Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on December 02, 2015, 11:55:07 PM

Title: weekendwarrior55.com infection
Post by: REDACTED on December 02, 2015, 11:55:07 PM

Hello Avast support team,

my computer is infected with weekendwarriior55.com . Most of my files are encrypted. I have backed some them up, but some are not. I am sending you the required logs. Could you help me to decrypt some of the files?

Thanks

Title: Re: weekendwarrior55.com infection
Post by: essexboy on December 03, 2015, 03:34:43 PM

I will quarantine the encrypted files on the desktop as they may not be able to be decrypted

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

Quote

CreateRestorePoint:
HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [MarineAquarium3Free_57 Browser Plugin Loader 64] => C:\Program Files (x86)\MarineAquarium3Free_57\bar\1.bin\57brmon64.exe
HKU\S-1-5-21-3138439853-4066643949-2391822931-1001\...\RunOnce: [avg_spchecker] => "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start
Startup: C:\Users\Krasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\50DD.tmp [2015-12-02] ()
Startup: C:\Users\Krasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lock.bmp [2015-12-02] ()
URLSearchHook: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_uid=7248141837164400&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_uid=7248141837164400&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_uid=7248141837164400&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_uid=7248141837164400&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm093YYbg&ptnrS=HJxdm093YYbg&ptb=B2A28D10-76D2-459B-92B0-5876A8023EBC&ind=2012083117&n=77edf3ad&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_uid=7248141837164400&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> {0D8D614C-426F-4A68-8ECB-C00533FB4A87} URL = hxxp://search.avg.com/route/?d=4b04e791&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={CF8CEED0-3565-4B80-B20D-904CC7F2C215}&mid=18bde8007e76d967ed15a663be2a50a7-74936fda5f6d3065fd35d1b3139f5045328212ec&lang=en&ds=AVG&pr=fr&d=2013-01-02 21:42:33&v=13.2.0.4&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_uid=7248141837164400&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm093YYbg&ptnrS=HJxdm093YYbg&ptb=B2A28D10-76D2-459B-92B0-5876A8023EBC&ind=2012083117&n=77edf3ad&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> {E844E945-FBB1-46D7-8B64-645C9024B5E1} URL = hxxp://search.pomagalo.com?keywords={searchTerms}&source=ie
BHO-x32: BS Player Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Program Files (x86)\BS_Player\prxtbBS_2.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} -  No File
Toolbar: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> No Name - {C17590D2-ECB4-4B15-8820-F58798DCC118} -  No File
Toolbar: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3138439853-4066643949-2391822931-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=1.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF user.js: detected! => C:\Users\Krasi\AppData\Roaming\Mozilla\Firefox\Profiles\sxv1iud7.default\user.js [2012-08-09]
CHR Plugin: (AVG Internet Security) - C:\Users\Krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll => No File
2015-12-02 15:50 - 2015-12-02 15:50 - 00401830 _____ C:\Users\Krasi\AppData\Roaming\lock.bmp
2015-11-25 17:11 - 2015-12-02 14:57 - 01660362 _____ C:\Users\Krasi\Desktop\estestveni-idei-Nosene-na-bebeto-zashto-kak.pdf.id-1313301745_av666@weekendwarrior55.com
2015-11-25 17:11 - 2015-12-02 14:57 - 01140287 _____ C:\Users\Krasi\Desktop\estestveni-idei-MnogokratniPeleni-zashto-kak.pdf.id-1313301745_av666@weekendwarrior55.com
2015-11-25 10:16 - 2015-12-02 14:57 - 00475276 _____ C:\Users\Krasi\Desktop\Tax_Relief_for_parents.zip.id-1313301745_av666@weekendwarrior55.com
2015-11-24 22:38 - 2015-12-02 14:57 - 00939748 _____ C:\Users\Krasi\Desktop\IMG_5086.JPG.id-1313301745_av666@weekendwarrior55.com
2015-11-24 22:38 - 2015-12-02 14:57 - 00934274 _____ C:\Users\Krasi\Desktop\IMG_5087.JPG.id-1313301745_av666@weekendwarrior55.com
2015-11-24 22:38 - 2015-12-02 14:57 - 00791069 _____ C:\Users\Krasi\Desktop\IMG_5085.JPG.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:59 - 2013-09-18 22:30 - 02063033 _____ C:\Users\???????\Downloads\Addison Wesley - Refactoring - Improving the Design of Existing Code.pdf.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:59 - 2011-12-01 00:41 - 00000232 ____H C:\Users\Krasi\Documents\~$равей господине.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2015-10-19 10:35 - 00000232 ____H C:\Users\Krasi\Desktop\~$uchilishta za roditeli.xlsx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2015-10-19 10:34 - 00016378 _____ C:\Users\Krasi\Desktop\разходи.xlsx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2015-10-19 10:34 - 00000232 ____H C:\Users\Krasi\Desktop\~$хранителен режим Краси.xlsx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2015-10-19 10:34 - 00000232 ____H C:\Users\Krasi\Desktop\~$разходи.xlsx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2015-01-11 16:36 - 00000232 ____H C:\Users\Krasi\Desktop\~$sni_DVD_Penchevi.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2014-10-04 13:27 - 00000232 ____H C:\Users\Krasi\Desktop\~$ъжностна характеристика финансов мениджър.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2014-03-31 22:32 - 00000232 ____H C:\Users\Krasi\Desktop\~$_d i k.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2014-01-22 10:26 - 00000232 ____H C:\Users\Krasi\Desktop\~$нни за апартамент Гео Милев.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2014-01-08 19:55 - 00000232 ____H C:\Users\Krasi\Desktop\~$_008_01.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2012-09-25 22:42 - 00000232 ____H C:\Users\Krasi\Desktop\~$ихотворение за Пламката.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2012-09-25 22:02 - 00000232 ____H C:\Users\Krasi\Desktop\~$К СЕ ПРАВИ БИЗНЕС.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2012-09-23 11:06 - 00000232 ____H C:\Users\Krasi\Desktop\~$st E-trade M1.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2011-11-12 01:29 - 00000232 ____H C:\Users\Krasi\Desktop\~$ture Homes.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2011-10-16 23:10 - 00000232 ____H C:\Users\Krasi\Desktop\~$к да си приготвим идеалните гофрети.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:58 - 2011-07-03 00:18 - 00000232 ____H C:\Users\Krasi\Desktop\~$tski pesni.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2013-05-07 08:01 - 00000000 ____D C:\Users\Krasi\AppData\Roaming\TeamViewer
2015-12-02 14:57 - 2012-02-07 20:50 - 00000232 ____H C:\Users\Krasi\Desktop\~$ni_Stoykova_CV_English.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2012-01-29 16:04 - 00000232 ____H C:\Users\Krasi\Desktop\~$ortat e zdrave.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2012-01-15 14:30 - 00000232 ____H C:\Users\Krasi\Desktop\~$smo do Jane.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2012-01-07 18:25 - 00000232 ____H C:\Users\Krasi\Desktop\~$arieta.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-12-18 11:26 - 00000232 ____H C:\Users\Krasi\Desktop\~$iting.toni.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-12-10 11:44 - 00000232 ____H C:\Users\Krasi\Desktop\~$kstove na pesni.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-11-13 00:31 - 00000232 ____H C:\Users\Krasi\Desktop\~$PLICATION FORM.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-11-12 01:29 - 00000232 ____H C:\Users\Krasi\Desktop\~$mework_future homes.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-06-26 19:00 - 00000232 ____H C:\Users\Krasi\Desktop\~$ple pie.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-02-22 19:55 - 00000232 ____H C:\Users\Krasi\Desktop\~$govornosti na vatreshniq bankov kontrol.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2010-10-10 12:37 - 00000232 ____H C:\Users\Krasi\Desktop\~$klad za deinostta 2009.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2013-05-07 08:01 - 00000000 ____D C:\Users\Krasi\AppData\Roaming\TeamViewer
2015-12-02 14:57 - 2012-02-07 20:50 - 00000232 ____H C:\Users\Krasi\Desktop\~$ni_Stoykova_CV_English.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2012-01-29 16:04 - 00000232 ____H C:\Users\Krasi\Desktop\~$ortat e zdrave.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2012-01-15 14:30 - 00000232 ____H C:\Users\Krasi\Desktop\~$smo do Jane.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2012-01-07 18:25 - 00000232 ____H C:\Users\Krasi\Desktop\~$arieta.doc.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-12-18 11:26 - 00000232 ____H C:\Users\Krasi\Desktop\~$iting.toni.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-12-10 11:44 - 00000232 ____H C:\Users\Krasi\Desktop\~$kstove na pesni.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-11-13 00:31 - 00000232 ____H C:\Users\Krasi\Desktop\~$PLICATION FORM.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-11-12 01:29 - 00000232 ____H C:\Users\Krasi\Desktop\~$mework_future homes.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-06-26 19:00 - 00000232 ____H C:\Users\Krasi\Desktop\~$ple pie.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2011-02-22 19:55 - 00000232 ____H C:\Users\Krasi\Desktop\~$govornosti na vatreshniq bankov kontrol.docx.id-1313301745_av666@weekendwarrior55.com
2015-12-02 14:57 - 2010-10-10 12:37 - 00000232 ____H C:\Users\Krasi\Desktop\~$klad za deinostta 2009.doc.id-1313301745_av666@weekendwarrior55.com
Task: {4B593FAD-70F9-43A4-B30E-8A9C5EC3CDCC} - System32\Tasks\iMeshNAG => C:\Users\Krasi\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\iMeshNAG.job => C:\Users\Krasi\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

NEXT

(https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png) Scan with IDTool
 
Please download IDTool (http://www.bleepstatic.com/fhost/uploads/3/idtool.zip) by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

• Enter the IDTool directory, right-click on (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  
• IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree
• Wait patiently until the tool will collect necessary data
• Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  
• When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  
• Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience

Please include that contents in your next reply.

FINALLY

(http://i.imgur.com/y3MMIrs.png) Previous Versions

• Right-click the file/folder and click Properties.
  
• Click Previous Versions.
  
• This tab will list all copies of the file and the date they were backed up.
• To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
  
• If you wish to restore the selected file and replace the existing one, click Restore
  
• If you wish to view the contents of the file before restoring, click Open.
   
  

(http://i.imgur.com/MzmiIl9.gif) ShadowExplorer

• Please download ShadowExplorer]http://www.shadowexplorer.com/uploads/ShadowExplorer-0.9-portable.zip]ShadowExplorer (http://www.shadowexplorer.com/uploads/ShadowExplorer-0.9-portable.zip) and save the file to your Desktop
  
• Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
  
• Right-Click ShadowExplorer.exe and select (http://i.imgur.com/AVOiBNU.jpg) Run as administrator to run the programme.
  
• You will see a drop-down menu with the shadow copies of all partitions and disks present.
• Click C:\ from the drop-down menu.
  
• To the right, pick a date prior to the infection from the drop-down menu.
  
• To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
  

(http://i.imgur.com/J8xQM97.png) File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

• (http://i.imgur.com/fSA1TL4.png) R-Studio (http://www.r-studio.com/)
  
• (http://i.imgur.com/C08PZmH.png) Photorec (http://www.cgsecurity.org/wiki/PhotoRec)
  
• (http://i.imgur.com/uc6sByo.png) (http://www.piriform.com/recuva/builds) Recuva (http://www.piriform.com/recuva/builds)
  

Title: Re: weekendwarrior55.com infection
Post by: REDACTED on December 03, 2015, 04:20:13 PM

Thanks a lot for the detailed information. Will do the required steps. Hope it will work.