Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware attack - hiding as Windows exe


  • This topic is locked This topic is locked
11 replies to this topic

#1 Steve Sand

Steve Sand

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 12 June 2011 - 10:30 PM

Hello, and thanks very much for this!

I received a BitDefender message that multiple viruses were detected. I've been getting blue screens, auto shutdowns, and on startup different small executables have been reported as failing to start.

I had much trouble getting GMER to start, had to use the SASSAFERUN.COM app.

I ran Malware Bytes in Safe mode, but it didn't catch anything.

Any help you can give would be greatly apprectiated....



The DDS log follows:



.
DDS (Ver_2011-06-12.02) - NTFSAMD64 MINIMAL
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Run by Steve at 17:26:01 on 2011-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.3506 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CB8F0968-A9EE-4F36-8A4B-D98084C5CB50} : DhcpNameServer = 192.168.0.1
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m3i9wbu9.default\
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/07 02:40:55];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [?]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-6 365952]
S2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-12-6 53224]
S2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 599344]
S3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-29 93184]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-2-6 227896]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 Jukebox3_x64;Jukebox3_x64;C:\Windows\system32\DRIVERS\ctpdusbx.sys --> C:\Windows\system32\DRIVERS\ctpdusbx.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-7-1 34064]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-10-11 467248]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
S4 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
.
=============== Created Last 30 ================
.
2011-06-12 20:58:39 -------- d-----w- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2011-06-12 20:52:05 -------- d-----w- C:\Users\Steve\AppData\Roaming\hpqLog
2011-06-11 16:36:20 -------- d-----w- C:\Program Files (x86)\InfraRecorder
2011-06-08 13:36:34 -------- d-----w- C:\Program Files\Mythicsoft
2011-06-08 13:29:00 -------- d-----w- C:\ProgramData\SecTaskMan
2011-06-07 22:51:35 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes
2011-06-07 22:51:26 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-07 22:51:25 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-07 22:51:22 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-07 22:51:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-04 01:24:09 -------- d-----w- C:\Users\Steve\AppData\Local\MediaSmart DVD
2011-06-01 13:29:07 -------- d-----w- C:\Users\Steve\AppData\Local\MediaMonkey
2011-06-01 13:29:06 -------- d-----w- C:\Program Files (x86)\MediaMonkey
2011-05-28 21:33:56 -------- d-----w- C:\Program Files\Defraggler
2011-05-28 02:58:34 99384 ----a-w- C:\Users\Steve\AppData\Roaming\inst.exe
2011-05-28 02:58:34 82816 ----a-w- C:\Users\Steve\AppData\Roaming\pcouffin.sys
2011-05-28 00:32:58 -------- d-----w- C:\Software
2011-05-21 18:31:26 -------- d-----w- C:\Users\Steve\AppData\Roaming\xrecode2
2011-05-21 18:31:23 -------- d-----w- C:\Program Files (x86)\xrecode II
2011-05-19 02:57:33 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-05-19 02:57:18 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-05-19 02:43:16 2760704 ----a-w- C:\Windows\System32\win32k.sys
2011-05-19 02:43:09 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-19 02:43:08 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-19 02:41:15 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-05-19 02:41:14 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-05-19 02:41:14 1161728 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-05-19 02:41:14 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-05-13 22:58:22 17720 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll
2011-05-13 22:57:58 43320 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys
.
==================== Find3M ====================
.
2011-05-13 22:58:16 30008 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys
2011-05-13 22:58:10 30520 ----a-w- C:\Windows\System32\hpservice.exe
2011-05-13 22:58:04 20792 ----a-w- C:\Windows\System32\accelerometerdll.DLL
2011-04-01 16:48:17 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2011-04-01 16:48:12 101968 ----a-w- C:\Windows\System32\drivers\bdhv.sys
2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 17:27:15.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:58 AM

Posted 20 June 2011 - 07:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Steve Sand

Steve Sand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 June 2011 - 06:56 AM

Hello mOle and thank you for helping!

I ran a scan and found I have the memsweep2 rootkit. Nothing I've done has worked (of course), and I may need to generate additional logs to show my current computer status.

I'm looking forward to cleaning this piece of malware out.

Steve

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:58 AM

Posted 21 June 2011 - 02:07 PM

We should check for any other rootkits first

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Steve Sand

Steve Sand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 June 2011 - 02:40 PM

m0le;

I downloaded and aswMBR, but it went to blue screen. Both in normal Windows mode, and in safe mode!

When prompted, I did download the latest virus definitions through the Avast interface...

Thanks;

Steve

Edited by Steve Sand, 21 June 2011 - 03:00 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:58 AM

Posted 21 June 2011 - 05:03 PM

Bluescreening when using aswMBR indicates a problem still.

Please attempt to run Combofix and let's see if we get further.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 Steve Sand

Steve Sand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 June 2011 - 06:44 PM

Hello m0le;

I downloaded and tried to run combofix.exe, but it did not work.

I tried booting to Safe mode and that did not work either.

The Combofix log is attached.

I've made Vista recovery disks and am pretty fed up. Is there anything else we can do, or should I reinstall Vista?

And thanks...

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:58 AM

Posted 21 June 2011 - 07:22 PM

The Combofix log is attached.


It isn't, but I thought you said it didn't work...?

If you want to reinstall and you aren't going to lose anything valuable then you can go ahead. The alternatives get more complicated and less likely to work and reinstallation is always the most secure way to do it - providing you have nothing you want to keep or have already got a backup of.
Posted Image
m0le is a proud member of UNITE

#9 Steve Sand

Steve Sand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 June 2011 - 07:51 PM

I captured the log from Combofix, but it hadn't finished. I had to force quit it.

I will have to re-install Vista, after I back up my documents.

One last question:

Is it possible, or likely that my documents could be infected? They're pictures and music files for the most part.


Thanks much;

Steve

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:58 AM

Posted 22 June 2011 - 04:43 PM

Is it possible, or likely that my documents could be infected?


No. The type of attack you are describing doesn't bother infecting documents, they just go after the entire operating system.

Let me know how things went :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 Steve Sand

Steve Sand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 23 June 2011 - 04:19 PM

mole;

Thanks much for the help and the info. I'll let you know how it went...

Steve

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:58 AM

Posted 26 June 2011 - 07:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users