Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown Trojan


  • This topic is locked This topic is locked
16 replies to this topic

#1 amrithram

amrithram

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 09 May 2010 - 01:47 AM

I'm running Windows Vista, and was recently infected with an unknown malware. The first symptom I saw was ad popups from Internet Explorer 8, even when IE wasn't running. I ran MalwareBytes, and found 1 infected registry key. Here's the log:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert)

I removed the key, but it keeps reappearing on every reboot.

I also ran Norton Antivirus 2010, and it identified a whole bunch of Rootkit and Trojan viruses. These were quarantined, and I don't seem to see the popups anymore (though it's too early to say for sure). Norton also found about 75 tracking cookies, which it deleted. However, these cookies still keep reappearing with every reboot. The Norton log is shown below:

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
5/8/2010 2:02 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/8/2010 7:03 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/6/2010 6:31 PM,High,"Risks in compressed file \"xemocasnrw.exe\" detected by Virus scanner",Quarantined,Resolved - No Action
5/6/2010 6:31 PM,High,"Risks in compressed file \"oxnrwsamce.exe\" detected by Virus scanner",Quarantined,Resolved - No Action
5/6/2010 5:23 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/6/2010 5:33 AM,High,imiyus.exe (Trojan Horse) detected by Auto-Protect,Quarantined,Resolved - No Action
5/6/2010 12:33 AM,High,umofya.exe (umofya.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 11:15 PM,High,dxxmte.exe (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 11:13 PM,High,oooiob.exe (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 9:42 PM,High,0.157527039497648.exe (0.157527039497648.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 9:40 PM,High,applet5[1].htm (Bloodhound.Exploit.292) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 9:30 PM,High,uqpvrr.exe (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 8:32 PM,High,khvcol.exe (Suspicious.Cloud) detected by Auto-Protect,Quarantined,Resolved - No Action
5/4/2010 8:20 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/4/2010 6:25 PM,High,jfanmq.exe (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 3:29 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
5/4/2010 2:12 PM,High,tyysqcc.exe (tyysqcc.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 2:12 PM,High,wgvyd.exe (wgvyd.exe) detected by SONAR,Removed,Resolved - No Action
5/4/2010 2:12 PM,High,wgvyd.exe (wgvyd.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 2:11 PM,High,omrneswaxc.exe (omrneswaxc.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 2:11 PM,High,jwb.exe (jwb.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 2:11 PM,High,jwc.exe (jwc.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 2:11 PM,High,oraenmscwx.exe (oraenmscwx.exe) detected by SONAR,Quarantined,Resolved - No Action
5/4/2010 2:11 PM,High,khvcol.exe (Suspicious.Cloud) detected by Auto-Protect,Quarantined,Resolved - No Action
5/4/2010 2:11 PM,High,1162874712.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:11 PM,High,viaagp.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,vgapnp.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,usbscan.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,usbaapl.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,uliagpkx.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,uagp35.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,sisagp.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,sffp_sd.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,sffp_mmc.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,serial.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,serenum.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,atikmdag.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,parvdm.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,parport.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:10 PM,High,palmusbd.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,nwlnkfwd.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,nwlnkflt.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,nv_agp.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,lmoufilt.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,lhidfilt.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,ipinip.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,gagp30kx.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,e1g60i32.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:09 PM,High,e1e6032.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,brusbser.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,brserid.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,brfiltup.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,brfiltlo.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,bcm42rly.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,amdagp.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:08 PM,High,agp440.sys (Hacktool.Rootkit) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,oriqbjdp[1].htm (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,fwevpovto[1].htm (Suspicious.Cloud) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,oriqbjdp[1].htm (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,fwelcx[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,fwevpovto[1].htm (Suspicious.Cloud) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,fwelcx[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,fwelcx[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,nbmrh.exe (Trojan.FakeAV) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,fwelcx[1].htm (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,uaufqma.exe (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,mrxcawsoen.exe (Backdoor.Tidserv) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,rxewscmoan.exe (Backdoor.Tidserv) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,exsconrawm.exe (Trojan.Adclicker) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 2:06 PM,High,maewocrsxn.exe (Trojan.Adclicker) detected by Auto-Protect,Blocked,Resolved - No Action
5/4/2010 1:27 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action

Also, now everytime I run a full Norton scan, I get the blue screen of death, with the following wording:
*** STOP: 0x00000050 (0xD6F8000B, 0x00000000, 0xB337CF60, 0x00000000)
*** pwldrpow.sys - Address B337CF60 base at B3371000, DateStamp 4b274f8d

Also, one thing I noticed in the Startup Programs list is the following file, which appears twice:
M5T8QL3YW3 (filename Jwf.exe). In task manager, I see Jwf.exe with the Description set to "bCmX3D5 eEvE" and using around 155 Megabytes of memory. I was able to end the process. I don't know if this is a malicious file or not, but just thought it looked fishy.

