Results 1 to 10 of 10

Thread: Java compromised? Keylogger?

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    5

    Unhappy Java compromised? Keylogger?

    I'm running XP SP2. Noticed a window would appear intermittently in my taskbar then disappear before I could read what it was. Got worried it might be malware of some kind. Ran ad-aware but it continued. Then found this forum and followed your directions as well.

    Thanks!

    Here's the results.

    ------ e-Trust antivirus scan results start ------

    ar3.jar-29592d84-70658dcd.zip>Gummy.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    ar3.jar-29592d84-70658dcd.zip>Counter.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    ar3.jar-29592d84-70658dcd.zip>VerifierBug.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    ar3.jar-29592d84-70658dcd.zip>Beyond.class Java/Shinwow.N infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    classload.jar-da4ff31-54ea248b.zip Java/Shinwow.Q!ZIP infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    classload.jar-da4ff31-54ea248b.zip>GetAccess.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    classload.jar-da4ff31-54ea248b.zip>InsecureClassLoader.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    classload.jar-da4ff31-54ea248b.zip>Dummy.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    classload.jar-da4ff31-54ea248b.zip>Installer.class Java/Shinwow.Q infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-1eb3df3b-7ec66bff.zip Java/Shinwow.AT!ZIP infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-1eb3df3b-7ec66bff.zip>BlackBox.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-1eb3df3b-7ec66bff.zip>VerifierBug.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-1eb3df3b-7ec66bff.zip>Dummy.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-1eb3df3b-7ec66bff.zip>Beyond.class Java/Shinwow.AT infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-fc99d0-4acfc31b.zip Java/Shinwow.AT!ZIP infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-fc99d0-4acfc31b.zip>BlackBox.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-fc99d0-4acfc31b.zip>VerifierBug.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-fc99d0-4acfc31b.zip>Dummy.class Java/ByteVerify!exploit infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\
    count.jar-fc99d0-4acfc31b.zip>Beyond.class Java/Shinwow.AT infected C:\RECYCLER\S-1-5-21-790525478-1580818891-725345543-1003\Dc3\Deployment\cache\javapi\v1.0\jar\

    ------ e-Trust antivirus scan results end ------


    ------ HJT log start ------

    Logfile of HijackThis v1.99.1
    Scan saved at 9:03:24 PM, on 7/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163882810840
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163882845715
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    ------ HJT log end ------

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Those items look to be in the Recycle Bin >>> http://www.microsoft.com/resources/d....mspx?mfr=true

    From the looks of those you recently had an infected Java cache, carefully follow these directions to clean the Java cache:
    http://support.f-secure.com/enu/home...avacache.shtml

    Run clean mananger
    http://spyware-free.us/tutorials/cleanmgr/

    Restart the computer and post a new HJT log (in normal mode, NOT safe mode) and let me know about any malware issues.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Jul 2007
    Posts
    5

    Default

    I did read and act on all the information in the "Read this first" thread. I did as you noticed fail to reboot my machine out of safe mode before creating my previously posted hijackthis log. :(

    I followed your directions and cleared out my Java Cache. Previous to that I had completely uninstalled Java because it seemed to be the source of many of my problems.

    I ran the clean manager as you suggested as well.

    I haven't noticed any bad behavior since I did all the housecleaning. No sign of the mystery window popping up in the taskbar ever so often.

    Thanks so much for your help.

    - ook


    -----hijackthis log start-----

    Logfile of HijackThis v1.99.1
    Scan saved at 3:02:12 PM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163882810840
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163882845715
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    -----hijackthis log end-----

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning your information and your feedback. I actually think you had cleaned the bad stuff before you posted here. There is nothing wrong with Java: http://java.sun.com/java2/whatis/1996/
    but like all software, hackers will exploit it to their benefit if they can, see this: http://forums.spybot.info/showpost.p...80&postcount=2

    It looks like you picked up an infection but that is not hard to do, especially if you don't keep Java and all other programs updated.
    Have a look: http://www.theregister.com/2007/05/1...e_malware_map/
    http://redtape.msnbc.com/2007/05/the_next_net_th.html

    Your HijackThis log looks clean but I suggest you run that e-Trust antivirus scan again to make sure it shows nothing. Since your problem seems to have been resolved, I suggest you clean your System Restore files:
    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://users.telenet.be/bluepatchy/m...revention.html

    Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    5

    Default

    I ran the virus check again and nothing is showing up but unfortunately my mystery popup taskbar window is still hanging around. Do you have any ideas what it might be or how I can get rid of it...

    Thanks for all the great info btw some very handy / informative links.

    - ook

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Not without more information, It could be anything, try to see if you can provide more information about the Window. Let's have a look at your uninstall list in case it provides a clue.

    Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

    This may even be something valid Windows is doing, I am not sure where to start.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    5

    Default

    Yeah it's really frustrating not knowing what it is. It only pops up about once in 20mins for a split second seemingly at random. It seems to momentarily switch the focus of the app I am running. (very annoying when you are watching a movie since it will break full screen)

    Anyway I will continue to look for clues... Below is the uninstall list you asked for minus the Microsoft stuff.

    ACDSee Pro
    Ad-Aware SE Personal
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 9 ActiveX
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe Photoshop CS2
    Adobe Reader 8
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    BitTorrent 5.0.7
    Bookworm Adventures Deluxe 1.0
    Creative Audio Console
    Director 8.5 Shockwave Studio
    Disney's Princess Fashion Boutique
    DivX Codec
    EPSON TWAIN 5
    HijackThis 1.99.1
    HP Image Zone 4.0
    HP Software Update
    KhalSetup
    K-Lite Codec Pack 3.01 Standard
    Logitech Harmony Remote Software 7
    Logitech SetPoint
    Macromedia Director MX 2004
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    MagicDisc 2.5.74
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (2.0.0.3)
    Mozilla Firefox (2.0.0.4)
    Mozilla Thunderbird (1.5.0.12)
    NVIDIA Drivers
    OpenAL
    overland
    Photosmart 320,370,7400,8100,8400 Series
    Picasa 2
    Princess Magical Dress-Up
    QuickTime
    Shutterfly Plugin
    Spybot - Search & Destroy 1.4
    StatKing
    Tablet
    Trillian
    Ventrilo Client
    VideoLAN VLC media player 0.8.6b
    Winamp (remove only)
    WinRAR archiver
    World of Warcraft

  8. #8
    Junior Member
    Join Date
    Jul 2007
    Posts
    5

    Default

    I found this thread about a program called "overland" when I noticed it running in my task manager... The thread has someone mention something that pops up intermittently.

    http://www.castlecops.com/t126842-Ov...ding_data.html

    You think this might be it?

    - ook

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Good morning, I notice you said this:
    very annoying when you are watching a movie since it will break full screen
    You should be able to set that so there are no interruptions while you are viewing. Not sure the software you use but have a look in options. Once I go full screen to watch a video, etc. nothing interrupts me.

    uninstall list
    Mozilla Firefox (2.0.0.3)
    Mozilla Firefox (2.0.0.4)
    If you do have this installed twice, the old version is wasting space.

    I don't see anything that looks like malware, but I do not know all of your programs.

    Overland: I know nothing about this program, did you install it? I wonder why it would be running in Task Manager.
    http://www.netsquirrel.com/msconfig/
    It looks like a legitimate program but if you did not install it and don't know it, consider uninstalling it.
    http://www.overlandstorage.com/
    http://www.overlandstorage.com/about...d_landing.html

    Let's run a good scan if you have time. It will not remove anything for us, but should show anything hidden.
    Run this online scan using Internet Explorer:
    Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

    Next Click on Launch Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    * Standard
    * Scan Options:
    * Scan Archives
    * Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    * Select My Computer
    * This will program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
    * Save the file to your desktop.

    Then post it here.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic has been archived due to lack of a response.

    If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •