Jump to content

Svchost.exe virus is back


Recommended Posts

Hello and welcome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

 


On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.
 
        'Could not load DDA driver'
 
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

 

To get the log from Malwarebytes do the following:

 


Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:
 
  Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

If Malwarebytes is not installed follow these instructions first:

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also let me if there are any remaining issues or concerns...

 

Thanks,

 

Kevin...

 

 

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Hello,

Thank you for the swift reply I have followed your instructions  here are all the logs. Seems like it's gone again but it sure is persistent, it seems to be killed and then always comes back to life.

 

 

Fixlog.txt

JRT.txt

AdwCleanerS0.txt

mrt.log

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/5/2015
Scan Time: 12:42:16 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.05.05
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jamian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 464630
Time Elapsed: 13 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Fixlog.txt

Link to post
Share on other sites

I want you to upload a file to VirusTotal and have it checked....

 

 

Go to http://www.virustotal.com/

 


Click the Choose file button
Navigate to the file C:\WINDOWS\SysWOW64\Drivers\adip58209xxc.sys
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.

 

Let me see the results....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

If the file is not listed as malicious by VT that is ok by me, what is the current status of your sytem, are there any remaining issues or concerns?

 

run the following:

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Link to post
Share on other sites

Hello,

I am not seeing any evidence of the virus on my system hopefully it stays that way.

Here are the results of the security check:

 

 

 

Results of screen317's Security Check version 1.003  

   x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Java 8 Update 25  

 Java SE Development Kit 8 Update 25 

 JavaScript Tooling    

 Visual Studio Extensions for Windows Library for JavaScript 

 Java version 32-bit out of Date! 

 Adobe Flash Player 17.0.0.169  

 Mozilla Firefox (36.0) 

 Google Chrome (43.0.2357.81) 

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 Windows Defender MpCmdRun.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

Thanks for the update and log, continue please:

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

If no remaining issues or concerns run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Hey there Kevin,

So yesterday everything seemed fine but when I rebooted this evening and ran a malwarebytes scan, it detected the same svchost.exe trojan and several registry keys related to it. I'm wondering if I should just reinstall my OS at this point, as so much time has been spent attempting to eradicate this virus that I could already have had a clean install and most of my data back on my machine at this point. I won't do that however until you get back to me. Thank you for that link I haven't had time to read the whole thing but what I have read is very helpful. Anyways, let me know how I should proceed.

Thank You.

Link to post
Share on other sites

Can you post the log from Malwarebytes that shows the entry for svchost. Obviously if this issue has returned there must be a hidden dropper somewher on your system that we have missed.

 

To move forward there are two choices, either reformat and reinstall or carry out more indepth scans to locate the dropper. That choice really is upto you....

 

if you wish to continue the hunt do the following:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


      Internet access
      Windows Update
      Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Next,

 

If MBAR fails to find any issues continue with GMER:

 

Please download Gmer from Here by clicking on the "Download EXE" Button.

 

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
     
            Sections
            IAT/EAT
            Show All ( should be unchecked by default )
     
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

 

Please post the content of the ark.txt here.

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

**If GMER crashes** Follow the instructions here and disable your security temporarily…

 

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Hi there Kevin,

So I've decided to proceed with hunting down this thing, I will not let it beat me! :)

I ran MBAR and it found the rootkit twice and the third time my computer seemed clean here are those logs:

 

mbar-log-2015-06-07 (11-13-01).txt

mbar-log-2015-06-07 (11-21-36).txt

mbar-log-2015-06-07 (11-46-51).txt

system-log.txt

 

Here is the original Malwarebytes scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/6/2015
Scan Time: 5:54:10 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.06.07
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jamian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 464235
Time Elapsed: 12 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ApplicationLayerGateway32, Quarantined, [720df9be38528fa71e6c740fd62ef60a], 
Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WMIconfigPerformance, Quarantined, [720df9be38528fa71e6c740fd62ef60a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Downloader, C:\Windows\SysWOW64\drivers\svchost.exe, Quarantined, [720df9be38528fa71e6c740fd62ef60a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Excellent, we still need to run an online AV scan to make sure we leave no remnants of the infection. Online scans a very thorough so this may take several hours, this is very worthwhile completing....

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Thank you,

 

Kevin....

Link to post
Share on other sites

Hello Kevin,

 

So here's what the scan came back with:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d54d7c19485b0140a0efb691323b5b2d
# end=init
# utc_time=2015-06-08 02:46:43
# local_time=2015-06-07 07:46:43 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24215
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d54d7c19485b0140a0efb691323b5b2d
# end=updated
# utc_time=2015-06-08 02:51:55
# local_time=2015-06-07 07:51:55 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d54d7c19485b0140a0efb691323b5b2d
# engine=24215
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-08 10:28:28
# local_time=2015-06-08 03:28:28 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 10755300 0 0
# scanned=1298532
# found=9
# cleaned=0
# scan_time=27392
sh=E7C81F39224B666B6D0F04949C67390284ABE544 ft=1 fh=a40a66cfff421e84 vn="Win32/ServiceEx.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\WINDOWS\SysWOW64\drivers\svchost.exe.xBAD"
sh=A5F7A17AAAEF8CBA515FF743D690CBC03ED24EF1 ft=1 fh=1aecfc34752b85e2 vn="Win32/Packed.Autoit.H suspicious application" ac=I fn="C:\Program Files (x86)\Common Files\Microsoft Shared\DW\syseventman32.exe"
sh=BC9673589A327850B92C872D63E0DF225592E1AD ft=1 fh=199699566cc318ff vn="Win32/Packed.Autoit.H suspicious application" ac=I fn="C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\syscomplus80.exe"
sh=55CEEDDC9DB74DCE91C035E4B907A3E0AD5F463E ft=1 fh=3b2de6ea0275257a vn="a variant of Win32/InstallCore.UE potentially unwanted application" ac=I fn="C:\Users\Jamian\Downloads\FileZilla_3.9.0.6_win32-setup.exe"
sh=C57749313670129A668B5BA92293185D3CE29716 ft=1 fh=60fb2c33c03eb69d vn="multiple threats" ac=I fn="C:\Users\Jamian\Downloads\XeMu360_Setup.exe"
sh=CB4EA389EDC69D94227335620B2B53B59BAB13A4 ft=1 fh=8ccf98396f9ec510 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Jamian\Downloads\x230 drivers\g1ic09ww.exe"
sh=A5F7A17AAAEF8CBA515FF743D690CBC03ED24EF1 ft=1 fh=1aecfc34752b85e2 vn="Win32/Packed.Autoit.H suspicious application" ac=I fn="C:\Windows\SysWOW64\drivers\UMDF\profileconfig2.exe"
sh=BC9673589A327850B92C872D63E0DF225592E1AD ft=1 fh=199699566cc318ff vn="Win32/Packed.Autoit.H suspicious application" ac=I fn="C:\Windows\SysWOW64\drivers\UMDF\en-US\eventlogman32.exe"
sh=BC9673589A327850B92C872D63E0DF225592E1AD ft=1 fh=199699566cc318ff vn="Win32/Packed.Autoit.H suspicious application" ac=I fn="C:\Windows\Temp\rsqbwh\eventlogman32.exe"
 
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Let me see that log, also let me know if any remaining issues or cocnerns...

 

Thanks,

 

Kevin...
 

 

Fixlist.txt

Link to post
Share on other sites

Hey there Kevin,

 

No sign of the trojan again but it always seems to come back after some time so I'm still a little hesitant to say it's completely gone.

Seems like you got it though. Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Jamian at 2015-06-08 08:53:00 Run:2
Running from C:\Users\Jamian\Desktop
Loaded Profiles: Jamian (Available Profiles: Jamian & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\syscomplus80.exe
C:\Users\Jamian\Downloads\FileZilla_3.9.0.6_win32-setup.exe
C:\Users\Jamian\Downloads\XeMu360_Setup.exe
C:\Windows\SysWOW64\drivers\UMDF\en-US\eventlogman32.exe"
C:\Windows\Temp\rsqbwh\eventlogman32.exe
Empytemp:
End
*****************
 
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\syscomplus80.exe => moved successfully.
C:\Users\Jamian\Downloads\FileZilla_3.9.0.6_win32-setup.exe => moved successfully.
C:\Users\Jamian\Downloads\XeMu360_Setup.exe => moved successfully.
C:\Windows\SysWOW64\drivers\UMDF\en-US\eventlogman32.exe => moved successfully.
C:\Windows\Temp\rsqbwh\eventlogman32.exe => moved successfully.
Empytemp: => Error: No automatic fix found for this entry.
 
==== End of Fixlog 08:53:01 ====
Link to post
Share on other sites

Hello Kevin,

 

So It's been two days now and I see no sign of the virus I think we can officially call it cleaned. Thank you so much for your valiant support. I assume you have some script you would like me to run to clean up the tools and logs we created...

 

Have a great day

Link to post
Share on other sites

Good to hear your system is responding well with no issues, to clean up we run Delfix:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

Remove disinfection tools

Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.

Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....
 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care and surf safe,

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.