Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.vundo - It Is A Stubborn One...help! ...please?


  • Please log in to reply
1 reply to this topic

#1 mtl_grrl

mtl_grrl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 11 April 2007 - 09:13 PM

Hi there,

I've been infected with Trojan.Vundo. As many other prople have said, Norton Antivirus is useless. I ran their scan did everything they said to do but no luck. I researched it on your site and installed VundoFix. I ran it in safe mode and it found the file but could not delete it...even after the reboot. i THEN TRIED VirtumundoBeGone. Didn't work either.

Now I have started to get popups in Internet Explorer and my system is extremely slow.

I do hope that you could help me because I am at my wits end!!

Thanks in advance,

I have enclosed the HJT log as well as the VBG log.

Here they are:



VBG


[04/11/2007, 20:06:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dira\Desktop\VirtumundoBeGone.exe" )
[04/11/2007, 20:06:15] - Detected System Information:
[04/11/2007, 20:06:15] - Windows Version: 5.1.2600, Service Pack 2
[04/11/2007, 20:06:15] - Current Username: Dira (Admin)
[04/11/2007, 20:06:15] - Windows is in SAFE mode.
[04/11/2007, 20:06:15] - Searching for Browser Helper Objects:
[04/11/2007, 20:06:15] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:06:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:06:15] - BHO 3: {21CEBE6B-DFF5-45EF-956C-715C336D7540} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\mllmm
[04/11/2007, 20:06:15] - Found: HKLM\...\Winlogon\Notify\mllmm - This is probably Virtumundo.
[04/11/2007, 20:06:15] - Assigning {21CEBE6B-DFF5-45EF-956C-715C336D7540} MSEvents Object
[04/11/2007, 20:06:15] - BHO list has been changed! Starting over...
[04/11/2007, 20:06:15] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:06:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:06:15] - BHO 3: {21CEBE6B-DFF5-45EF-956C-715C336D7540} (MSEvents Object)
[04/11/2007, 20:06:15] - ALERT: Found MSEvents Object!
[04/11/2007, 20:06:15] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 20:06:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 20:06:15] - BHO 5: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 20:06:15] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 20:06:15] - BHO 6: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 20:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:15] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 20:06:15] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 20:06:15] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 20:06:15] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 20:06:15] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 20:06:15] - Finished Searching Browser Helper Objects
[04/11/2007, 20:06:15] - *** Detected MSEvents Object
[04/11/2007, 20:06:15] - Trying to remove MSEvents Object...
[04/11/2007, 20:06:16] - Terminating Process: IEXPLORE.EXE
[04/11/2007, 20:06:16] - Terminating Process: RUNDLL32.EXE
[04/11/2007, 20:06:16] - Disabling Automatic Shell Restart
[04/11/2007, 20:06:16] - Terminating Process: EXPLORER.EXE
[04/11/2007, 20:06:17] - Suspending the NT Session Manager System Service
[04/11/2007, 20:06:17] - Terminating Windows NT Logon/Logoff Manager
[04/11/2007, 20:06:17] - Re-enabling Automatic Shell Restart
[04/11/2007, 20:06:17] - File to disable: C:\WINDOWS\system32\mllmm.dll
[04/11/2007, 20:06:17] - Renaming C:\WINDOWS\system32\mllmm.dll -> C:\WINDOWS\system32\mllmm.dll.vir
[04/11/2007, 20:06:17] - File successfully renamed!
[04/11/2007, 20:06:17] - Removing HKLM\...\Browser Helper Objects\{21CEBE6B-DFF5-45EF-956C-715C336D7540}
[04/11/2007, 20:06:17] - Removing HKCR\CLSID\{21CEBE6B-DFF5-45EF-956C-715C336D7540}
[04/11/2007, 20:06:17] - Adding Kill Bit for ActiveX for GUID: {21CEBE6B-DFF5-45EF-956C-715C336D7540}
[04/11/2007, 20:06:17] - Deleting ATLEvents/MSEvents Registry entries
[04/11/2007, 20:06:17] - Removing HKLM\...\Winlogon\Notify\mllmm
[04/11/2007, 20:06:17] - Searching for Browser Helper Objects:
[04/11/2007, 20:06:17] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:06:17] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:06:17] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 20:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 20:06:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 20:06:17] - BHO 4: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 20:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:17] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 20:06:17] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 20:06:17] - BHO 5: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 20:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:06:17] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 20:06:17] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 20:06:17] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 20:06:17] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 20:06:17] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 20:06:17] - Finished Searching Browser Helper Objects
[04/11/2007, 20:06:17] - Finishing up...
[04/11/2007, 20:06:17] - A restart is needed.
[04/11/2007, 20:06:32] - Attempting to Restart via STOP error (Blue Screen!)

[04/11/2007, 20:08:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dira\Desktop\VirtumundoBeGone.exe" )
[04/11/2007, 20:08:16] - Detected System Information:
[04/11/2007, 20:08:16] - Windows Version: 5.1.2600, Service Pack 2
[04/11/2007, 20:08:16] - Current Username: Dira (Admin)
[04/11/2007, 20:08:16] - Windows is in NORMAL mode.
[04/11/2007, 20:08:16] - Searching for Browser Helper Objects:
[04/11/2007, 20:08:16] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 20:08:16] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 20:08:16] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 20:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:08:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 20:08:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 20:08:17] - BHO 4: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 20:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:08:17] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 20:08:17] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 20:08:17] - BHO 5: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 20:08:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 20:08:17] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 20:08:17] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 20:08:17] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 20:08:17] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 20:08:17] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 20:08:17] - Finished Searching Browser Helper Objects
[04/11/2007, 20:08:17] - Finishing up...
[04/11/2007, 20:08:17] - Nothing found! Exiting...

[04/11/2007, 22:54:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dira\Desktop\VirtumundoBeGone.exe" )
[04/11/2007, 22:54:09] - Detected System Information:
[04/11/2007, 22:54:10] - Windows Version: 5.1.2600, Service Pack 2
[04/11/2007, 22:54:10] - Current Username: Dira (Admin)
[04/11/2007, 22:54:10] - Windows is in NORMAL mode.
[04/11/2007, 22:54:10] - Searching for Browser Helper Objects:
[04/11/2007, 22:54:10] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[04/11/2007, 22:54:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2007, 22:54:10] - BHO 3: {0AAD203D-7709-49CA-BB65-4B1DAA9B83E7} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\ddabb
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\ddabb, continuing.
[04/11/2007, 22:54:10] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/11/2007, 22:54:10] - BHO 5: {600A6BDC-C72B-4DE8-A117-995141471E39} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\fccdebx
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\fccdebx, continuing.
[04/11/2007, 22:54:10] - BHO 6: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/11/2007, 22:54:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2007, 22:54:10] - Checking for HKLM\...\Winlogon\Notify\jcqeewdy
[04/11/2007, 22:54:10] - Key not found: HKLM\...\Winlogon\Notify\jcqeewdy, continuing.
[04/11/2007, 22:54:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/11/2007, 22:54:10] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[04/11/2007, 22:54:10] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[04/11/2007, 22:54:10] - Finished Searching Browser Helper Objects
[04/11/2007, 22:54:10] - Finishing up...
[04/11/2007, 22:54:10] - Nothing found! Exiting...





Here's the HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 10:38:20 PM, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dira\Desktop\VundoFix.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168708220390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168793907562
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Edited by mtl_grrl, 11 April 2007 - 10:04 PM.


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 12 April 2007 - 03:54 AM

Welcome to the BleepingComputer HijackThis forum mtl_grrl :thumbsup:

Please go to:
C:\Program Files\Hijackthis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users