Page 1 of 2 12 LastLast
Results 1 to 10 of 13
Like Tree1Likes

Thread: worm

  1. #1
    On and Off Hanagai's Avatar
    Join Date
    Jun 2012
    Location
    Norway
    Age
    23
    Posts
    2,716
    Thanks
    5
    Thanked 60 Times in 52 Posts
    Points: 11,825, Level: 71
    Points: 11,825, Level: 71
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsRecommendation Second ClassVeteran10000 Experience Points

    worm

    umm.. seems like i have a worm in my computer that spamms message (not gona say what message) but i than do a quick scan and it always finds 1 or 2 worm inside system32 folder.

    anyone know how i can make them from stop comming back. happend like 3-4 times now.

    doing another full scan right now, while im surfing for information on how to deal with this.
    Ignore This Signature
    [
    I'm back my friends

    Eucliwood here :3
      Spoiler: old sig 

    Thanks unownHGSS for the sig :3

  2. # ADS
    Circuit advertisement
    Join Date
    Always
    Location
    Advertising world
    Age
    2010
    Posts
    Many
     

  3. #2
    (=^・ェ・^=) Sakimichi's Avatar
    Join Date
    May 2011
    Location
    Pure-sempai's arms
    Posts
    1,473
    Thanks
    177
    Thanked 3,611 Times in 357 Posts
    Points: 22,001, Level: 92
    Points: 22,001, Level: 92
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsRecommendation First ClassVeteranTagger First ClassYour first GroupOverdrive

    Re: worm

    I use this HouseCall in safemode.
    If it's facebook related, then remove application permission from facebook.
    Ignore This Signature
    Donations for Otome Game: 0%

    Donations currently CLOSED. Thank you for the support! We can at least survive for half a year :3
    Otome & BL discussion forum
    Forum Rules and Guidelines| Status: April fools!

  4. #3
    - 上音 真白♥ - Neko's Avatar
    Join Date
    Nov 2011
    Location
    ASF Basement
    Posts
    10,326
    Thanks
    368
    Thanked 444 Times in 236 Posts
    Points: 43,137, Level: 100
    Points: 43,137, Level: 100
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsOverdriveYour first Group25000 Experience PointsTagger First ClassRecommendation First Class
    Awards:
    SOTM #11 WinnerSOTM #15 WinnerSOTM #17 Winner

    Re: worm

    Are you open some unknown websites before?
    Ignore This Signature

  5. #4
    On and Off Hanagai's Avatar
    Join Date
    Jun 2012
    Location
    Norway
    Age
    23
    Posts
    2,716
    Thanks
    5
    Thanked 60 Times in 52 Posts
    Points: 11,825, Level: 71
    Points: 11,825, Level: 71
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsRecommendation Second ClassVeteran10000 Experience Points

    Re: worm

    not thati know off.
    Ignore This Signature
    [
    I'm back my friends

    Eucliwood here :3
      Spoiler: old sig 

    Thanks unownHGSS for the sig :3

  6. #5
    Senior Member Evac's Avatar
    Join Date
    Apr 2012
    Posts
    222
    Thanks
    18
    Thanked 52 Times in 36 Posts
    Points: 2,984, Level: 33
    Points: 2,984, Level: 33
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three Friends1000 Experience PointsVeteranRecommendation Second Class

    Re: worm

    Hi, Eucliwood.

    Let's see what we can do about this damn malware...
    First, run HijackThis and post or link the log. Please do not fix checked options if you're not sure what they are about. Let's hope we can find what we need in this log.

    By the way... Can you see hidden files in your computer? (just to be sure it's not one of those ridiculously annoying viruses that get themselves hidden and don't let you see or access their attributes)

  7. #6
    On and Off Hanagai's Avatar
    Join Date
    Jun 2012
    Location
    Norway
    Age
    23
    Posts
    2,716
    Thanks
    5
    Thanked 60 Times in 52 Posts
    Points: 11,825, Level: 71
    Points: 11,825, Level: 71
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsRecommendation Second ClassVeteran10000 Experience Points

    Re: worm

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:15:44, on 07.06.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Eier\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Eier\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Jensen\Common\JensenUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
    C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
    C:\Users\Eier\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eier\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eier\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Eier\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eier\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eier\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eier\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll
    O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
    O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Eier\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Eier\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [WinDefender] C:\Users\Eier\AppData\Local\Temp\WinDefender.exe
    O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program Files (x86)\Jensen\Common\JensenUI.exe
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Jensen\Common\RalinkRegistryWriter.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11418 bytes
    Ignore This Signature
    [
    I'm back my friends

    Eucliwood here :3
      Spoiler: old sig 

    Thanks unownHGSS for the sig :3

  8. #7
    Senior Member Evac's Avatar
    Join Date
    Apr 2012
    Posts
    222
    Thanks
    18
    Thanked 52 Times in 36 Posts
    Points: 2,984, Level: 33
    Points: 2,984, Level: 33
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three Friends1000 Experience PointsVeteranRecommendation Second Class

    Re: worm

    Thank you for posting.

