Solve : Help! Can't get rid of virus...?

1.	Solve : Help! Can't get rid of virus...?
Answer» Hi, for some time now I have had a virus called "W32/Downloader.AOKZ" that has infected a file called "ldcore.dll" in system32 of Windows. I am alerted by my virus program but it cannot delete it. I have tried to manually delete it using Windows Explorer but an error message comes up when I try to do so, saying that it is used by another program. I am running a virus program called Freedom. My problem is that I don't want to install another virus program, because last time I installed Norton and I had to reinstall my Windows because something happened. So, how do I get rid of this virus? Is it necassary to install another virus program? Do i uninstall the one I have now?stevengerrard ...... W32/Downloader.AOKZ ....looks like a trojan as opposed to a virus ..... so , If you are using XP ....... turn off your system restore , and then reboot into safe mode and run a full scan with your anti - virus scanner ......... See if it deletes it from there , if it won't post a hijackthis log . Please explain what you mean by [highlight]I tried to remove it manually using Windows exporer .[/highlight] dl65 What I mean is that I open My Computer, then the WINDOWS folder, then system32, and finally I try to delete the infected file by right-clicking and then delete. So, I restart in safe mode and then run my anti-virus program?I would use the Ewido/AVG Online Scan but if you just want to delete the file then Google for Killbox.Fed, I used Killbox to try and delete the file and it STILL wouldn't delete. I also did that online AVG scan from the link you gave me and it didn't delete the trojan. I have no clue as to how to get rid of this thing, does anyone KNOW how to?I feel for uDid the online scan detect the 'virus'? What scanner do you use on this computer? Did you explore ALL the deletion options in KillBox?Quote I feel for u Thank you, that helps. Quote Did the online scan detect the 'virus'? What scanner do you use on this computer? Did you explore ALL the deletion options in KillBox? The online scan detected the infection and supposedly removed it. When I restarted my computer my current virus program [highlight]Freedom[/highlight] (link below) found it again. http://www.freedom.net/viruscenter/onlineviruscheck.html I did explore all options in KillBox and it still wouldn't delete.stevengerrard..... Would you please post a hijackthis log here for us to see ........ Get it at ..... http://www.majorgeeks.com/download3155.html d/L it and then run a scan and save the log file and post it here . dl65 Ok, this is what I came up with... Logfile of HijackThis v1.99.1 Scan saved at 6:23:15 PM, on 1/22/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\DF206D97847745E7983C822C45EE3038\ringjack.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Documents and Settings\*******\Desktop\HijackThis.exe O1 - Hosts: 104.42.43.68 securityresponse.symantec.com O1 - Hosts: 147.196.204.190 symantec.com O1 - Hosts: 6.99.74.0 www.sophos.com O1 - Hosts: 151.132.211.218 sophos.com O1 - Hosts: 131.167.148.110 www.mcafee.com O1 - Hosts: 181.239.186.187 mcafee.com O1 - Hosts: 221.242.203.31 liveupdate.symantecliveupdate.com O1 - Hosts: 207.50.6.202 www.viruslist.com O1 - Hosts: 234.119.36.14 viruslist.com O1 - Hosts: 13.129.37.131 viruslist.com O1 - Hosts: 220.50.134.116 f-secure.com O1 - Hosts: 240.63.147.10 www.f-secure.com O1 - Hosts: 132.139.154.159 kaspersky.com O1 - Hosts: 213.38.81.70 kaspersky-labs.com O1 - Hosts: 232.26.160.89 www.avp.com O1 - Hosts: 165.140.164.31 www.kaspersky.com O1 - Hosts: 51.93.34.104 avp.com O1 - Hosts: 111.172.48.51 www.networkassociates.com O1 - Hosts: 103.151.107.151 networkassociates.com O1 - Hosts: 194.4.88.180 www.ca.com O1 - Hosts: 104.186.219.78 ca.com O1 - Hosts: 102.200.113.70 mast.mcafee.com O1 - Hosts: 86.86.123.61 my-etrust.com O1 - Hosts: 212.96.206.109 www.my-etrust.com O1 - Hosts: 178.159.238.26 download.mcafee.com O1 - Hosts: 139.113.12.26 dispatch.mcafee.com O1 - Hosts: 218.143.48.103 secure.nai.com O1 - Hosts: 177.129.187.50 nai.com O1 - Hosts: 78.253.155.82 www.nai.com O1 - Hosts: 1.165.210.184 update.symantec.com O1 - Hosts: 75.96.202.153 updates.symantec.com O1 - Hosts: 12.187.245.254 us.mcafee.com O1 - Hosts: 178.13.70.9 liveupdate.symantec.com O1 - Hosts: 201.193.7.105 customer.symantec.com O1 - Hosts: 195.148.252.133 rads.mcafee.com O1 - Hosts: 250.168.9.60 trendmicro.com O1 - Hosts: 165.34.16.39 www.trendmicro.com O1 - Hosts: 215.205.95.2 www.grisoft.com O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O3 - TOOLBAR: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: winsock32 (winsock32.exe) - UNKNOWN owner - C:\WINDOWS\winsock32.exe (file missing) I didn't find a great deal of info on Freedom AV at the security sites i frequent other than it uses the F-Prot engine...have you considered some of the other Free choices such as AVG and or Avast ? ? However post a log as dl65 suggested. There's more than one way to skin a baddie...stevengerrard........ ok ....... Here's what I see from your log........ For some reason,you do not have SP2 installed and as far as I can see you dont have SP1 either ....... If this is the case , your machine is extremely vulnerable to nasty attacks. Do you have all the other applicable windows updates installed ? At the time your hijackthis scan was taken, there didn't appear to be any active anti - virus scanner running ......... I thought you had freedom installed or is it only active when you are online ? Your firewall also seems to be non active as well. Now then on to what must be fixed using hijackthis ........ Mark for removal the following: O1 - Hosts: 104.42.43.68 securityresponse.symantec.com O1 - Hosts: 147.196.204.190 symantec.com O1 - Hosts: 6.99.74.0 www.sophos.com O1 - Hosts: 151.132.211.218 sophos.com O1 - Hosts: 131.167.148.110 www.mcafee.com O1 - Hosts: 181.239.186.187 mcafee.com O1 - Hosts: 221.242.203.31 liveupdate.symantecliveupdate.com O1 - Hosts: 207.50.6.202 www.viruslist.com O1 - Hosts: 234.119.36.14 viruslist.com O1 - Hosts: 13.129.37.131 viruslist.com O1 - Hosts: 220.50.134.116 f-secure.com O1 - Hosts: 240.63.147.10 www.f-secure.com O1 - Hosts: 132.139.154.159 kaspersky.com O1 - Hosts: 213.38.81.70 kaspersky-labs.com O1 - Hosts: 232.26.160.89 www.avp.com O1 - Hosts: 165.140.164.31 www.kaspersky.com O1 - Hosts: 51.93.34.104 avp.com O1 - Hosts: 111.172.48.51 www.networkassociates.com O1 - Hosts: 103.151.107.151 networkassociates.com O1 - Hosts: 194.4.88.180 www.ca.com O1 - Hosts: 104.186.219.78 ca.com O1 - Hosts: 102.200.113.70 mast.mcafee.com O1 - Hosts: 86.86.123.61 my-etrust.com O1 - Hosts: 212.96.206.109 www.my-etrust.com O1 - Hosts: 178.159.238.26 download.mcafee.com O1 - Hosts: 139.113.12.26 dispatch.mcafee.com O1 - Hosts: 218.143.48.103 secure.nai.com O1 - Hosts: 177.129.187.50 nai.com O1 - Hosts: 78.253.155.82 www.nai.com O1 - Hosts: 1.165.210.184 update.symantec.com O1 - Hosts: 75.96.202.153 updates.symantec.com O1 - Hosts: 12.187.245.254 us.mcafee.com O1 - Hosts: 178.13.70.9 liveupdate.symantec.com O1 - Hosts: 201.193.7.105 customer.symantec.com O1 - Hosts: 195.148.252.133 rads.mcafee.com O1 - Hosts: 250.168.9.60 trendmicro.com O1 - Hosts: 165.34.16.39 www.trendmicro.com O1 - Hosts: 215.205.95.2 www.grisoft.com O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll [highlight]there it is.[/highlight] put a check mark in the box in front of each of these entries and then click FIX MARKED Now reboot your machine and post a new hijackthis log. dl65

