Author Topic: Getting error when downloading a file " ____ contained a virus and was deleted" (Read 6693 times)

Steve T · « **on:** July 18, 2013, 05:18:42 AM »

I am new to this site but have SOME computer experience. Ran a HIJack this scan and this is the report.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:39:53 PM, on 7/17/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Windstream\Service Agent\Windstream Service Agent.exe
C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Debbie\AppData\Local\AOL\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Debbie\AppData\Local\join.me\join.me.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Debbie\AppData\Local\join.me\LMISupportM.exe
C:\Users\Debbie\AppData\Local\join.me\LMISupportM.exe
E:\HijackThis.exe
C:\Program Files\Windstream\Service Agent\Windstream Service AgentComHandler.exe
C:\Program Files\Internet Explorer\IELowutil.exe

Steve T · « **Reply #1 on:** July 18, 2013, 05:19:16 AM »

Part 2 of report:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
O4 - HKLM\..\Run: [Windstream Service Agent.exe] "C:\Program Files\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN
O4 - HKLM\..\Run: [DiagnosticTools.exe] "C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
O4 - HKCU\..\Run: [AIM for Windows] "C:\Users\Debbie\AppData\Local\AOL\AIM\aim.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://www.arise.com
O15 - Trusted Zone: http://www.livealifellc.com
O15 - Trusted Zone: email.secureserver.net
O15 - Trusted IP range: http://192.168.249.246
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: HsdService - Windstream - C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Services\IPT\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
O23 - Service: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\NisSrv.exe
O23 - Service: ServicepointService - Radialpoint SafeCare Inc. - C:\Program Files\Windstream\Service Agent\ServicepointService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 10151 bytes

Any help would be greatly appreciated.

Pondus · « **Reply #2 on:** July 18, 2013, 08:11:04 AM »

follow instructions and attach logs....not copy and paste http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

essexboy · « **Reply #3 on:** July 18, 2013, 03:29:29 PM »

Yes I will require OTL as this has the look of the latest zero access that has infected MSES which I assume is no longer working properly

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select All Users
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs

techlike99 · « **Reply #4 on:** July 18, 2013, 09:36:28 PM »

I'm almost 100% sure it's the Sirefef rootkit. It was recently updated with the anti-win defender module which blocks pretty much everything you try to download and displays the message you mentioned.

essexboy · « **Reply #5 on:** July 18, 2013, 11:12:02 PM »

Sirfef and zero access have now blurred the edges and yes I believe this is the one with the reparse points. But, I need the OTL to confirm the affected files

Steve T · « **Reply #6 on:** July 19, 2013, 04:53:05 AM »

Will run the OTL and anything else mentioned and post.

Steve T · « **Reply #7 on:** July 23, 2013, 07:28:35 PM »

Here is the OTL and Extras Log attached. Thank you for your help!!

essexboy · « **Reply #8 on:** July 23, 2013, 08:37:55 PM »

On completion of this run could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/05/02 15:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
IE - HKU\S-1-5-21-2369674280-976363590-788303816-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2369674280-976363590-788303816-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=010712_3&babsrc=SP_ss&mntrId=d228400700000000000000ff70f6df85
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/05/02 15:21:44 | 000,037,909 | ---- | M] ()
O2 - BHO: (Solid Savings) - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings-bho.dll (Innovative Apps)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2013/07/22 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013/07/22 22:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013/07/22 22:13:53 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\Updater26278
[2013/07/22 22:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings
[2013/07/20 13:14:22 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{FFE76128-7849-462E-9C8E-7FD0BA885A31}
[2013/07/19 15:01:05 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{FFDA2EC1-9150-432D-813B-99F7368DA5A9}
[2013/07/19 03:00:36 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{FBD2CB9E-03F9-4B0F-8C2D-AD8FEB478611}
[2013/07/18 12:56:42 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{E33D5CE6-AF01-424A-8B2A-AD67916F571C}
[2013/07/17 18:03:43 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{8F35B59C-ECB6-4BDF-B925-3EE557507672}
[2013/07/17 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\join.me
[2013/07/17 06:03:19 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{CCB63021-8FBA-4D3B-8194-97777CC705FD}
[2013/07/13 09:53:52 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{0562AFF9-8107-4909-AFDE-E4291BDD9F97}
[2013/07/12 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{F58C7604-5AFC-4182-95BF-3D139D22C68B}
[2013/07/10 22:26:02 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{9DA31AFF-E17B-4503-A1DD-1A1B12CEC050}
[2013/07/10 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{1C1D1B56-58E3-4497-A759-0D4D374BDADB}
[2013/07/09 22:18:35 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{B7E4F39B-ACC4-4ADC-B291-63E12AA2BC1C}
[2013/07/09 10:18:23 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{A4E98577-BC64-461E-90A2-4A1788EDD278}
[2013/07/08 22:18:08 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{8A9CD509-A415-4B44-8FA4-CE4EF0EA130B}
[2013/07/08 09:34:54 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{F00EBCDE-6890-467D-8B64-BAD3477A41A9}
[2013/07/07 06:38:07 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{F28932A4-FDF3-411A-92FB-F97AAAF7BEB5}
[2013/07/06 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{BC2C5608-EC44-4A02-87EB-D0F84165571A}
[2013/07/02 13:08:14 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{DCB13FB4-B3BA-453B-A493-A1853FEF6738}
[2013/07/01 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{BB1FE11B-B48F-4C15-BEB7-4E05FC24D9D9}
[2013/06/29 16:31:40 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{18239A4B-5BE0-4358-8E63-6D8CA8E4D5A1}
[2013/06/28 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{2F7E9FE8-F41D-4F7E-91A9-EF3F12B80E48}
[2013/06/27 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{350ACD1A-B537-4285-BDFE-EC84E3B13E7F}
[2013/06/26 14:35:55 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{B3C2DB2A-37B4-4774-A7ED-7A891A753E94}
[2013/06/25 11:09:10 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{C2D38AFF-FB76-48DC-957C-649690B653CA}
[2013/06/24 15:45:31 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{96ABCAED-21AD-4E28-9B08-D1D616D583EC}
[2013/06/23 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{DC020B22-575B-4701-B38E-565E62EFADC5}
[2013/06/23 10:31:39 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{9A6F4B5C-433C-48A6-9F6D-45EB0217AD6D}
[2013/06/22 22:31:27 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\{732AC745-3A82-4A6D-9084-58934FB0CA42}
[2013/07/17 17:48:46 | 000,001,072 | ---- | C] () -- C:\Users\Debbie\Desktop\join.me.lnk
[2013/07/17 17:48:46 | 000,001,072 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

:Files
C:\$Recycle.Bin\S-1-5-18\$ae535130115b4398041d59ee06f652d6

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.[/b]

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Author Topic: Getting error when downloading a file " ____ contained a virus and was deleted" (Read 6693 times)

Steve T

Getting error when downloading a file " ____ contained a virus and was deleted"

Steve T

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

Pondus

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

essexboy

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

techlike99

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

essexboy

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

Steve T

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

Steve T

Re: Getting error when downloading a file " ____ contained a virus and was deleted"

essexboy

Re: Getting error when downloading a file " ____ contained a virus and was deleted"