    At first glance, you can clear all the lines from O1 to O3, especially if you don't use Internet Explorer, unless you find something you believe it's useful (like Hotspot Shield).
    This line from my log, for instance...

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

    Is from my internet banking plugin, so I'm absolutely sure I have to keep this (and it is the only one I have, in fact).

    O4 labeled lines are programs being initialized at startup. You could clean all of them as well, unless you really want one of those programs to start with Windows (like Skype). This one specifically caught my attention:

    O4 - HKCU\..\Run: [WinDefender] C:\Users\Eier\AppData\Local\Temp\WinDefender.exe

    As far as I know, Windows Defender is supposed to be an antispyware software from Microsoft, but I'm sure it was not designed to run from your Temp folder.

    I'll search about the rest of the lines, but you may safely clean all those I mentioned above. I'm not sure if this will be enough to fix your problem, but might be the first step.
    Last edited by Evac; June 7th, 2012 at 10:57 PM.

  9. #8
    (=^・ェ・^=) Sakimichi's Avatar
    Join Date
    May 2011
    Location
    Pure-sempai's arms
    Posts
    1,473
    Thanks
    177
    Thanked 3,611 Times in 357 Posts
    Points: 22,001, Level: 92
    Points: 22,001, Level: 92
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsRecommendation First ClassVeteranTagger First ClassYour first GroupOverdrive

    Re: worm

    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Verktygsfält 5.0\aoltb.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    Off topic but, I really recommend not using toolbars ^_^;;

    Anyway..I copy pasta your logfile here and here, there are many websites that offer Hijackthis analyzer. But from your results, the only thing that is needed to be fixed is your Ask Toolbar entry I'm not sure if it can remove the worm though. Here's a helpful tutorial on how to read your logfile if you want to manually analyze it yourself.

    Have you tried putting USB pen drives (flash disk) on your PC before that happened?
    Last edited by Sakimichi; June 8th, 2012 at 09:19 AM.
    Ignore This Signature
    Donations for Otome Game: 0%

    Donations currently CLOSED. Thank you for the support! We can at least survive for half a year :3
    Otome & BL discussion forum
    Forum Rules and Guidelines| Status: April fools!

  10. #9
    On and Off Hanagai's Avatar
    Join Date
    Jun 2012
    Location
    Norway
    Age
    23
    Posts
    2,716
    Thanks
    5
    Thanked 60 Times in 52 Posts
    Points: 11,825, Level: 71
    Points: 11,825, Level: 71
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three FriendsRecommendation Second ClassVeteran10000 Experience Points

    Re: worm

    Quote Originally Posted by Sakimichi View Post

    Have you tried putting USB pen drives (flash disk) on your PC before that happened?
    yes, but i dont have any programs on my USB. just pictures and text files.
    Ignore This Signature
    [
    I'm back my friends

    Eucliwood here :3
      Spoiler: old sig 

    Thanks unownHGSS for the sig :3

  11. #10
    Senior Member Evac's Avatar
    Join Date
    Apr 2012
    Posts
    222
    Thanks
    18
    Thanked 52 Times in 36 Posts
    Points: 2,984, Level: 33
    Points: 2,984, Level: 33
    Overall activity: 0%
    Overall activity: 0%
    Achievements:
    Three Friends1000 Experience PointsVeteranRecommendation Second Class

    Re: worm

    Thank you for the links and guide, Sakimichi!
    Indeed, Eucliwood, toolbars are really useless and I do believe they were installed unintentionally (gotta pay more attention when you're installing new programs... xD).

    I can safely say that Ask toolbar is not the only problem with your log, but most of my suggestions on the previous post were for optimization purposes. Removing programs from startup and removing unimportant dll entries will reduce the OS initialization time and give you more free memory. But that Windows Defender application running at startup is definitely suspicious and I believe it may be related to the malware you're looking for... Try fixing at least this one and running a full scan.

    Also, you probably noticed the fair amount of entries with (file missing) in the end, right? These are not broken and don't need to be fixed. This is because of some chaos on Windows API the programmers didn't bother to fix. A few more function calls and this "problem" would be solved.
    Last edited by Evac; June 8th, 2012 at 07:17 PM.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •