Jump to content

Recommended Posts

First off, thank you for helping all of us poor infected souls! It is truly appreciated.

11/28/2012 - Removed 171 malware instances, including, but not limited to, Exploit.Drop.GS, PUM.Disabled.SecurityCenter, PUM.Hijack.TaskManager, PUP.MyWebSearch, RootKit.0Access, Trojan.0Access via MBAM. Repaired and re-registered WMI due to "wmiprvse.exe error. The isntruction at "0x7c910f48" referenced memory at "0x00080179". The memory could not be "written"." <http://windowsxp.mvps.org/repairwmi.htm>.

1/7/2013 - Removed 61 malware files and 7 infected registry keys, including: PUP.FunMoods, PUP.MyWebSearch, RootKit.0Access, RootKit.Zaccess, Trojan.0Access, Trojan.Agent, Trojan.Dropper.BCMiner, Trojan.FakeAlert, Trojan.FakeMS.Ran, Trojan.Reveton via MBAM.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.07.11

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: BACKOFFICE [administrator]

1/7/2013 3:29:05 PM

mbam-log-2013-01-07 (15-29-05).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 295573

Time elapsed: 42 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 7

HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 61

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004434.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004430.dll (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004431.dll (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004429.dll (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\temp\DM\hitman-pro_049\software\FunMoodsV2.2.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004428.dll (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002166.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002167.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002184.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002185.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002186.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002183.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002174.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002175.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002176.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002177.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002178.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002179.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002180.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002168.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002169.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002170.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002171.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002172.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002173.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002188.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002161.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002162.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002163.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002164.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002165.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002157.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002181.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002182.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002160.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002158.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002159.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002189.exe (RootKit.0Access) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\80000032.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\temp\CE17HVG4.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\n.vir (Trojan.0Access) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\80000000.@.vir (Trojan.0Access) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\ASSEMBLY\GAC\Desktop.ini.vir (Trojan.0access) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002191.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\temp\DSAAVFT.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Local Settings\temp\~!#3EA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002190.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP47\A0007764.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002193.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002213.dll (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\Will\Application Data\dllexp.dll.vir (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully.

C:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\60\6c95f73c-274c1398 (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002156.exe (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002194.dll (Trojan.Reveton) -> Quarantined and deleted successfully.

(end)

DDS.txt

Attach.txt

Link to post
Share on other sites

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!!

----------

Link to post
Share on other sites

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

Thank you, Jeff.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-09 10:17:43

-----------------------------

10:17:43.859 OS Version: Windows 5.1.2600 Service Pack 3

10:17:43.859 Number of processors: 1 586 0x401

10:17:43.859 ComputerName: BACKOFFICE UserName:

10:17:44.125 Initialize success

10:27:18.546 AVAST engine defs: 13010900

10:27:29.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

10:27:29.062 Disk 0 Vendor: Maxtor_6Y080M0 YAR51HW0 Size: 76293MB BusType: 3

10:27:29.093 Disk 0 MBR read successfully

10:27:29.093 Disk 0 MBR scan

10:27:29.140 Disk 0 Windows XP default MBR code

10:27:29.156 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63

10:27:29.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260

10:27:29.187 Disk 0 scanning sectors +156232125

10:27:29.265 Disk 0 scanning C:\WINDOWS\system32\drivers

10:27:38.765 Service scanning

10:27:41.734 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32

10:27:52.421 Service W32Serv C:\WINDOWS\msisear.exe **INFECTED** Win32:Malware-gen

10:27:54.843 Modules scanning

10:27:58.421 Disk 0 trace - called modules:

10:27:58.484 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x86d7eec9]<<

10:27:58.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f79238]

10:27:58.562 3 CLASSPNP.SYS[f779dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f78b00]

10:27:58.859 AVAST engine scan C:\WINDOWS

10:28:02.437 File: C:\WINDOWS\msisear.exe **INFECTED** Win32:Malware-gen

10:28:04.671 AVAST engine scan C:\WINDOWS\system32

10:28:13.859 File: C:\WINDOWS\system32\cscrtvdm.dll **INFECTED** Win32:Dropper-gen [Drp]

10:29:59.500 AVAST engine scan C:\WINDOWS\system32\drivers

10:30:13.468 AVAST engine scan C:\Documents and Settings\Administrator

10:30:27.000 AVAST engine scan C:\Documents and Settings\All Users

10:30:42.781 Scan finished successfully

10:30:57.187 Disk 0 MBR has been saved successfully to "E:\MBR.dat"

10:30:57.781 The log file has been saved successfully to "E:\aswMBR.txt"

Link to post
Share on other sites

ComboFix

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

----------

Link to post
Share on other sites

Please go to: VirusTotal

On the page you'll find a "Choose File" button.

Click on the Choose File button.

In the Choose File to Upload window which opens, copy and paste this into the File Name box.

c:\windows\msisear.exe

Next, click the Open button.

Then click the "Scan It!" button just below.

This will scan the file. Please be patient.

If you get a message saying File has already been analyzed: click Reanalyze file now

Once scanned, copy and paste the link to the results page in your next reply.

----------

Link to post
Share on other sites

Hi,

No apology needed. :)

----------

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    c:\windows\msisear.exe
    c:\windows\system32\cscrtvdm.dll
    c:\docume~1\Will\LOCALS~1\Temp\5762.sys
    Driver::
    5762
    W32Serv
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

Good job!

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

---------

Link to post
Share on other sites

I'm pretty confident all is well now. I'll check one more time tomorrow.
Sounds good. We will have a couple more things to do to make sure nothing is hiding in there though so stick with me.

----------

Remodeling, eh? That's always rewarding once everything is done. Best of luck to ya.
LOL!! Thanks. :)
Link to post
Share on other sites

Hi,

java-1.jpgPlease go to Start >> Control Panel >> Add/Remove Programs >> uninstall all versions of Java. There is an exploit of Java that has no present fix.

-------------

mbam-3.jpg Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

In addition to my previous post, I would also like for you to do the following:

Go to your Desktop and delete your ComboFix icon by dragging it to the Recycle Bin.

Once done, please Empty Your Recycle Bin.

Let me know when this is done.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.