Answer»

Hi, for some time now I have had a virus called "W32/Downloader.AOKZ" that has infected a file called "ldcore.dll" in system32 of Windows. I am alerted by my virus program but it cannot delete it. I have tried to manually delete it using Windows Explorer but an error message comes up when I try to do so, saying that it is used by another program. I am running a virus program called Freedom.

My problem is that I don't want to install another virus program, because last time I installed Norton and I had to reinstall my Windows because something happened. So, how do I get rid of this virus? Is it necassary to install another virus program? Do i uninstall the one I have now?stevengerrard ...... W32/Downloader.AOKZ ....looks like a trojan as opposed to a virus .....

so , If you are using XP ....... turn off your system restore , and then reboot into safe mode and run a full scan with your anti - virus scanner .........
See if it deletes it from there , if it won't post a hijackthis log .
Please explain what you mean by [highlight]I tried to remove it manually using Windows exporer .[/highlight]

dl65 What I mean is that I open My Computer, then the WINDOWS folder, then system32, and finally I try to delete the infected file by right-clicking and then delete.

So, I restart in safe mode and then run my anti-virus program?I would use the Ewido/AVG Online Scan but if you just want to delete the file then Google for Killbox.Fed, I used Killbox to try and delete the file and it STILL wouldn't delete. I also did that online AVG scan from the link you gave me and it didn't delete the trojan.

I have no clue as to how to get rid of this thing, does anyone KNOW how to?I feel for uDid the online scan detect the 'virus'?
What scanner do you use on this computer?
Did you explore ALL the deletion options in KillBox?Quote

I feel for u

Thank you, that helps.

Quote

Did the online scan detect the 'virus'?
What scanner do you use on this computer?
Did you explore ALL the deletion options in KillBox?

The online scan detected the infection and supposedly removed it. When I restarted my computer my current virus program [highlight]Freedom[/highlight] (link below) found it again. http://www.freedom.net/viruscenter/onlineviruscheck.html

I did explore all options in KillBox and it still wouldn't delete.stevengerrard..... Would you please post a hijackthis log here for us to see ........ Get it at ..... http://www.majorgeeks.com/download3155.html d/L it and then run a scan and save the log file and post it here .

dl65 Ok, this is what I came up with...

Logfile of HijackThis v1.99.1
Scan saved at 6:23:15 PM, on 1/22/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\DF206D97847745E7983C822C45EE3038\ringjack.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Documents and Settings\*******\Desktop\HijackThis.exe

O1 - Hosts: 104.42.43.68 securityresponse.symantec.com
O1 - Hosts: 147.196.204.190 symantec.com
O1 - Hosts: 6.99.74.0 www.sophos.com
O1 - Hosts: 151.132.211.218 sophos.com
O1 - Hosts: 131.167.148.110 www.mcafee.com
O1 - Hosts: 181.239.186.187 mcafee.com
O1 - Hosts: 221.242.203.31 liveupdate.symantecliveupdate.com
O1 - Hosts: 207.50.6.202 www.viruslist.com
O1 - Hosts: 234.119.36.14 viruslist.com
O1 - Hosts: 13.129.37.131 viruslist.com
O1 - Hosts: 220.50.134.116 f-secure.com
O1 - Hosts: 240.63.147.10 www.f-secure.com
O1 - Hosts: 132.139.154.159 kaspersky.com
O1 - Hosts: 213.38.81.70 kaspersky-labs.com
O1 - Hosts: 232.26.160.89 www.avp.com
O1 - Hosts: 165.140.164.31 www.kaspersky.com
O1 - Hosts: 51.93.34.104 avp.com
O1 - Hosts: 111.172.48.51 www.networkassociates.com
O1 - Hosts: 103.151.107.151 networkassociates.com
O1 - Hosts: 194.4.88.180 www.ca.com
O1 - Hosts: 104.186.219.78 ca.com
O1 - Hosts: 102.200.113.70 mast.mcafee.com
O1 - Hosts: 86.86.123.61 my-etrust.com
O1 - Hosts: 212.96.206.109 www.my-etrust.com
O1 - Hosts: 178.159.238.26 download.mcafee.com
O1 - Hosts: 139.113.12.26 dispatch.mcafee.com
O1 - Hosts: 218.143.48.103 secure.nai.com
O1 - Hosts: 177.129.187.50 nai.com
O1 - Hosts: 78.253.155.82 www.nai.com
O1 - Hosts: 1.165.210.184 update.symantec.com
O1 - Hosts: 75.96.202.153 updates.symantec.com
O1 - Hosts: 12.187.245.254 us.mcafee.com
O1 - Hosts: 178.13.70.9 liveupdate.symantec.com
O1 - Hosts: 201.193.7.105 customer.symantec.com
O1 - Hosts: 195.148.252.133 rads.mcafee.com
O1 - Hosts: 250.168.9.60 trendmicro.com
O1 - Hosts: 165.34.16.39 www.trendmicro.com
O1 - Hosts: 215.205.95.2 www.grisoft.com
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - TOOLBAR: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: winsock32 (winsock32.exe) - UNKNOWN owner - C:\WINDOWS\winsock32.exe (file missing)

I didn't find a great deal of info on Freedom AV at the security sites i frequent other than it uses the F-Prot engine...have you considered some of the other Free choices such as AVG and or Avast ? ?

However post a log as dl65 suggested. There's more than one way to skin a baddie...stevengerrard........ ok .......
Here's what I see from your log........
For some reason,you do not have SP2 installed and as far as I can see you dont have SP1 either ....... If this is the case , your machine is extremely vulnerable to nasty attacks.
Do you have all the other applicable windows updates installed ?
At the time your hijackthis scan was taken, there didn't appear to be any active anti - virus scanner running ......... I thought you had freedom installed or is it only active when you are online ?
Your firewall also seems to be non active as well.

Now then on to what must be fixed using hijackthis ........

Mark for removal the following:
O1 - Hosts: 104.42.43.68 securityresponse.symantec.com

O1 - Hosts: 147.196.204.190 symantec.com

O1 - Hosts: 6.99.74.0 www.sophos.com

O1 - Hosts: 151.132.211.218 sophos.com

O1 - Hosts: 131.167.148.110 www.mcafee.com

O1 - Hosts: 181.239.186.187 mcafee.com

O1 - Hosts: 221.242.203.31 liveupdate.symantecliveupdate.com

O1 - Hosts: 207.50.6.202 www.viruslist.com

O1 - Hosts: 234.119.36.14 viruslist.com

O1 - Hosts: 13.129.37.131 viruslist.com

O1 - Hosts: 220.50.134.116 f-secure.com

O1 - Hosts: 240.63.147.10 www.f-secure.com

O1 - Hosts: 132.139.154.159 kaspersky.com

O1 - Hosts: 213.38.81.70 kaspersky-labs.com

O1 - Hosts: 232.26.160.89 www.avp.com

O1 - Hosts: 165.140.164.31 www.kaspersky.com

O1 - Hosts: 51.93.34.104 avp.com

O1 - Hosts: 111.172.48.51 www.networkassociates.com

O1 - Hosts: 103.151.107.151 networkassociates.com

O1 - Hosts: 194.4.88.180 www.ca.com

O1 - Hosts: 104.186.219.78 ca.com

O1 - Hosts: 102.200.113.70 mast.mcafee.com

O1 - Hosts: 86.86.123.61 my-etrust.com

O1 - Hosts: 212.96.206.109 www.my-etrust.com

O1 - Hosts: 178.159.238.26 download.mcafee.com

O1 - Hosts: 139.113.12.26 dispatch.mcafee.com

O1 - Hosts: 218.143.48.103 secure.nai.com

O1 - Hosts: 177.129.187.50 nai.com

O1 - Hosts: 78.253.155.82 www.nai.com

O1 - Hosts: 1.165.210.184 update.symantec.com

O1 - Hosts: 75.96.202.153 updates.symantec.com

O1 - Hosts: 12.187.245.254 us.mcafee.com

O1 - Hosts: 178.13.70.9 liveupdate.symantec.com

O1 - Hosts: 201.193.7.105 customer.symantec.com

O1 - Hosts: 195.148.252.133 rads.mcafee.com

O1 - Hosts: 250.168.9.60 trendmicro.com

O1 - Hosts: 165.34.16.39 www.trendmicro.com

O1 - Hosts: 215.205.95.2 www.grisoft.com

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll [highlight]there it is.[/highlight]

put a check mark in the box in front of each of these entries and then click FIX MARKED

Now reboot your machine and post a new hijackthis log.

dl65

Solve : Help! Can't get rid of virus...?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment