Avast WEBforum
Other => Viruses and worms => Topic started by: yaz on October 22, 2004, 04:12:42 AM
-
I have found a virus in my windows/32 files and it can't be
cleaned. It wasn't detected by Avast, I found it with
trendMicro. Can someone tell me how I might get rid of it.
It won't let me clean it or anything cuz it is inside a file
responsible for my online activity. Is this a spyware virus?
I hope some one can help. Please let me know if you have
any advice. Thanks so much. yaz
-
More details:
I have something called ' BKDR AGENT.CZ' does anyone
here have info on it? It is hiding in my
windows/system32/smss.exe file. can anyone help me
figure out how to delete it or remove it? It will not let me
when I tried to cuz it says I'm using that to operate the
pc. It is part of my registery. I think it smells of spyware.
Desperate for help. yaz
-
Hm, looks like its file infector. File location is correct so it cannot be a trojan/worm. I hope you made VRDB database before this incident so you can use Repair function. But it might be impossible to repair because its resident process.
I have english Windows XP with SP2. If you want i can send you clean smss.exe file.
-
TY TY TY for answering my post!!
Can you tell me what SP2 is? And how might I do that?
Can I rename the existing file before replacing it with
the correct one that you're offering? I have additional
info I was going to add here. In the next post I will.
I'm very distressed .. if you think that might work, I can
try that. I'm using the WINXP with IE 6. and it is English.
Yaz
-
These are not complete HJT logs. Please post the entire log here and make sure you are using the latest version of HJT (1.98.2)
-
Diddo on that cry for help!!! I also have contracted 5 viruses that avast missed and Trend picked up on them. 32Trojano, 32troj - gen, 32troj-vc, 32troj -other, 32Adware. Spybot has them locked in. have tried just about everything for over 3 days now! ???help
-
' BKDR AGENT.CZ' ... windows/system32/smss.exe
Why not slow down a bit.. ? ;) ;)
Other AV's Do produce false alarms..
I can't find "Bkdr_agent.cz" on Trend's site &
google only reports it in a Controlled pattern release (i.e. a BETA-release)
- why not test the file online with KAV, RAV, JOTTI & VirusTotal ?
(for links: see "VirusRemoval" below in my sig)
- also rightclick c:\windows\system32\smss.exe and look at its properties -> report here info, Version-number, size and date etc..
- and go start -> run, then enter:
SFC /scannow
if the file was changed/infected you should get an alert there
;)
P.S.: The update VPTNfile.212 from Housecall definitely doesn't contain
BKDR_Agent.CZ
How about an Update & rescan ? ;)
-
32Trojano, 32troj - gen, 32troj-vc, 32troj -other, 32Adware.
Hi lalabugu,
please open a new topic of your own here:
http://forum.avast.com/index.php?board=4
and then be more exact & give more details,
e.g.
- Windows-Version, avast/VPS-version
- EXACT/complete Trojan-Names & their locations -> the link "VirusRemoval" below in my sig should give your some ideas..
the above sound like garbled avast detections:
maybe you didn't enable archive scanning in avast, and avast's residentShield intercepted when TrendMicro/Housecall tried to open infected (but not immediately harmful) archives ?
Also please read the USER's FAQ in the Off-Topic forum
;)
-
Eddy, I did cut and paste all there was but had to
break it into 2 seperate posts there was too much
the system had said to shorten my messages.
Sorry. I guess it isn't as easy to see that way. I can
try again though if you think I should. thankz,
yaz
-
If you have webspace you can put the log there and only place a link to it here. You can also send it to me hjtbeta@yahoo.com and I can post it online for you if you wish.
-
Whocares, thanks for all the advice and info. I will
follow it once I check with trend micro again. I did
that twice and it gave me the CZ extention virus
name and I too got nothing on searches regarding
that. I tried rav but couldn't get my pc to get the
activeX to accept I did scan one a cpl other free
online scanners and that very file came up with
nothnig. One was Kapeskery or saomethnig like
that. I have the info on my file here it is:
File name Smss.exe
location: C drive windows/system32/
Version: 5.1.2600.0
What it is: Windows NT session mgr
Size: 45.568 bytes
size on disc 49,153 bytes
modified Aug 18,2001
' BKDR AGENT.CZ' ... windows/system32/smss.exe
Why not slow down a bit.. ? ;) ;)
Other AV's Do produce false alarms..
