Tech Support Forum banner
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Before I do all the scanning and DDS and GMER reports (which I will get to)....I'd just like to see if anyone can recognize this virus by it's functionality....(wouldn't it be great to have a virus library that could identity them by how they act ???)

It basically emulates a hidden browser....that goes to the internet....asks for webpages....then, when the modules and pieces are downloaded to my computer, writes them all to my Temporary Internet Files/Content.IE5 folders. These folders fill up with jpg's and css's and js's and html's from webpages that I've never been to. Since I have DSL, this downloading happens ANYTIME...even when I'm not running anything. I've seen the html for "RidethePine"...which is connected with MEVIO (which was a virus...) but I'm not about to say that's the one.

Every so often, when I am browsing (with FIREFOX) I do get a 'redirect', but the major problem is the folder fill-ups. Of course, no AV can find a thing.

Does this ring a bell with anyone?
 

·
Registered
Joined
·
2,656 Posts
Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Must malware is run by some random files. Unless we look at the logs we cannot remove something we do not see.

Please submit the requested log for my review.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Here are the dumps for my previous post:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 8:29:13.35 on Sun 03/20/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.220 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\windows\system\hpsysdrv.exe
C:\Miscellaneous\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mStart Page = yahoo.com
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {70DE7956-479D-4EB7-8641-2B45774C350E} - No File
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RThdcpl] c:\windows\RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: NoBandCustomize = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\9l8vhnu5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-6-24 8192]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-7 61960]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [2006-5-14 140440]
S2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\pc-doctor 5 for windows\atixpgaa.sys --> c:\program files\pc-doctor 5 for windows\ATIXPGAA.SYS [?]
.
=============== Created Last 30 ================
.
2011-03-17 23:36:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-17 18:08:32 -------- d-----w- c:\program files\2BrightSparks
2011-03-15 03:49:33 214528 ----a-w- c:\windows\system32\itlpfw44.dll
2011-03-14 15:53:11 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\ApplicationHistory
2011-03-14 02:38:50 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
2011-03-14 02:38:50 221184 ----a-w- c:\windows\system32\rspencr330.ocx
.
==================== Find3M ====================
.
2011-02-07 23:51:08 84 ----a-w- C:\ProgramFilesBackup.bat
2011-02-06 22:09:42 72192 ----a-w- C:\tasklist.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: Maxtor_6L100P0 rev.BAJ41G10 -> Harddisk0\DR0 -> \Device\Ide\IdePort4 P4T0L0-16
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8456D439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x845737d0]; MOV EAX, [0x8457384c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x8457E030]
3 CLASSPNP[0xF765D05B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\00000065[0x8457FE78]
5 ACPI[0xF74F3620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x84528308]
\Driver\atapi[0x8454ADC8] -> IRP_MJ_CREATE -> 0x8456D439
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
\Device\Ide\IdeDeviceP4T0L0-16 -> \??\IDE#DiskMaxtor_6L100P0__________________________BAJ41G10#324c5233444e4733202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8456D27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:30:47.32 ===============
 

Attachments

·
Registered
Joined
·
2,656 Posts
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

For AVG antivirus and anti-spyware security software users only.
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #5 ·
ComboFix 11-03-19.06 - Compaq_Owner 03/21/2011 10:14:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.128 [GMT -5:00]
Running from: c:\miscellaneous\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_ITLPERF
-------\Service_6to4
-------\Service_Ias
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
.
.
2011-03-17 23:36 . 2011-03-17 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-17 18:08 . 2011-03-17 18:08 -------- d-----w- c:\program files\2BrightSparks
2011-03-16 16:28 . 2011-03-16 16:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-03-15 03:49 . 2011-03-15 03:49 214528 ----a-w- c:\windows\system32\itlpfw44.dll
2011-03-14 16:45 . 2011-03-14 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2011-03-14 15:53 . 2011-03-14 15:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
2011-03-14 02:38 . 2006-10-07 21:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx
2011-03-14 02:38 . 2006-02-13 06:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
2011-02-26 22:52 . 2011-02-26 22:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\CyberLink
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 23:40 . 2011-02-07 19:59 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-07 23:51 . 2011-02-07 23:49 84 ----a-w- C:\ProgramFilesBackup.bat
2011-02-06 22:09 . 2011-02-06 22:09 72192 ----a-w- C:\tasklist.exe
2011-01-10 19:23 . 2011-02-07 19:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"RThdcpl"="c:\windows\RTHDCPL.EXE" [2006-01-11 15961088]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=c:\windows\pss\palstart.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-10-27 19:07 2408144 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-01-10 19:23 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX410 Series]
2008-10-01 07:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFCA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
2003-10-14 16:36 38984 ----a-w- c:\progra~1\ICQ\ICQNet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
2005-10-31 19:47 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 03:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 15:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"wuauserv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"RasMan"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"BITS"=2 (0x2)
"WZCSVC"=2 (0x2)
"UPS"=3 (0x3)
"Fax"=3 (0x3)
"itlperf"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [6/24/2006 7:34 AM 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/7/2011 2:59 PM 135336]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [5/14/2006 11:49 AM 140440]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS --> c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = yahoo.com
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9l8vhnu5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
Notify-crypt32chain - (no file)
Notify-cryptnet - (no file)
Notify-cscdll - (no file)
Notify-ScCertProp - (no file)
Notify-Schedule - (no file)
Notify-sclgntfy - (no file)
Notify-SensLogn - (no file)
Notify-termsrv - (no file)
Notify-wlballoon - (no file)
MSConfigStartUp-dmdeo - c:\windows\system32\dmdeo.exe
MSConfigStartUp-Google Update - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-UnSpyPC - c:\program files\UnSpyPC\UnSpyPC.exe
MSConfigStartUp-Windows update loader - c:\windows\xpupdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-21 10:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Java\jre1.5.0_05\bin\jusched.exe
.
**************************************************************************
.
Completion time: 2011-03-21 10:31:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-21 15:31
.
Pre-Run: 58,983,776,256 bytes free
Post-Run: 58,860,290,048 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A27CAADEB6539496768C5B584B1CCC41
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #6 ·
Thank you for all your help.
Is there any chance of learning:
1)What malware this was...
2)What route it took to get onto my machine...
3)Where is was located...
4)What corrections had to be taken...

etc....

I prefer to know what's going on in this POC....as opposed to alot of computer owners who'd rather stay ignorant.

Thanks again
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top