Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a Quick Zero Access Recovery Script for FRST64


  • This topic is locked This topic is locked
8 replies to this topic

#1 mikeloeven

mikeloeven

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 03 July 2012 - 01:46 PM

Need a Quick FRST64 Script to get a Zero access victim Booting again

Scan result of Farbar Recovery Scan Tool Version: 03-07-2012
Ran by SYSTEM at 03-07-2012 15:43:59
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Unattend0000000001{2F0CCE2D-26B0-45A0-90A2-BEE09B5FC562}] C:\Windows\test.bat [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1643816 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15959584 2008-12-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2008-12-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [OneKey Theater] C:\PROGRA~2\Lenovo\LENOVO~1\ONEKEY~1.EXE [860160 2009-01-10] (Lenovo)
HKLM-x32\...\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [234160 2008-10-06] (Digital Delivery Networks, Inc.)
HKLM-x32\...\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600 [296080 2008-11-03] (Carbonite, Inc.)
HKLM-x32\...\Run: [Desktop Navigator] %ProgramFiles%\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe [x]
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\MediaShow" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] "C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe" [3112960 2009-05-23] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Readycomm] "C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe" [425984 2008-07-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [EnergyUtility] "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe" [5604168 2008-12-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Energy Management] "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe" [8853320 2008-12-22] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-03-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] "C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe" [86016 2011-08-12] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\Brooke\...\Run: [Aim6] [x]
HKU\Brooke\...\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [18784440 2010-02-10] (ooVoo LLC)
HKU\Brooke\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [3342336 2009-09-03] (Electronic Arts)
HKU\Brooke\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Brooke\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Services (Whitelisted) ======

2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [832552 2008-11-04] (Broadcom Corporation.)
2 DDNIMSGService; "C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe" [180912 2008-10-06] (Digital Delivery Networks, Inc.)
2 DDNIService; C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [164528 2008-10-06] (Digital Delivery Networks, Inc.)
3 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [165416 2008-01-29] (WildTangent, Inc.)
2 gupdate1ca1c8ee0a15e30; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-08-13] (Google Inc.)
2 IGRS; "C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe" [32768 2008-02-14] (Lenovo Group Limited)
2 IncSvc; C:\Program Files (x86)\Lenovo\ReadyComm\IncSvc.dll [470016 2008-07-24] (Lenovo Group Limited)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\diMaster.dll" /prefetch:1 [135024 2011-10-10] (Symantec Corporation)
2 NetTcpActivator; C:\Windows\System32\wpsdrvnt.dll [6656 2008-01-20] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2008-11-24] ()
2 System_Repair_UpdateMonitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [434176 2008-09-27] (Lenovo Group Limited)
2 szserver; "C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe" [68648 2012-01-31] (iS3, Inc.)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 Viewpoint Manager Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 Dfs; \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; C:\Windows\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys [334384 2009-12-27] (Symantec Corporation)
3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1211432 2009-01-09] (Bison Electronics. Inc. )
1 ccHP; C:\Windows\System32\Drivers\N360x64\0308030.006\ccHPx64.sys [561800 2011-09-21] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-05-26] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-05-26] (Symantec Corporation)
1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [69136 2009-05-23] ()
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110110.002\IDSvia64.sys [476792 2010-11-08] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110110.025\ENG64.SYS [117880 2010-12-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110110.025\EX64.SYS [1791096 2010-12-16] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS [476720 2009-12-27] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS [32304 2009-12-27] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0308030.006\SYMEFA64.SYS [402992 2009-12-27] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-12-27] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-12-27] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
0 szkg5; C:\Windows\SysWow64\DRIVERS\szkg64.sys [74768 2011-09-26] (iS3 Inc.)
2 tvtumon; C:\Windows\System32\Drivers\tvtumon.sys [55360 2008-08-28] (Lenovo)
3 vhidmini; C:\Windows\System32\DRIVERS\ITEhidCIR.sys [12544 2008-01-24] (ITE Tech. Inc. )
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [x]
3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: NetTcpActivator -> C:\Windows\system32\wpsdrvnt.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
NETSVC: erecoveryservice -> No ServiceDLL Path.

============ One Month Created Files and Folders ==============

2012-07-03 15:43 - 2012-07-03 15:43 - 00000000 ____D C:\FRST

============ 3 Months Modified Files ========================



========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-09-18 14:18] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4060.61 MB
Available physical RAM: 3425.92 MB
Total Pagefile: 4058.8 MB
Available Pagefile: 3424.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:252.81 GB) (Free:101.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (LENOVO) (Fixed) (Total:30.52 GB) (Free:28.62 GB) NTFS
3 Drive e: (GSP1RMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
4 Drive f: (PKBACK# 001) (Removable) (Total:3.65 GB) (Free:0.22 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 252 GB 1024 KB
Partition 0 Extended 30 GB 252 GB
Partition 3 Logical 30 GB 252 GB
Partition 2 OEM 14 GB 283 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 252 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D LENOVO NTFS Partition 30 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 NTFS Partition 14 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PKBACK# 001 FAT32 Removable 3741 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-02-17 03:52

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:32 AM

Posted 03 July 2012 - 06:50 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [Unattend0000000001{2F0CCE2D-26B0-45A0-90A2-BEE09B5FC562}] C:\Windows\test.bat [x]
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 NetTcpActivator; C:\Windows\System32\wpsdrvnt.dll [6656 2008-01-20] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
2 Dfs; \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [x]
NETSVC: NetTcpActivator -> C:\Windows\system32\wpsdrvnt.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
NETSVC: erecoveryservice -> No ServiceDLL Path.


end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mikeloeven

mikeloeven
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 03 July 2012 - 07:45 PM

alright thanks for getting back to me so quickly.

i should have a combofix log ready in an hour or so

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:32 AM

Posted 03 July 2012 - 09:42 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mikeloeven

mikeloeven
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 05 July 2012 - 09:06 AM

my friend forgot to mention this computer had a password im still waiting for him to get back to me sorrey for the wait

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:32 AM

Posted 05 July 2012 - 10:09 AM

thanks for letting me know

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mikeloeven

mikeloeven
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 06 July 2012 - 10:13 AM

I already looked over the combofix log and found no further evidence of infection i am going to mark this closed looks like CF removed the virus the first run but just needed the FRST script to fix the left over issues

thanks again for your quick response and getting me that script so fast

also do you have any suggestions as to where i can go to learn how to read these logs and write the scripts myself in the future i do this enough that i would like to learn how to take care of these unexpected removal complications myself.

Edited by mikeloeven, 06 July 2012 - 10:14 AM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:32 AM

Posted 06 July 2012 - 10:33 AM

It's your choice not to have me continue with the thread to make certain you are clean, that's fine.

You could apply to the Malware Removal School here at Bleeping Computer to learn how to remove malware properly. It takes about a year and a great deal of time commitment. Then it's all about giving back to the community by volunteering your time in the forums.

http://www.bleepingcomputer.com/forums/topic86678.html

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:32 AM

Posted 06 July 2012 - 10:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users