Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee found VBS/Psyme during scheduled scan in Firefox Cache...


  • This topic is locked This topic is locked
11 replies to this topic

#1 Famicom

Famicom

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 June 2011 - 03:13 PM

According to my brother's note: Found in 0006fb9c.js at C:\Users\Owner\Local Settings\Mozilla\Firefox\Profiles\vry8ajnm.default\Cache\_CACHE_003_ during a regularly scheduled scan. McAfee was unable to delete/fix the problem.

To clarify, he has an old (circa 2005) Alienware PC, upgraded from Windows XP to Windows Vista. Originally came with one of the older Norton all-in-one suites, but when his subscription ran out a roommate who occasionally used the PC for work talked him into just using Windows Firewall and the roommate's employer's McAfee antivirus license/subscription. Our parents have an unused third install left on their Norton 360 license, so I'm thinking once I know it's safe for him to reconnect it to the internet I'll get him to use that. Also, I noticed a lot of the software is out of date, but knowing him, since he has a laptop to work from, there's no telling how long it's just been sitting on his desk out of use. Just one more thing to do when he's got it back up and running.

He disconnected the PC from the internet when he found it and McAfee couldn't fix it. He then went into Firefox to clear the cache since he couldn't find the file directly. Afterwards McAfee didn't find the VBS/Psyme infection on subsequent scans, but as it's a Trojan, he figured that wouldn't be the end of it and asked me for help (I don't know why my family thinks I can give them tech-support, I'm not knowledgeable about computers and I'm very impatient). Since you guys were such a help when I thought I had gotten my folks machine infected, I figured I'd turn to you. The few times he's booted it up, whether in safe mode or regular (still offline) he didn't see any weird behavior, and since what I could find online said VBS/Psyme is an old internet explorer exploit I'm hoping it wasn't able to actually do anything. I downloaded dds and gmer to a flash drive to copy onto his PC, then copied the results back to the flash drive and am posting from a separate machine.

Anyway, here's the scan log:
-----------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 17:42:58.54 on Wed 06/15/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2815.2045 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\System32\snmp.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
K:\Users\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SetIcon] \Program Files\WDC\SetIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120301544984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\vry8ajnm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: k:\program files\divx\divx plus web player\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-10-6 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R1 TeksKernel;TeksKernel;c:\windows\system32\drivers\TeksKernel.sys [2004-7-8 9060]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-6-23 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-10-6 54608]
R2 ProductivITService;ProductivIT Service;c:\program files\alienautopsy\TEKS_Service.exe [2004-7-8 77824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-11 1247600]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-6-23 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-6-23 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-6-23 177672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-19 12672]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2009-6-23 9728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2008-04-02 22:59:02 2711552 ----a-w- c:\program files\downloader_win.exe
.
============= FINISH: 17:43:37.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 02 July 2011 - 08:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Famicom

Famicom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 03 July 2011 - 01:33 AM

Hi, still here. Let me know what to do.

Thanks,
Famicom

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 03 July 2011 - 05:57 AM

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Famicom

Famicom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 04 July 2011 - 10:13 AM

Here's the scan results as instructed; however, when the program first launched (before I could start a scan) it told me it could also do a free Avast antivirus scan and asked if I wanted to download the latest definitions. Since the computer has been disconnected from the internet since the infection was found and much of the software is now out of date, I didn't want to reconnect it for that without checking if I should, so I clicked 'no' to the dialogue box & clicked the Scan button. So if you want me to reconnect the infected PC to download the definitions & redo the aswMBR scan, just let me know.

Thanks again,
Famicom

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 04 July 2011 - 06:30 PM

Yes, please redo it and update when requested :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Famicom

Famicom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 06 July 2011 - 04:26 AM

Sorry about the slow response, things got a little hectic lately.

Well, I think that may have been a mistake.

  • I went to my brother's and booted the PC up,
  • once it was back on the desktop I plugged the internet cable back in to it (I would like to reiterate that up till now it had been offline since my brother found the infection and cleared the Firefox cache, and that all uploading and downloading for this thread was done on a separate PC and .exe's and scan logs were transferred by USB flash drive)
  • once the computer registered a live connection again I reopened aswMBR.
  • Once again, it immediately prompted me to download Avast virus definitions, so I clicked yes this time as you asked
  • The update dialog closed, no new information appeared in the main aswMBR window's text field, and all the buttons except "Save Log" and "Exit" were greyed out.
  • After waiting several minutes I hit Ctrl-Alt-Del and opened the task manager to see if it showed any activity for aswMBR and there was no change over another minute or two.
  • Windows meanwhile was trying to get me to update everything, which I did not do, but I did turn the built-in security features back on in a bit of paranoia.
  • I closed aswMBR and reopened it, hit yes to update, same results (dialog closed, aswMBR showed no other activity, "scan" remained greyed out). I tried saving a log but it was empty
  • I restarted the machine, and set aswMBR to always run as administrator (don't ask me why, I thought maybe it UAC was interfering with updates?)
  • One more attempt to say "Yes" to update dialog, once more no indication anything was being done. Exited again.
  • I opened aswMBR and said "no" to updating definitions, the update dialog closed, and "Scan" was finally clickable again.
  • Hoping maybe one of the previous definition updates went through and just doesn't have any feedback to let the user know, I did another scan.
  • I tried to save the log when it was done, and Windows crashed to a blue screen full of text with a warning about having to restart to protect data at the top. This went away and the PC rebooted before I could read all of it or think of what to do.
  • On reboot the machine automatically went into the menu to start in Safe Mode, which I did.
  • I connected a USB flash drive, copied the aswMBR log on the desktop, and am posting from a separate computer. The log (don't know if the new one was able to save before the crash or if it's still the old data) is attached.

So now what should I do?

Attached Files


Edited by Famicom, 06 July 2011 - 04:32 AM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 06 July 2011 - 07:26 PM

We have an unknown Master Boot Record (MBR) showing on the aswMBR log. Now it isn't booting we are unable to confirm if this is just unknown or whether it is infected. To attempt to diagnose this we need to run a program, which works in system recovery, called FRST.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#9 Famicom

Famicom
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 09 July 2011 - 05:22 PM

Okay, so I didn't see "Repair My Computer" on the Advanced Boot Options List. Besides some options to enable or disable things, there were the following startup options, with their descriptions (as given at the bottom of the page when that option was highlighted):

  • Safe Mode: Start Windows with only the core drivers and services. Use when you cannot boot after installing a new device or driver.
  • Safe Mode with Networking: Start Windows with core drivers, plus networking support.
  • Safe Mode with Command Prompt: Start Windows with core drivers, and launch the command prompt.
  • Last Known Good Configuration (advanced): Start Windows using settings from last successful boot attempt.
  • Directory Services Restore Mode: Start Windows in Directory Services Repair Mode (for Windows domain controllers only).
  • Debugging Mode: Enable Windows kernel debugger.

So I tried the "Directory Services Restore Mode" option, and was able to do everything else you instructed without issue, but I'm not sure that was correct. Here's the scan result, please advise if I didn't use the right Advanced Boot Option.

Regards,
Famicom

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 09 July 2011 - 10:00 PM

I can't see malware causing the problem here. Can you boot into normal mode now?

If not, go back to the Advanced Boot Options List and choose "Last Known Good Configuration (advanced): Start Windows using settings from last successful boot attempt."

If that fails, do you have a Vista disk?
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 12 July 2011 - 08:06 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:30 PM

Posted 13 July 2011 - 07:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users