Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of nasty Trojan horse BackDoor.Ircbot.LWM


  • This topic is locked This topic is locked
6 replies to this topic

#1 chicagoexpat

chicagoexpat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 09 June 2010 - 11:55 AM

I am, apparently, infected with the Trojan horse BackDoor.Ircbot.LWM

I know there are other threads on this. I tried to use some of their fixes as outlined below, and did not get a solution. If I am supposed to post my stuff here to one of those threads, please let me know.

This virus continues to act and hijack my web browsers – especially when I click on links from any Google search – and only one software program I've used finds it on my system, AVG free version 9.0, but it can't remove it.


AVG finds the file:

"C:\WINDOWS\system32\svchost.exe (1424):\memory_00400000";"Trojan horse BackDoor.Ircbot.LWM";"Object is inaccessible."

"C:\WINDOWS\system32\svchost.exe (1424)";"Trojan horse BackDoor.Ircbot.LWM";""
& the number in parentheses changes with each running of the AVG.

Norton (which I installed after this attack started), however, notes it's blocking intrusion attempts.

I don't know if this is related, but I regularly update Microsoft with all patches, etc. (except upgrading to IE 8) – but at the same time I became aware of this TrojanHorse, I couldn't access the Microsoft Update page – I only get Error number: 0x80072EFF
& " The website has encountered a problem and cannot display the page you are trying to view."
This happened BEFORE I downloaded Norton Security (see below) & continues.

My computer/ops info:

Dell Dimension 3000 – Desktop/Tower model
Processor Intel® Celeron® CPU 2.40GHz
Processor Speed 2.34 GHz
Memory (RAM) 2048 MB
Operating System Microsoft Windows XP Home Edition
Operating System Version 5.1.2600
Service Pack 3

I was originally running AVG anti-virus, I'm now running Norton Security SuiteVersion: 4.2.0.12
& AVG is uninstalled.
Under Windows Security System the firewall and Virus Protection has always been on


BACKGROUND STORY:

I was using AVG free version 9.0829 for antivirus

When I moved to a new address that has Comcast internet service, the AVG software started popping up telling me there had been attacks on my computer. It would isolate dozens of files into its virus vault.

My browsers (Mozilla Fox v. 2 & IE 7) both would get hijacked to random web sites.

I updated and ran AVG, Malwarebits both in normal and safe mode.

AVG & Malware initially found stuff it cleaned off.
Malware needed to re-boot to finish the job the first time I ran it, and I did reboot. After that, it says it finds nothing.

I ran online scanners
http://onecare.live.com/site/en-us/default.htm

It initially found an "object" and said it cleaned it off.

and I also ran the ESET online scanner from

http://www.eset.com/online-scanner

It also found something it said it cleaned.

I downloaded GMER and ran it – but couldn't figure out how to access its logs, I don't know what it did.

Then I run AVG in normal mode, though, it continually picked up the "Trojan horse BackDoor.Ircbot.LWM" located on the "svchost.exe" file.

My roommate suggested downloading the free Norton security package offered with our Comcast subscription,
Norton Security SuiteVersion: 4.2.0.12

So I uninstalled AVG and installed Norton, updated it, ran it in both normal and safe modes but it said it found nothing on my computer (other than tracking cookies it removed).

I installed AVG again, updated it, and it still finds the "Trojan horse BackDoor.Ircbot.LWM" located on the "svchost.exe" file.

So I uninstalled AVG again

I currently have Norton running. It will pop up with how it blocked intrusion attempts from network traffic with "signatures of known attacks"

I currently continue to use the Norton package and have it and the Microsoft firewalls turned on.

Browser hijack attempts still happen, & Norton still blocks some intrusion events

Thanks in advance for any suggestions/help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 AM

Posted 09 June 2010 - 03:57 PM

Hello, how many AV's are active on here now?

About the infection found.
Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by boopme, 09 June 2010 - 03:58 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 chicagoexpat

chicagoexpat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 09 June 2010 - 06:10 PM

The only anti virus program running is Norton Security SuiteVersion: 4.2.0.12
Under the Windows security emblem, it also still shows the Firewall abd tge Virus Protection is on

Also, I don't know if it's a function of the antivirus programs or the Trojan, but everything is now sluggish -- it takes upt to a couple of real time minutes for a program to click on, or up to 10 seconds to respond punching a button.

