Virtumonde and Virtumonde.dll - please help

[3rdwatch]

Thanks for your help. I am trying to follow instructions.

It did get installed, but not like you outlined. Is it okay?

Let me know.


ComboFix 08-07-02.5 - Cole 2008-07-04 21:15:30.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1727 [GMT -5:00]
Running from: C:\Documents and Settings\Cole\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-04 17:22 . 2008-07-04 17:22 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Malwarebytes
2008-07-04 17:22 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 17:21 . 2008-07-04 17:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 17:21 . 2008-07-04 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 17:21 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-02 20:59 . 2008-07-02 23:14 <DIR> d-------- C:\Documents and Settings\Cole\.housecall6.6
2008-06-29 17:21 . 2008-06-29 17:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 00:27 . 2008-06-29 00:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-29 00:26 . 2008-06-29 00:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 20:59 . 2008-07-04 18:31 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-06-28 11:58 . 2008-07-03 20:58 762 --a------ C:\WINDOWS\wininit.ini
2008-06-28 00:59 . 2008-06-28 00:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 00:59 . 2008-07-03 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 00:57 . 2008-06-28 00:57 <DIR> d-------- C:\Program Files\Tetris
2008-06-28 00:49 . 2008-06-28 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-28 00:47 . 2008-06-28 00:47 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-28 00:47 . 2008-06-28 00:47 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-06-28 00:46 . 2008-06-28 00:46 <DIR> d-------- C:\Program Files\CA
2008-06-28 00:46 . 2008-06-28 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-06-28 00:46 . 2008-06-28 00:57 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2008-06-28 00:46 . 2008-06-28 00:57 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-06-28 00:46 . 2008-06-28 00:57 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2008-06-28 00:46 . 2008-06-28 00:57 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-28 00:46 . 2008-06-28 00:57 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-28 00:46 . 2008-06-28 00:57 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-28 00:46 . 2008-06-28 00:57 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-28 00:45 . 2008-06-28 21:00 <DIR> d-------- C:\Program Files\Google
2008-06-28 00:44 . 2008-04-13 13:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-28 00:23 . 2008-04-22 23:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-28 00:23 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-28 00:23 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-28 00:23 . 2008-04-22 23:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-28 00:23 . 2008-04-22 23:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-28 00:23 . 2008-04-22 23:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-28 00:23 . 2008-04-22 23:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-28 00:23 . 2008-04-22 23:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-28 00:23 . 2008-04-22 02:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-28 00:05 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-28 00:04 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-27 23:51 . 2008-06-27 23:51 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-27 23:51 . 2008-06-27 23:51 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-27 23:51 . 2008-06-27 23:51 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-27 23:51 . 2008-06-27 23:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-27 23:49 . 2008-06-27 23:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-27 23:39 . 2008-06-27 23:39 <DIR> d-------- C:\WINDOWS\EHome
2008-06-27 23:31 . 2004-08-03 22:29 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-27 23:20 . 2008-06-28 00:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-27 23:20 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 23:14 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-27 23:14 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-27 23:14 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-27 23:14 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-27 23:14 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-27 23:13 . 2008-06-27 23:13 <DIR> d--hs---- C:\Documents and Settings\Cole\UserData
2008-06-27 23:13 . 2008-06-27 23:13 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-27 23:00 . 2008-07-02 20:59 <DIR> d-------- C:\Documents and Settings\Cole

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 03:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:28 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:23 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 17:23 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-28_19.22.09.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 00:18:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 02:12:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 19:22:56 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
+ 2008-01-16 03:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll
+ 2001-07-14 22:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 00:46 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-06-28 00:57 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-06-28 00:57 230928]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04281118-44d7-11dd-aa10-00e0184fdf2a}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c141aba-44d5-11dd-aa0f-00e0184fdf2a}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 21:16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-04 21:18:20
ComboFix-quarantined-files.txt 2008-07-05 02:18:08
ComboFix2.txt 2008-07-05 00:48:23
ComboFix3.txt 2008-07-04 02:55:06
ComboFix4.txt 2008-06-29 05:20:23
ComboFix5.txt 2008-06-29 00:24:47

Pre-Run: 1,028,562,944 bytes free
Post-Run: 1,018,187,776 bytes free

167 --- E O F --- 2008-06-28 05:25:40

[pskelley]

Remove combofix from your computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.



How is your computer running, any malware problems?

Some good information for you:
http://users.telenet.be/bluepatchy/m...wcomputer.html
http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/m...revention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

[3rdwatch]

It is uninstalled. Should I do the same to the malware program?

I have not been using the computer for much since the infection but it seems to run fine.


From your post#8 -Thanks for that feedback, I see infected System Restore files in the MBAM scan, we will clean those soon. This is the next bridge we must cross.

Do we need to remove the Systerm Restore files? Here is the current HJT log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:45 AM, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214626441281
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 4017 bytes

Thanks for all of your help.

How did you learn about the trojans, malware and etc anyway?

[pskelley]

Do we need to remove the Systerm Restore files?

I posted those instructions for you:
Clear System Restore Points for Performance
http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

How did you learn about the trojans, malware and etc anyway?

It all started when I got infected maybe ten years ago. I went to Dell forums and the helper because my mentor and pointed me in the direction of free online training. The free online training is still available if you have an interest. Malware is no longer easy to remove as kids playing games were moved aside by organized crime:
Example: http://en.wikipedia.org/wiki/Russian_Business_Network
http://rbnexploit.blogspot.com/
as I said, free training is available, but it is not easy, requires a lot of hard work on your part and a desire to help people.

MBAM is a good free on demand scanner, keep it if you wish.

Thanks...Phil

[3rdwatch]

Many thanks. I deleted the restore points and the computer is fine. I also reactivated the anti-virus programs.

I would like to know more about this free training for malware and trojans.

You spoke of helping people. This computer is my brothers. His grandchildren were on it (I am cleaning it up for no charge). His daughter's (their mother) computer is next. It problably has similar problems.

Thanks again and let me know what I need to do to sign up for the training.

[pskelley]

Sorry for the delay in getting this information, you are probably aware Safer Networking has been down for at least 24 hours.

Multiples mentions:
http://www.nutnworks.com/forums/anno...t.php?f=13&a=9
http://www.virusvault.co.uk/fusionbb.../hjt+training/

Individual school websites:
http://malwareremoval.com/forum/viewtopic.php?t=233
http://www.bleepingcomputer.com/forums/topic4970.html
http://www.geekstogo.com/forum/Would...are-t4817.html
http://www.spywareinfoforum.com/index.php?showtopic=34
http://forums.whatthetech.com/What_t...om_t80368.html
http://www.techsupportforum.com/secu...n-academy.html

Thanks for your interest...Phil