|
Answer» Sir, I noticed, since today, the light on my 4gb usb flash drive keeps flashing all the time. It used to be steady when idle and blink when data is being read/write. Checked the contents (I unchecked the hide system file/folder). there are two hidden files:
1. [Autorun]
open=MicrosoftPowerPoint.exe
shellexecute=MicrosoftPowerPoint.exe
shell\Auto\command=MicrosoftPowerPoint.exe
2. MicrosoftPowerPoint.exe, its icon is just like a normal folder.
I deleted these two files and they reappear almost immediatly. Even format this usb flash drive, the the two files appeared again.
My OS is win2k ( sp4), P4 2.8ghz processor, 512mb ram, 2hdd 40gb each, adsl net connection etc.
Find here the HJT log: Please help me to get rid of this irritant:
Logfile of HijackThis v1.99.1
Scan saved at 04:27:57 PM, on 24-Jul-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\BlueTooth Dongle\BTNtService.exe
F:\WINNT\System32\svchost.exe
D:\FreePOPs\freepopsservice.exe
d:\FreePOPs\freepopsd.exe
F:\WINNT\system32\HDDSvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Huawei\MT882\dslagent.exe
F:\WINNT\SOUNDMAN.EXE
F:\WINNT\system32\VTTimer.exe
F:\WINNT\tsnpstd3.exe
F:\WINNT\vsnpstd3.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\ZoneAlarm\zlclient.exe
F:\WINNT\system32\sm56hlpr.exe
F:\Program Files\Picasa2\PicasaMediaDetector.exe
F:\WINNT\system32\stisvc.exe
D:\TICK\TICK.EXE
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tsnpstd3] F:\WINNT\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] F:\WINNT\vsnpstd3.exe
O4 - HKLM\..\Run: [QUICKTIME Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: TICK.lnk = D:\TICK\TICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156782613859
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF66C34-0103-465C-8721-972DFFA572EF}: NameServer = 218.248.240.79 218.248.240.135
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil HID Service - Unknown owner - D:\BlueTooth Dongle\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: FreePOPs - Unknown owner - D:\FreePOPs\freepopsservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - F:\WINNT\system32\HDDSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe
Thanks, jawanda56The only malicious entry I see is this...
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
You should fix it with HijackThis and then enable hidden files and folders. Look for F:\WINDOWS\system32\winepi32.dll, and if it exists, delete it in Safe Mode.
The main concern here is the file in your flashdrive, which wouldn't show up in a HijackThis log. Unless it has infected your machine, but I see no evidence of that as of yet. First, it would help to know the brand and model of your flashdrive. Some drives come pre-installed with software. Of course, some drives, as you know, come pre-installed with infections. This isn't one of those Sony drives from China, is it?
Are you experiencing any actual problems with your computer? If this actually is an infection, I would suspect the USBWorm, which typically disables Orkut, Youtube, and Firefox. See below for some info...
http://sarathlakshman.info/?p=94
Download Flash Disinfector and run it in Safe Mode with your flash drive connected.
Let me know if this helps at all. You could also try scanning the file at VirusTotal and posting the results here.Thnx, Chris:
I've fixed the entry
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
I looked around on the net about the worm and identified it as 'w32 ahk heap'.
There are two entries in running processes of HJT log:
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe
Yes, this is those Chinse Sony flash drive and this infection in not one of the pre-installed one because, I've formated the drive many times. My flash drive was connected to another computer today and that's where in got infected.
Scanned the file with Virus Total, results below:
File MicrosoftPowerPoint.exe received on 07.24.2007 15:49:22 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.7.25.0 2007.07.24 no virus FOUND
AntiVir 7.4.0.44 2007.07.24 DR/Agent.aoe.1
Authentium 4.93.8 2007.07.23 no virus found
Avast 4.7.997.0 2007.07.24 Win32:Agent-HYM
AVG 7.5.0.476 2007.07.23 Worm/Small.2.F
BitDefender 7.2 2007.07.24 Trojan.Agent.AACH
CAT-QuickHeal 9.00 2007.07.24 no virus found
ClamAV devel-20070416 2007.07.24 Trojan.Mozban
DrWeb 4.33 2007.07.24 no virus found
eSafe 7.0.15.0 2007.07.23 Win32.Trojan
eTrust-Vet 31.1.5003 2007.07.24 Win32/AHKHeap.A
Ewido 4.0 2007.07.24 no virus found
FileAdvisor 1 2007.07.24 no virus found
Fortinet 2.91.0.0 2007.07.24 Misc/AutoHotKey
F-Prot 4.3.2.48 2007.07.23 no virus found
F-Secure 6.70.13030.0 2007.07.24 Trojan.Win32.Agent.aoe
Ikarus T3.1.1.8 2007.07.24 Trojan.Win32.Agent.aoe
Kaspersky 4.0.2.24 2007.07.24 Trojan.Win32.Agent.aoe
McAfee 5080 2007.07.23 W32/AHKHeap
Microsoft 1.2704 2007.07.24 no virus found
NOD32v2 2416 2007.07.24 Win32/AHKHeap.A
Norman 5.80.02 2007.07.24 Smalltroj.BHFI
Panda 9.0.0.4 2007.07.23 W32/AHKHeap.A.worm
Sophos 4.19.0 2007.07.17 W32/AHKHeap-A
Sunbelt 2.2.907.0 2007.07.24 no virus found
Symantec 10 2007.07.24 Trojan.Dropper
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 Worm.Win32.AHKHeap.A
VirusBuster 4.3.26:9 2007.07.24 no virus found
Webwasher-Gateway 6.0.1 2007.07.24 Trojan.Agent.aoe.1
Additional information
File size: 462050 bytes
MD5: 4f30003916cc70fca3ce6ec3f0ff1429
SHA1: 7a12afdc041a03da58971a0f7637252ace83435 3
packers: UPX
packers: RAR
Please guide me to remove completely this worm 'w32 ahk heap'.
Quote See below for some info...
http://sarathlakshman.info/?p=94
Got the worm remover from this site and ran it. I think, it has removed the infection. I can see the usb flash drives light is not blinking un-nessaccirily. Removed these two unwanted files from the drive:
1. autoexec
2. MicrosoftPowerPoint.exe
Now these files are not returning back.
Please let me know if anything else to be done.
Here is the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 07:53:52 PM, on 24-Jul-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\BlueTooth Dongle\BTNtService.exe
F:\WINNT\System32\svchost.exe
D:\FreePOPs\freepopsservice.exe
d:\FreePOPs\freepopsd.exe
F:\WINNT\system32\HDDSvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Huawei\MT882\dslagent.exe
F:\WINNT\SOUNDMAN.EXE
F:\WINNT\system32\VTTimer.exe
F:\WINNT\tsnpstd3.exe
F:\WINNT\vsnpstd3.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\ZoneAlarm\zlclient.exe
F:\WINNT\system32\sm56hlpr.exe
F:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\TICK\TICK.EXE
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
F:\WINNT\system32\stisvc.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tsnpstd3] F:\WINNT\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] F:\WINNT\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: TICK.lnk = D:\TICK\TICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156782613859
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF66C34-0103-465C-8721-972DFFA572EF}: NameServer = 218.248.240.79 218.248.240.135
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\BlueTooth Dongle\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: FreePOPs - Unknown owner - D:\FreePOPs\freepopsservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - F:\WINNT\system32\HDDSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe
jawanda56Looks like it was in FACT the worm. I'm glad we managed to catch it.
Just to be on the safe side, you should update your AVG and scan with it in Safe Mode. If it comes up clean, you should be set. I'm not seeing anything malicious in your HijackThis file.Quoteupdate your AVG and scan with it in Safe Mode
My AVG free is always updated. Scanned the PC in safe mode and have removed about more 14 threats.
Thanks and bood bye... until next time.
jawanda56No problem, come back anytime.
You need to be careful when connecting your flashdrive to another computer. These types of infections SEEM to be running wild over in your neck of the woods. I would suggest contacting the person who infected your drive and suggest that they try same removal tool that fixed your problem.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.
If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
|
