Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Virals Blocked & BSOD 0x0000008E


  • This topic is locked This topic is locked
4 replies to this topic

#1 Haertig

Haertig

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 29 August 2011 - 05:19 PM

I got infected with some sort of Rogueware informing me that the computer was infected and telling me most every program that I attempted to open was infected. Was also getting browser redirects when I attempted to go to antiviral sites.

Avira, my usual antiviral was turned off by the infection and wouldn't allow me to turn it on or run a scan.

Access to MalwareBytes was blocked - "Windows cannot acces the specific device, path, or file. You may not have the appropriate permissions to access the item." (Am running under administrator rights.)

I downloaded MalwareBytes anew and selected the option to scan immediately, which it did. It found several baddies - log below -

===========================================
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7595

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

8/28/2011 1:05:01 PM
mbam-log-2011-08-28 (13-05-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 304680
Time elapsed: 53 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\920cdf0e (Backdoor.0Access) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\249498770:1844650225.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\defender.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Sun\Java\deployment\cache\6.0\13\39267c0d-63293f7a (Trojan.Ransom.PGen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temp\0.6115101229760541.exe (Trojan.Ransom.PGen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temp\12A5.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
=========================================================

I then ran SuperAntiSpyware. It found (and deleted) 700 some ad tracking cookies.

I ran rkill and the only process it killed was rkill.
Ran MBRcheck and it detected a valid XP boot sector.

Uninstalled Avira.

Downloaded and installed Microsoft Security Essentials. Could not turn on protection ("Access denied..."), update or start a manual scan.

The computer was still acting up (couldn't access antivirals.), so I downloaded the lates ComboFix and ran it. It advised the MicrosoftSE was running and to turn it off. Went back to MSSE and it indicated it wasn't running and was unable to do anything, so proceeded with CF.

Part way through CF advised that it had detected rootkit action (it identified the rootkit, but I failed to note down the name). It indicated that the rootkit was embedded in the TCP/IP stack and was difficult to remove and that if I had IP problems to reboot and, if necessary run CF again. CF then rebooted the computer and restarted itself. It proceeded to completion finding several problems (alas, a second run of CF seems to have overwritten the CF log file.)

After running CF I got BSOD 0x0000008E(0xC0000005,0xF748671D,0xA14CB39C,0X0000000) I can start in safemode with networking. Nothing further I did fixed the BSOD problem. When booting the BSOD occurs about 1 minute after the desktop loads.

Ran Combofix again. Logfile below -
==========================================
==========================================================
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7600

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

8/28/2011 8:10:44 PM
mbam-log-2011-08-28 (20-10-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 311871
Time elapsed: 47 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\920cdf0e (Backdoor.0Access) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Security Protection (Rogue.Spypro) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\249498770:1844650225.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{817b2f3c-b5d6-4ac8-b38e-3196735722b6}\RP1\A0004022.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
=========================================================

Downloaded Avira and was able to run a full scan (though once I rebooted after the scan, access to Avira was denied). Log file below -

==========================================


Avira AntiVir Personal
Report file date: Sunday, August 28, 2011 23:30

Scanning for 3263422 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode with network
Username : Owner
Computer name : OWNER-D6D3A1C7F

Version information:
BUILD.DAT : 10.2.0.700 35934 Bytes 7/21/2011 17:12:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/21/2011 19:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/21/2011 19:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 7/21/2011 19:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/21/2011 19:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 7/21/2011 19:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 14:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 14:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 19:14:25
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 19:14:28
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 19:14:29
VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 19:14:29
VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 19:14:29
VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 19:14:30
VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 19:14:32
VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 19:14:33
VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 19:14:33
VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 19:14:33
VBASE013.VDF : 7.11.11.75 688128 Bytes 7/12/2011 19:14:34
VBASE014.VDF : 7.11.11.104 978944 Bytes 7/13/2011 19:14:35
VBASE015.VDF : 7.11.11.137 655360 Bytes 7/14/2011 19:14:35
VBASE016.VDF : 7.11.11.184 699392 Bytes 7/18/2011 00:07:43
VBASE017.VDF : 7.11.11.214 414208 Bytes 7/19/2011 21:12:05
VBASE018.VDF : 7.11.11.242 772096 Bytes 7/20/2011 19:02:22
VBASE019.VDF : 7.11.12.3 1291776 Bytes 7/20/2011 21:35:21
VBASE020.VDF : 7.11.12.30 844288 Bytes 7/21/2011 20:24:22
VBASE021.VDF : 7.11.12.31 2048 Bytes 7/21/2011 20:24:22
VBASE022.VDF : 7.11.12.32 2048 Bytes 7/21/2011 20:24:22
VBASE023.VDF : 7.11.12.33 2048 Bytes 7/21/2011 20:24:22
VBASE024.VDF : 7.11.12.34 2048 Bytes 7/21/2011 20:24:22
VBASE025.VDF : 7.11.12.35 2048 Bytes 7/21/2011 20:24:22
VBASE026.VDF : 7.11.12.36 2048 Bytes 7/21/2011 20:24:22
VBASE027.VDF : 7.11.12.37 2048 Bytes 7/21/2011 20:24:22
VBASE028.VDF : 7.11.12.38 2048 Bytes 7/21/2011 20:24:22
VBASE029.VDF : 7.11.12.39 2048 Bytes 7/21/2011 20:24:22
VBASE030.VDF : 7.11.12.40 2048 Bytes 7/21/2011 20:24:22
VBASE031.VDF : 7.11.12.43 9728 Bytes 7/21/2011 21:24:55
Engineversion : 8.2.6.18
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 14:53:28
AESCRIPT.DLL : 8.1.3.73 1622395 Bytes 7/21/2011 19:11:57
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 14:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 7/21/2011 19:11:50
AERDL.DLL : 8.1.9.13 639349 Bytes 7/21/2011 19:11:49
AEPACK.DLL : 8.2.9.5 676214 Bytes 7/21/2011 19:11:48
AEOFFICE.DLL : 8.1.2.12 201083 Bytes 7/21/2011 19:11:47
AEHEUR.DLL : 8.1.2.146 3633527 Bytes 7/20/2011 03:05:22
AEHELP.DLL : 8.1.17.6 254326 Bytes 7/20/2011 03:05:22
AEGEN.DLL : 8.1.5.6 401780 Bytes 7/21/2011 19:11:21
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 14:53:14
AECORE.DLL : 8.1.22.4 196983 Bytes 7/21/2011 19:11:20
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 14:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 14:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 7/21/2011 19:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 7/21/2011 19:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 7/21/2011 19:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/21/2011 19:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/21/2011 22:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 14:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 14:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/21/2011 19:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/21/2011 19:15:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: Sunday, August 28, 2011 23:30

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '60' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'Explorer.EXE' - '68' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '112' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'savedump.exe' - '27' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[WARNING] The file could not be opened!
The registry was scanned ( '1129' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Owner\Desktop\Adobe Acrobat 8.0 Full Install\Adobe Acrobat 8 Professional\Data1.cab
[0] Archive type: CAB (Microsoft)
--> Dist_acrodist.exe
[DETECTION] Is the TR/Gendal.5653184 Trojan
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\Program Files\Canon\CAL\CALMAIN.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir
[DETECTION] Is the TR/Kazy.25211.4 Trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe.vir
[DETECTION] Is the TR/Spy.ZBot.89968.1 Trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
C:\Qoobox\Quarantine\C\WINDOWS\249498770.vir:1844650225.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir
[DETECTION] Is the TR/Kazy.16030 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir
[DETECTION] Is the TR/Spy.385024.59 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hasplms.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir
[DETECTION] Is the TR/Spy.53472.4 Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir
[DETECTION] Is the TR/Spy.53472.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c74289a.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hasplms.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '549100ca.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir
[DETECTION] Is the TR/Spy.385024.59 Trojan
[NOTE] The file was moved to the quarantine directory under the name '06c45dd5.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir
[DETECTION] Is the TR/Kazy.16030 Trojan
[NOTE] The file was moved to the quarantine directory under the name '60891216.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\249498770.vir:1844650225.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '252738e9.qua'.
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '5a6f0d4f.qua'.
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe.vir
[DETECTION] Is the TR/Spy.ZBot.89968.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '16d72101.qua'.
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir
[DETECTION] Is the TR/Kazy.25211.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ac66151.qua'.
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '47dd49dd.qua'.
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '5ef8758a.qua'.
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '32a959ac.qua'.
C:\Qoobox\Quarantine\C\Program Files\Canon\CAL\CALMAIN.exe.vir
[DETECTION] Contains recognition pattern of the W32/PatchLoad.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '437867f2.qua'.
C:\Documents and Settings\Owner\Desktop\Adobe Acrobat 8.0 Full Install\Adobe Acrobat 8 Professional\Data1.cab
[DETECTION] Is the TR/Gendal.5653184 Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] The driver could not be initialized.
[NOTE] The file is scheduled for deleting after reboot.
[NOTE] For the final repair, a restart of the computer is instigated.


End of the scan: Monday, August 29, 2011 05:52
Used time: 1:28:33 Hour(s)

The scan has been done completely.

9998 Scanned directories
494824 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
12 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
494809 Files not concerned
6791 Archives were scanned
3 Warnings
13 Notes

The repair notes were written to the file 'C:\avrescue\rescue.avp'.
=====================================================================

To recap, the situation now -

I must boot into safe mode, elsewise I get a BSOD.
Can't apparently turn on continuous virus scanning in any of my antivirals. Can't even get to MSSE. Can do a manual scan with Avira. The browser redirects seem to have stopped.

Any assistance will be greatly appreciated.


Thanks!


Gray

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Haertig

Haertig
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 29 August 2011 - 05:48 PM

Sorry for posting to the wrong forum and posting a CF log - didn't see that warning where I originally posted.

Additional info

BSOD lists atapi.sys Address F748671D


Gray

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:01 PM

Posted 29 August 2011 - 05:53 PM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.

#4 Haertig

Haertig
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 29 August 2011 - 07:18 PM

Explanation and logs posted at -
http://www.bleepingcomputer.com/forums/topic416633.html

Thanks!

Gray

#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:01 PM

Posted 29 August 2011 - 07:29 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users