1349766162#_pg=showFolder&fid=Inbox&order=down&tt=149&pSize=25&.jsrand=5572257|http://www.google.ca/finance?q=CVE:GAP
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-2-25 53488]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-12 89680]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_bb0e6831\AESTSr64.exe [2009-2-25 86016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-12 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-12 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-12 138680]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-12 352920]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-23 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-5-29 48640]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-2-25 409112]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-03-04 21:20:43 0 ----a-w- c:\users\bossman\defogger_reenable
2010-02-24 13:45:38 726528 ----a-w- c:\windows\syswow64\jscript.dll
2010-02-24 13:45:25 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-02-24 13:45:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:38:27 4678232 ----a-w- c:\windows\system32\ntoskrnl.exe

==================== Find3M ====================

2010-02-26 01:45:22 69695 ----a-w- c:\programdata\nvModes.dat
2010-02-24 17:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-01-21 19:37:32 53744 ----a-w- c:\users\bossman\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-01-02 07:08:29 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 07:03:21 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 07:03:21 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-02 06:38:04 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-02 06:36:10 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-01-02 06:33:34 5942784 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-02 06:33:32 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-01-02 06:33:32 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-02 06:32:51 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-01-02 06:32:33 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-01-02 06:32:33 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-01-02 06:32:32 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-01-02 06:32:32 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-01-02 06:32:32 11070464 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-02 06:32:26 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-02 05:25:39 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 04:57:00 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-01-02 04:56:50 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-01-02 04:56:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-12-28 12:45:26 13824 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:44:32 1570816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:42:34 25600 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:42:32 38400 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:42:32 143360 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:42:28 15872 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:41:43 93184 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:41:22 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:39:08 76800 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:39:08 108544 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:35:50 11776 ----a-w- c:\windows\syswow64\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\syswow64\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\syswow64\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\syswow64\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\syswow64\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\syswow64\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\syswow64\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\syswow64\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\syswow64\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\syswow64\avicap32.dll
2009-07-29 23:29:24 51200 ----a-w- c:\windows\inf\infpub.dat
2009-07-29 23:29:24 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-07-29 23:29:23 86016 ----a-w- c:\windows\inf\infstor.dat
2009-02-25 18:18:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-25 16:57:00 75 --sh--r- c:\windows\CT4CET.bin
2009-09-20 01:37:08 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-20 01:37:08 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-20 01:37:08 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-09-20 01:37:08 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 17:11:27 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-03 04:38:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-08-03 04:38:51 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-08-03 04:38:51 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-02-25 17:39:44 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:24:42.97 ===============

___________________________________________________________________________
ark.txt file ...WAS EMPTY
___________________________________________________________________________

Attached Files


Edited by Orange Blossom, 04 March 2010 - 08:48 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:49 PM

Posted 07 March 2010 - 03:38 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 12 March 2010 - 08:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users