I went through the instructions for submitting a topic to this forum. I'm attaching the DDS.txt and Attach.txt files. However, I could not generate the ark.txt file from GMER because whenever I tried to run it, it would scan for a while but always hit the BSOD before completing. I'll keep trying and if I'm successful I will update this topic with the ark.txt attachment.

I've also included the full Norton log (Resolved Security Risks.txt) and MalwareBytes log (mbam-log-2010-05-08 (21-09-01).txt).

Thanks to anybody who takes a look at this issue. It's much appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 10 May 2010 - 06:39 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 10 May 2010 - 11:28 PM

Hi m0le,

Thanks for taking the time to look at my issue! I'm ready to start whenever you are.

By the way, I was able to get GMER to finally run all the way through and save the log (although I got the blue screen almost immediately afterward). I'm attaching the ark.txt file here.

Thanks,
Amrith

Attached Files

  • Attached File  ark.log   13.6KB   2 downloads


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 11 May 2010 - 02:27 PM

You certainly have trojan activity and some spyware. MBAM's result shows an undeleted file so please rerun MBAM making sure you remove anything that is recommended if you haven't already. If you have then please rerun it and post the log that results.


Then please run Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#5 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 12 May 2010 - 01:19 AM

Hi m0le,

I'm attaching the MBAM log after cleaning everything up.

I will also run Superantispyware and get back to you with the scan log.

Thanks,
Amrith

Attached Files



#6 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 12 May 2010 - 12:40 PM

Hi m0le,

I ran Superantispyware last night. I had left it running overnight, and when I got up in the morning, apparently Windows had done some automatic updates and rebooted, so I wasn't able to do the quarantine and removal. I will rerun it today and perform all the steps to the end. However, Superantispyware did save a log for me of what it found, so I'm attaching that here just FYI.

Thanks.

Attached Files



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 12 May 2010 - 02:38 PM

No traces of anything. Let's try a different method to see if anything pops up.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 14 May 2010 - 06:10 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 14 May 2010 - 11:21 PM

Hi m0le,

I'm sorry about the delay. I still haven't run Dr. WebCureit yet, but I did get a chance to clean the files found by superantispyware. The log is attached.

Let me run Dr. WebCureit and send you the log soon.

Also, just to let you know the symptoms have changed in the last few days. I don't see the blue screen anymore, and no popups either. However, the adware tracking cookies keep reappearing (I ran superantispyware again after the attached clean log, and there was one that appeared).

Thanks again.

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 17 May 2010 - 07:48 PM

You still there?
Posted Image
m0le is a proud member of UNITE

#11 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 18 May 2010 - 01:54 AM

Hi m0le,

Just finished the Express scan, and it didn't find anything. I'm running the Complete scan now, letting it go overnight. Will report first thing in the morning.

Thanks again.
Amrith

#12 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 19 May 2010 - 11:11 AM

Hi m0le,

Here's an update on what I tried the last couple of days. I wasn't able to complete a successful run of the SW.

Monday night, after sending you the last update, Dr. Web Cureit Complete scan had started to run. After some time, it found an infected archive file in the Norton program folder. A dialog box asked me if I wanted to Move the file. The options were "Yes", "Yes to All", "No", and "No to All". I selected "Yes to All". The scan continued to run, and by the time I decided to let it run overnight and go to sleep, it had found a total of 10 infected files, all in either Archives or Containers. All of them were labeled as "Moved". The next morning, I found that the computer had rebooted on its own. I'm not sure if the scan completed running or not, and there was no option in Dr. Web Cureit to open a log file.

Tuesday (yesterday) night, I tried it again. As before, the Express scan did not find anything. This time I disabled my computer's screensaver and power management in case they were causing problems. After starting Complete scan, I waited quite a couple of hours before going to bed. This time, it went past the Norton folder as well as the other folders where it had previously found infected files. By the time I went to sleep, it was still running without having encountered a single infected file. However, this morning I again found that the computer had rebooted, with a message that the computer had not been shut down properly (probably a blue screen).

Just wanted to give you that update. I'm going to try again where I'm awake during the whole process, but I probably won't be able to do that until the weekend.

Thanks!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 19 May 2010 - 03:23 PM

It may have disinfected the malware rather than just deleting it. This would explain why on the next run it went straight past.

I have noted your absence until the weekend. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:32 AM

Posted 25 May 2010 - 06:59 PM

Hi,

I have not had a reply from you for 6 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#15 amrithram

amrithram
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 25 May 2010 - 09:05 PM

Hi m0le,

I was just about to write to you. The laptop in question is actually my father's, and due to a family emergency over the weekend, he has to make an immediate trip to India tomorrow, taking the laptop with him. So it looks like we won't be able to continue the debug on this one.

It looks like the measures you asked us to take have greatly improved the stability of the computer. It may be completely virus-free, but it is now fairly functional for the short term. I've asked my father to do a fresh upgrade to windows 7, and hopefully that will be a good long term solution.

I really appreciate all the help and advice you've given us, and hope you will accept a small donation as our token of gratitude.

Cheers!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users