WiredWX Hobby Weather ToolsLog in

 


Infected Vista home premium Service pack 1 85.255.112.215 problem?

3 posters

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Success, removed McAfee and ran Combo-fix but the result is too big to post?
How do I show you?

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
DO you need all the information or just part of ComboFix scan log?

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Below are some of the key results of the Combfix as the full results were too large to put in here. I will send in two parts
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e4,bf,d9,be,25,ef,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5518B003-3A11-4DCC-BABD-65A7CDC9E462}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C2A56676-F3C3-43B2-B627-35FA1499FBC8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2A7AD432-0FAF-454B-BED1-E791EB9A79FA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B6348FC1-1D0C-4B4C-B44A-99F4F57DAEED}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8D2B920C-D9B8-471D-A88F-105F5FBC9558}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{177A75CA-7CFF-4349-8D0B-61FC0AEA3A45}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{AE25174F-D79C-41EC-965F-472D021ADBB5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{0A83A624-9D2A-43AD-8304-27E2C6D6D113}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F48CC65-905B-446B-9DC7-3C08A302DBB5}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{E6904C8B-981A-45E3-8928-08038DA9B7B8}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{226C8D64-9553-44D1-B66A-D4D4214B19CB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{FAC12E16-D5A9-4845-8F40-B99BE932F981}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{E206CFE5-0803-4CC1-956B-030DEAD48FF7}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{E5FA7801-FA65-4F14-9107-1F89F943CA9C}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{2D6C39DE-6BC3-426A-9090-23C186D7E934}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{6FECA731-7A4A-475A-A5D5-465FE99BEE84}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{9C21D352-F3AF-40C1-81FE-9B8E5E9FC678}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"TCP Query User{CDB66B2C-0E88-48D6-A431-9838D76390EA}c:\\users\\oakeyone\\program files\\dna\\btdna.exe"= UDP:c:\users\oakeyone\program files\dna\btdna.exe:btdna.exe
"UDP Query User{0105DFA6-AD02-4201-A71E-A17BE79D713C}c:\\users\\oakeyone\\program files\\dna\\btdna.exe"= TCP:c:\users\oakeyone\program files\dna\btdna.exe:btdna.exe
"TCP Query User{B76CC6DB-EE3D-4209-8E20-27B492B04621}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{2EBBC210-CF4F-4686-953D-167A3935E17F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/06/2009 10:20 269448]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [16/03/2008 20:01 30752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\oakeyone\Program Files\DNA\btdna.exe" [2009-02-28 321344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 203296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Rest of the results
ComboFix 09-06-16.05 - oakeyone 17/06/2009 18:14.3 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.44.1033.18.3071.2086 [GMT 1:00]
Running from: c:\users\oakeyone\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