I can't find "Bkdr_agent.cz" on Trend's site &
google only reports it in a Controlled pattern release (i.e. a BETA-release)
- why not test the file online with KAV, RAV, JOTTI & VirusTotal ?
(for links: see "VirusRemoval" below in my sig)
- also rightclick c:\windows\system32\smss.exe and look at its properties -> report here info, Version-number, size and date etc..
- and go start -> run, then enter:
SFC /scannow
if the file was changed/infected you should get an alert there
;)
P.S.: The update VPTNfile.212 from Housecall definitely doesn't contain
BKDR_Agent.CZ
How about an Update & rescan ? ;)
-
smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager SubSystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated.
Looks like we have a false positive here by Trend. Submit the file to Jotti and tell us the results please.
-
Everything is goning bad today ..
I have just also had 3 seperate ??? trojan horses
hit me. They are going into C:/temp/INSTAL~1.EXE
VPS version 0443-3 10/22/04
Everytime I try to delete it, since it is in the temp folder
I try to delete it but it tells me there is no such location
once I hit the delete button with the avast ... arggg. Am
i better off with a new pc.
Getting frustrated. Okay so I'm trying to get my new
hp together so I can show Eddy my log but my paid
webhost is having server errors, not sure if it is them
or me so I'm opening a new account elsewhere ..
yaz
-
Eddy, if it is a false/positive then why all the trojan
attempts. i also had other ones on Sunday night.
This all began then on a wallpaper site
(I know better- I know I should not have been
looking at sites like free places etc) but it also
happened at google- I think.
yaz
smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager SubSystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated.
Looks like we have a false positive here by Trend. Submit the file to Jotti and tell us the results please.
-
Eddy, I hope it is legible. I don't know how to unclutter
the garble ..
Question: What does Hijacklog reveal? I'm assuming
I should be scanning each of these paths? I'm using
Kasperskys and still not getting any live info.
Everything is reporting back as 'ok'.
If you have webspace you can put the log there and only place a link to it here. You can also send it to me hjtbeta@yahoo.com and I can post it online for you if you wish.
-
HERE (http://hijackthis.de/logfiles/340304f1311f3a272b27cef72001457a.html) is the online analyses of the log. And this is what my analyzer says about it:
--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\web_rebates\webrebates1.exe
\program files\web_rebates\webrebates0.exe
r3 - default urlsearchhook is missing
o2 - bho: clear search - {00000000-0000-0000-0000-000000000240} - c:\program files\clearsearch\ie_clrsch.dll (file missing)
o2 - bho: (no name) - {bdf3e430-b101-42ad-a544-fadc6b084872} - (no file)
o3 - toolbar: (no name) - {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - (no file)
o4 - hklm\..\run: [webrebates0] "c:\program files\web_rebates\webrebates0.exe"
o4 - global startup: microsoft works calendar reminders.lnk = ?
o9 - extra button: messenger - {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o16 - dpf: yahoo! chat - http://cs7.chat.yahoo.com/c381/chat.cab
o16 - dpf: {01020304-0506-0708-090a-0b0c0d0e0f08} - http://messenger.yahoo.com/maintenance/patch.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=48c347740e8f5c90be38175e52b8a764f9088180cf867b07efef0da67587cbcfe07d5eda93b070b3e1f5f4b23f7ec81a88639e10093bff8917f19d0c3b2daa1576:9088c9d39de8432b43b6edf749c9050f o16 - dpf: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - http://ak.imgfarm.com/images/nocache/funwebproducts/smileycentralinitialsetup1.0.0.6.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {40c83af8-fea7-4a6a-a470-431ee84a0886} (secureobjectfactory class) - http://enu.vs.mcafeeasap.com/vs2/bin/mycioagt.cab
o16 - dpf: {49dec3c0-c71a-11d4-ba38-000102621b9b} - http://store.yahoo.net/lib/cursorskins1/mousemagiccs.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {8714912e-380d-11d5-b8aa-00d0b78f3d48} (yahoo! webcam upload wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security.symantec.com/ssc/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {ce28d5d2-60cf-4c7d-9fe8-0f47a3308078} (activedatainfo class) - https://www-secure.symantec.com/techsupp/activedata/symadata.cab
o16 - dpf: {e77c0d62-882a-456f-ad8f-7c6c9569b8c7} (activedataobj class) - https://www-secure.symantec.com/techsupp/activedata/activedata.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (yahoo! companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab
-
Thanks Eddy- I'll get on that now. I do have Norton security and it sometimes
catches the trojans .. is it possibly not detected cuz they disconnected it,
hackers or trojans? I'm confused. I must be infected right?
HERE (http://hijackthis.de/logfiles/340304f1311f3a272b27cef72001457a.html)
is the online analyses of the log. And this is what my analyzer says about it:
--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\web_rebates\webrebates1.exe
\program files\web_rebates\webrebates0.exe
r3 - default urlsearchhook is missing
o2 - bho: clear search - {00000000-0000-0000-0000-000000000240} - c:\program files\clearsearch\ie_clrsch.dll (file missing)
o2 - bho: (no name) - {bdf3e430-b101-42ad-a544-fadc6b084872} - (no file)
o3 - toolbar: (no name) - {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - (no file)
o4 - hklm\..\run: [webrebates0] "c:\program files\web_rebates\webrebates0.exe"
o4 - global startup: microsoft works calendar reminders.lnk = ?
o9 - extra button: messenger - {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o16 - dpf: yahoo! chat - http://cs7.chat.yahoo.com/c381/chat.cab
o16 - dpf: {01020304-0506-0708-090a-0b0c0d0e0f08} - http://messenger.yahoo.com/maintenance/patch.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=48c347740e8f5c90be38175e52b8a764f9088180cf867b07efef0da67587cbcfe07d5eda93b070b3e1f5f4b23f7ec81a88639e10093bff8917f19d0c3b2daa1576:9088c9d39de8432b43b6edf749c9050f o16 - dpf: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - http://ak.imgfarm.com/images/nocache/funwebproducts/smileycentralinitialsetup1.0.0.6.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {40c83af8-fea7-4a6a-a470-431ee84a0886} (secureobjectfactory class) - http://enu.vs.mcafeeasap.com/vs2/bin/mycioagt.cab
o16 - dpf: {49dec3c0-c71a-11d4-ba38-000102621b9b} - http://store.yahoo.net/lib/cursorskins1/mousemagiccs.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {8714912e-380d-11d5-b8aa-00d0b78f3d48} (yahoo! webcam upload wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security.symantec.com/ssc/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {ce28d5d2-60cf-4c7d-9fe8-0f47a3308078} (activedatainfo class) - https://www-secure.symantec.com/techsupp/activedata/symadata.cab
o16 - dpf: {e77c0d62-882a-456f-ad8f-7c6c9569b8c7} (activedataobj class) - https://www-secure.symantec.com/techsupp/activedata/activedata.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (yahoo! companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab
-
>:( webrebates won't delete, it says 'access denied' do any of the tools remove these for me??
HERE (http://hijackthis.de/logfiles/340304f1311f3a272b27cef72001457a.html) is the online analyses of the log. And this is what my analyzer says about it:
--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\web_rebates\webrebates1.exe
\program files\web_rebates\webrebates0.exe
r3 - default urlsearchhook is missing
o2 - bho: clear search - {00000000-0000-0000-0000-000000000240} - c:\program files\clearsearch\ie_clrsch.dll (file missing)
o2 - bho: (no name) - {bdf3e430-b101-42ad-a544-fadc6b084872} - (no file)
o3 - toolbar: (no name) - {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - (no file)
o4 - hklm\..\run: [webrebates0] "c:\program files\web_rebates\webrebates0.exe"
o4 - global startup: microsoft works calendar reminders.lnk = ?
o9 - extra button: messenger - {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
\program files\yahoo!\messenger\yhexbmes0411.dll (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe (file missing)
o16 - dpf: yahoo! chat - http://cs7.chat.yahoo.com/c381/chat.cab
o16 - dpf: {01020304-0506-0708-090a-0b0c0d0e0f08} - http://messenger.yahoo.com/maintenance/patch.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=48c347740e8f5c90be38175e52b8a764f9088180cf867b07efef0da67587cbcfe07d5eda93b070b3e1f5f4b23f7ec81a88639e10093bff8917f19d0c3b2daa1576:9088c9d39de8432b43b6edf749c9050f o16 - dpf: {1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} - http://ak.imgfarm.com/images/nocache/funwebproducts/smileycentralinitialsetup1.0.0.6.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {40c83af8-fea7-4a6a-a470-431ee84a0886} (secureobjectfactory class) - http://enu.vs.mcafeeasap.com/vs2/bin/mycioagt.cab
o16 - dpf: {49dec3c0-c71a-11d4-ba38-000102621b9b} - http://store.yahoo.net/lib/cursorskins1/mousemagiccs.cab
o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {8714912e-380d-11d5-b8aa-00d0b78f3d48} (yahoo! webcam upload wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
o16 - dpf: {a17e30c4-a9ba-11d4-8673-60db54c10000} (yahooymailto class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security.symantec.com/ssc/sharedcontent/common/bin/cabsa.cab
o16 - dpf: {ce28d5d2-60cf-4c7d-9fe8-0f47a3308078} (activedatainfo class) - https://www-secure.symantec.com/techsupp/activedata/symadata.cab
o16 - dpf: {e77c0d62-882a-456f-ad8f-7c6c9569b8c7} (activedataobj class) - https://www-secure.symantec.com/techsupp/activedata/activedata.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (yahoo! companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab
-
Since you don't have the security patches/updates installed, your system will stay very vulnarable to infections. I suggest you visit the page in my signature and follow ALL steps there.
-
I'm not having an easy time by no means. I haven't been able to locate some of those cuz the files really are missing and the cpl I did see won't allow me to delete them. Access denied. I am running MIE6.0 according to what my toolbar say when I click the properties but the old one could be stuck in here. Does this appear to be a true mess? lol
I am going to check into those other tools mentioned now. thanks. yaz
-
Whocares~ Thanks for the help. :) I didn't get anything when
I ran the SFC /scannow. The black creen poped up once and
nothing then left. I hope that is good neews??
Thanks for your help too.
yaz
- and go start -> run, then enter:
SFC /scannow
if the file was changed/infected you should get an alert there
;)
P.S.: The update VPTNfile.212 from Housecall definitely doesn't contain
BKDR_Agent.CZ
How about an Update & rescan ? ;)
-
Almost right, it should be:
start > run > cmd > (on the command prompt) sfc /scannow
-
I haven't finished that command run yet.
The last time I tried, it was successful however it took forever
so it will probablly await behind a few more things I am now
retrying the trend micro and the Bit defender.
I have found my Spybot (Thanks to Biit defender, I now know
it was revealed) was badly infected and the rebates that were
revealed by Hijack Logger .. they before hand wouldn't delete.
I since have removed all of them including the folder/files
relating to them. I did also notice another person with a spybot
complaint. They were attacked the same day as I was
(initially last Sunday) so I plan to look into that more before I
re-download another Spybot. I had it for about 16months though
and it was an updated version.
Also I now have the update 2pack windows security package it
seem to be running okay but was cautioned by an online friend
to first remove the other firewall cuz with the MS one it would
cause problems; so I have done that. I am using I.E 6.0 -
I believe by what I saw that is the most up to date I can
get and now my Lavasoft is coming up with 0 bugs!! Which
is a first!!
I believe I'm up to date on all the Microsoft updates etc.
The original file that was found to be infected 'smss.exe' no
longer is coming up bad with TrendMicro. There is so much to
learn and I wanna let you know I appreciate everything!!
Thanks guys, you guys are terrific!!
yaz
Almost right, it should be:
start > run > cmd > (on the command prompt) sfc /scannow
-
I have a ? Eddy?? I am going to run that command run but
first need to know about how long does it take. I'm asking
in case it stands there for too long, I don't know what to
expect. thankz. BTW ty for all your assitance. My puter
appears to be all good now. The final scanner Scanning
said 'successful. No viral code found.'. ;D I'd kiss you but
I have a real virus, lol can I hug ya!! :D
yaz
Almost right, it should be:
start > run > cmd > (on the command prompt) sfc /scannow