Here's the log, although I am sure, if I installed AVG again it would ID the trojan horse on the "svchost.exe" object

-- chicagexpat


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/9/2010 3:51:26 PM
mbam-log-2010-06-09 (15-51-26).txt

Scan type: Quick scan
Objects scanned: 137944
Time elapsed: 36 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 AM

Posted 09 June 2010 - 07:46 PM

OK well due to the abilities of this malware,which are seriously bad,we should take a deep look and be sure it does or does not exist on here.

The GMER log should have saved to yhe desktop..
•When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 chicagoexpat

chicagoexpat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 10 June 2010 - 09:57 AM

Yes, thanks.

GMER log I just ran yesterday is below. DDS will come later.

Or do you want me to post this GMER log & the DDS log under the new thread only?

As I mentioned, I’ve run Malware several times in normal & safe mode and it only found something on the first run, asked me to reboot, and I did (& ran it again). After that 1st time, it said it couldn’t find anything.

Since my last reply, I again have Norton inform me of blocking intrusion attempts, w/ the messages saying:
"The attack was resulted from \DEVICE\HARDDISKVOLUME2\ WINDOWS\SYSTEM32\SVCHOST.EXE"
Which is where AVG finds the Trojan horse

I re-installed and ran AVG after getting the above Malware log and again got notices the Trojan was found but AVG could not remove:
"C:\WINDOWS\system32\svchost.exe (240):\memory_00400000";"Trojan horse BackDoor.Ircbot.LWM";"Object is inaccessible."
"C:\WINDOWS\system32\svchost.exe (240)";"Trojan horse BackDoor.Ircbot.LWM";""

And just trying to get to this forum, my Firefox browser was again hijacked, despite Norton's efforts. It or IE seems to be hjijacked the first time I use it, then Norton keeps popping up & telling me it blocked intrusion attempts.

I have Norton only running. The Windows Security Center also shows its firewall and virus protection on.

++++++++++++++++++++++++++++++++++++++++++++++++

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 23:06:45
Windows 5.1.2600 Service Pack 3
Running: b34kct3l[1].exe; Driver: C:\DOCUME~1\YoYou\LOCALS~1\Temp\aftdyaog.sys


---- System - GMER 1.0.15 ----

SSDT 8A38E658 ZwAlertResumeThread
SSDT 8A38E738 ZwAlertThread
SSDT 8A58C6C8 ZwAllocateVirtualMemory
SSDT 8A383D68 ZwAssignProcessToJobObject
SSDT 8A4491A8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAFE35210]
SSDT 8A362A40 ZwCreateMutant
SSDT 8A3EC808 ZwCreateSymbolicLinkObject
SSDT 8A5A1850 ZwCreateThread
SSDT 8A428D10 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAFE35490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAFE359F0]
SSDT 8A49CCD0 ZwDuplicateObject
SSDT 8A571D10 ZwFreeVirtualMemory
SSDT 8A376B80 ZwImpersonateAnonymousToken
SSDT 8A37D7A0 ZwImpersonateThread
SSDT 8A5E4590 ZwLoadDriver
SSDT 8A480458 ZwMapViewOfSection
SSDT 8A362980 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xAFE357A0]
SSDT 8A490D58 ZwOpenProcess
SSDT 8A475708 ZwOpenProcessToken
SSDT 8A3ECDC8 ZwOpenSection
SSDT 8A49CDA0 ZwOpenThread
SSDT 8A3EC8F8 ZwProtectVirtualMemory
SSDT 8A526658 ZwResumeThread
SSDT 8A48F4B8 ZwSetContextThread
SSDT 8A5AD448 ZwSetInformationProcess
SSDT 8A428DF0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAFE35C40]
SSDT 8A3F7508 ZwSuspendProcess
SSDT 8A502448 ZwSuspendThread
SSDT 8A3F87A8 ZwTerminateProcess
SSDT 8A502528 ZwTerminateThread
SSDT 8A5AD518 ZwUnmapViewOfSection
SSDT 8A571DE0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 2 Bytes [E0, 1D] {LOOPNZ 0x1f}
.text ntoskrnl.exe!_abnormal_termination + 4A3 804E2B0F 1 Byte [8A]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB80AAF80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352046 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FC7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35200B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F53 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F8D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352081 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[108] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352243 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[1168] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0096000A
.text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AE32CD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Edited by chicagoexpat, 10 June 2010 - 09:59 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 AM

Posted 10 June 2010 - 11:45 AM

HI, post the GMER and DDS logs in the New topic...Step 9
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:45 AM

Posted 10 June 2010 - 08:52 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/323349/trojan-horse-backdoorircbotlwm-or-worsemore/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users