2009-06-17 17:16 . 2009-06-17 17:16 -------- d-----w- c:\users\oakeyone\AppData\Local\temp
2009-06-17 17:02 . 2009-06-17 17:02 -------- d-----w- c:\program files\VS Revo Group
2009-06-17 12:02 . 2009-06-17 12:02 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-17 12:02 . 2009-06-17 12:04 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-06-17 09:45 . 2009-02-12 09:35 38208 ----a-w- c:\users\oakeyone\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-17 09:45 . 2009-06-17 09:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-17 09:45 . 2009-06-17 09:45 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-17 09:44 . 2009-06-17 11:23 -------- d-----w- c:\programdata\NOS
2009-06-17 09:44 . 2009-06-17 11:23 -------- d-----w- c:\program files\NOS
2009-06-17 09:30 . 2009-06-17 09:30 -------- d-----w- c:\program files\Java
2009-06-17 09:28 . 2009-06-17 09:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 08:22 . 2008-03-18 15:31 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-06-17 08:18 . 2009-06-17 08:18 -------- d-----w- c:\windows\system32\EventProviders
2009-06-17 08:17 . 2009-04-11 04:42 27648 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-17 08:00 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-17 08:00 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-16 17:00 . 2009-06-17 16:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-16 16:58 . 2008-12-04 00:25 120832 ----a-w- c:\users\oakeyone\AppData\Roaming\Mozilla\Firefox\Profiles\tcyp9i9m.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-16 16:50 . 2009-06-16 16:50 -------- d-----w- c:\users\oakeyone\AppData\Local\Mozilla
2009-06-16 16:29 . 2009-06-16 16:29 -------- d-----w- c:\users\oakeyone\AppData\Local\Yahoo
2009-06-16 15:25 . 2009-06-16 15:25 -------- d-----w- c:\programdata\Yahoo!
2009-06-16 10:38 . 2009-06-16 10:38 -------- d-----w- c:\users\oakeyone\AppData\Roaming\Media Player Classic
2009-06-16 10:38 . 2009-01-21 10:38 158249 ----a-w- c:\windows\system32\Downlnvw.exe
2009-06-16 07:35 . 2009-06-16 07:35 -------- d-----w- c:\users\oakeyone\AppData\Local\Acer DVDivine
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\users\oakeyone\AppData\Local\Acer DV Magician
2009-06-16 06:51 . 2009-06-16 06:51 -------- d-----w- c:\users\oakeyone\AppData\Roaming\dvdcss
2009-06-16 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-16 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-11 16:28 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 16:28 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 16:28 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-29 09:35 . 2009-05-30 10:01 -------- d-----w- c:\users\oakeyone\AppData\Roaming\DivX
2009-05-29 09:31 . 2009-05-29 09:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-29 09:31 . 2009-06-12 11:10 -------- d-----w- c:\program files\DivX
2009-05-29 09:31 . 2009-06-12 11:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 17:40 . 2009-06-16 11:53 -------- d-----w- c:\users\oakeyone\AppData\Roaming\skypePM
2009-05-26 17:39 . 2009-06-16 14:53 -------- d-----w- c:\users\oakeyone\AppData\Roaming\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----w- c:\program files\Common Files\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----r- c:\program files\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 17:12 . 2009-06-17 08:10 4838 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-17 17:07 . 2008-03-16 20:04 -------- d-----w- c:\programdata\McAfee
2009-06-17 17:07 . 2008-03-16 20:04 -------- d-----w- c:\program files\McAfee
2009-06-17 17:07 . 2009-02-21 19:26 -------- d-----w- c:\users\oakeyone\AppData\Roaming\DNA
2009-06-17 13:03 . 2009-02-21 19:27 -------- d-----w- c:\users\oakeyone\AppData\Roaming\BitTorrent
2009-06-17 09:46 . 2008-03-16 20:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-17 08:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-17 08:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-17 08:05 . 2009-02-07 12:37 101856 ----a-w- c:\users\oakeyone\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 07:58 . 2008-03-16 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-06-17 07:57 . 2008-03-16 19:29 -------- d-----w- c:\program files\Microsoft Works
2009-06-16 15:25 . 2009-02-07 12:52 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-16 15:25 . 2008-03-16 20:02 -------- d-----w- c:\program files\Yahoo!
2009-06-16 09:24 . 2008-03-16 19:45 -------- d-----w- c:\program files\Acer Arcade Live
2009-06-16 07:34 . 2009-04-11 14:13 -------- d-----w- c:\users\oakeyone\AppData\Roaming\CyberLink
2009-05-26 17:40 . 2009-05-26 17:40 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-04 11:25 . 2009-05-03 16:51 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-05-04 11:25 . 2008-03-16 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown


------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
Trusted Zone: microsoft.com\www
FF - ProfilePath - c:\users\oakeyone\AppData\Roaming\Mozilla\Firefox\Profiles\tcyp9i9m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\oakeyone\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 18:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2664)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2009-06-17 18:17
ComboFix-quarantined-files.txt 2009-06-17 17:17

Pre-Run: 236,770,017,280 bytes free
Post-Run: 236,680,642,560 bytes free

199 --- E O F --- 2009-06-17 08:22

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
See anything that needs fixing or changing?

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Nope, all looks good to me.
Still having problems?

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Do you think the HijackThis, deletion of the three or four files and Combi-fix solved the problem?
I will reload McAfee and see if IE7 browsers gets diverted to other websites and get back to you. In the menatime thankyou for all support and efforts and I will certainly be making a donation.
Ian

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Latest update, was tied up yesterday and had to please the misses........in a good way.
I have now re-installed McAfee, Malwarebytes and managed to update Windows to Service Pack 2 and IE8.
I did a scan with Malwarebytes and it said I had Bifrost Backdoor, which it quantined and then removed.
On starting IE8 I keep getting it closed with a statement DEP Data Execution Prevention. (which according to the information prevent damage from virus and security threats and uses system memory safely)
What would you suggest be my next step? Do you need another scan log?
Ian

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Forgot to mention, when I do manage to start IE8 it keeps closing saying that "the program has stop working and will restart" is this to do with the new IE8 ?

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Just done a full scan with McAfee and it came up with Artemis virus that it removed and quarantined.

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Where did it find it?

The IE8 problem is likely an add-on that it doesn't like.
Right click the IE8 icon on your Desktop, and there will be an option to run it without add-ons.

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Artemis was in the Combo-Fix.exe file (desktop) and is in McAfee Quarantine
Qoobox was in Windows\system32\MSIVX(lots of letters).dll.vir and is in
Malwarebyte Quarantine
Not sure where Bifrost Backdoor was as it was deleted.

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Is the abobe OK, or do I need to delete these?
IE8 is now working fine with the add-ons turned off

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
Hello.
This is fine. C:\Qoobox\C\Windows\etc is Combofix quarantine folder.

Just delete the Qoobox folder.

Find out what add-ons you are running normally in IE8 and disable them one by one and see which is causing the problem.

descriptionInfected Vista home premium Service pack 1 85.255.112.215 problem? - Page 2 EmptyRe: Infected Vista home premium Service pack 1 85.255.112.215 problem?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum