We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Virus?
Miroslav
Posts: 6,193 Forumite
in Techie Stuff
My PC keeps turning it's firewall off and when I try and load certain programs they just flash up and disappear - including avast antivirus.
I'm going to have to uninstall avast and re-install to be able to run a virus check but what can I do about firewall turning on and off?
Not downloaded anything new.
Also - Task Manager has been disabled by the administrator, apparently. I thought I was an administrator and I haven't turned it off.
Registry editor disabled too.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:14, on 16/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Java Update] C:\Documents and Settings\user\Local Settings\temp\java.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA52BBB-C2D8-4707-8245-5E3ABC9AC2A4}: NameServer = 92.31.242.20 92.31.241.21
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
--
End of file - 3576 bytes
I'm going to have to uninstall avast and re-install to be able to run a virus check but what can I do about firewall turning on and off?
Not downloaded anything new.
Also - Task Manager has been disabled by the administrator, apparently. I thought I was an administrator and I haven't turned it off.
Registry editor disabled too.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:14, on 16/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Java Update] C:\Documents and Settings\user\Local Settings\temp\java.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA52BBB-C2D8-4707-8245-5E3ABC9AC2A4}: NameServer = 92.31.242.20 92.31.241.21
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
--
End of file - 3576 bytes
0
Comments
-
I don't like the look of that Java.exe running from temp.
This will show a lot more than HJT.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
Will give it a go Waddler, thanks.
Alot of my programs that have regeistration keys won't open. I fear the keys are written down somewhere I can't find them.
Will do what you suggest now.0 -
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by user at 18:22:12 on 2012-04-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1315 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {7C910732-0013-0000-180A-850000008500}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.searchcanvas.com/?ot=6
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {D1121FE0-0145-44C9-AA35-72071AC20A9B} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Java Update] c:\documents and settings\user\local settings\temp\java.exe
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{1BA52BBB-C2D8-4707-8245-5E3ABC9AC2A4} : NameServer = 92.31.242.20 92.31.241.21
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\rblrndht.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false0 -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-27 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-27 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-27 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-27 21992]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-5-20 54760]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\glmlqh.sys --> c:\windows\system32\drivers\glmlqh.sys [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-16 40776]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\msi\live update 4\lu4\flashsys.sys --> c:\program files\msi\live update 4\lu4\FLASHSYS.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-4-9 30576]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\msi\live update 4\lu4\ntiolib.sys --> c:\program files\msi\live update 4\lu4\NTIOLib.sys [?]
.
=============== Created Last 30 ================
.
2012-04-16 17:15:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-16 16:59:54
d
w- c:\program files\CCleaner
2012-04-16 16:42:01
d
w- c:\documents and settings\user\application data\Boilsoft
2012-04-16 16:41:57
d
w- c:\program files\Boilsoft
2012-04-16 12:46:19
d
w- c:\program files\SoftLogica
2012-04-04 16:08:35
d
w- c:\program files\Hamster Soft
2012-04-01 16:43:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 19:26:29
d
w- c:\documents and settings\user\local settings\application data\WMTools Downloaded Files
2012-03-30 16:41:01
d
w- c:\program files\MSI
2012-03-28 15:57:18 215920 ----a-w- c:\windows\system32\muweb.dll
2012-03-27 17:19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-27 16:48:18 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-27 16:19:41 41184 ----a-w- c:\windows\avastSS.scr
2012-03-27 16:19:05
d
w- c:\program files\AVAST Software
2012-03-27 16:19:05
d
w- c:\documents and settings\all users\application data\AVAST Software
2012-03-27 14:13:34 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-27 14:13:33
d
w- c:\program files\CPUID
2012-03-27 10:04:58 121856 ----a-w- c:\windows\system32\schtasks.exe
2012-03-27 10:04:47
d
w- c:\windows\CleanMem
2012-03-27 10:04:47
d
w- c:\program files\CleanMem
2012-03-22 09:55:16 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-22 09:55:16 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 16:43:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-27 17:19:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-17 16:14:45 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:45:02 61440 ----a-w- c:\windows\system32\CleanMem.exe
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-11 20:49:13 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072
w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:25:12.37 ===============0 -
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
This is the reason Regedit isn't working.How do I add a signature?0 -
Go to virustotal and upload that file to see exactly what it is.
https://www.virustotal.com/
Click Choose file > and then paste this into the box and click open.C:\Documents and Settings\user\Local Settings\temp\java.exe
Then click scan it0 -
Huge problems. The link won't open on any browser, no virus program will open, firewall keeps being turned off, programs won't open full stop, registry can't be edited, task manager can't be opened, safe mode won't load.
I have a bad feeling.0 -
Your fears are well founded - It looks like you do have a virus: virus/win32:sality
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=147094R3 asc3360pr;asc3360pr;\??\c:\windows\system32\driver s\glmlqh.sys --> c:\windows\system32\drivers\glmlqh.sys [?]
http://www.threatexpert.com/report.aspx?md5=03042925fd7e4c6561aa0aad98225f6e
In the case of all file infectors I'd always recommend backing up your personal files & then formatting the drive & reinstalling windows.0 -
Blast!
Thanks.
I can't get a virus scan running and links/programs aren't working anyway.
Going to take me days to back it all up :-/0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards