Author Topic: BV:AutoRun-E [Wrm] i don't know how to remove it  (Read 30482 times)

0 Members and 1 Guest are viewing this topic.

sh3r3d3r

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #15 on: November 29, 2008, 09:20:37 PM »
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\Revista\HiDownload\hidownload.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1659EA2F-3024-4B7F-A191-42B83163A7A4}: NameServer = 85.255.112.133;85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{C84EBBDE-3945-45B5-A9F7-A2FAACFFF2A6}: NameServer = 85.255.112.133;85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{1659EA2F-3024-4B7F-A191-42B83163A7A4}: NameServer = 85.255.112.133;85.255.112.196
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Revista\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programas\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Jogos\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Programas\Ficheiros comuns\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe

--
End of file - 18226 bytes


after the restart in safe mode i'll rename the autorun.inf to no-run.inf as you said.

"See if you can find resycled folder", did you men Recyclebin folder?


sorry for the many posts. 1, was not enouth for the hijackthis log.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #16 on: November 29, 2008, 09:23:26 PM »
HI sh3r3d3r  please do the following ; Do you use a router ?
 

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]
:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1659EA2F-3024-4B7F-A191-42B83163A7A4}]
"NameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C84EBBDE-3945-45B5-A9F7-A2FAACFFF2A6}]
"NameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1659EA2F-3024-4B7F-A191-42B83163A7A4}]
"NameServer"=-

:Files
C:\resycled

:Commands
[purity]
[emptytemp]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

THEN

[list=1]
  • NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  • Download FixIEDef.exe by ShadowPuterDude to the Desktop.
    Note: FixIEDef now supports Non-English Language Systems


  • Double-click FixIEDef.exe:



  • That will open the About FixIEDef screen. Click OK to continue:



  • Next, press the Scan! button:



  • FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:



  • Wait for the scan to finish. It shouldn't take very long:




  • WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89431
  • No support PMs thanks
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #17 on: November 29, 2008, 09:28:01 PM »
Hi I just got the same thing and it took me forever to get rid of it. Seems mine also opened porn every 2 minutes >.< Anyways, I ran system restore (Start>>Programs>>Accessories>>System Tools>>System Restore) and restored my computer to a week before. Then I ran the USB Disinfector and all is well =) Hope this helps!

Thanks for the input.

I'm afraid you have more trust in system restore than I have, whilst this worked in your case, it is far from infallible and can have unexpected results. I trust in my drive imaging software to give me an exact image of my HDD at the time of the image over system restore any day.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

InFerNo

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #18 on: November 29, 2008, 09:29:40 PM »
@DavidR:

True, my computer can do the same; however, I am lax in actually MAKING backups regularly like I should.  ::)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #19 on: November 29, 2008, 09:33:52 PM »
I am lax in actually MAKING backups regularly like I should.  ::)
When we will learn...  ::)
I've learned... I think... at least monthly a full backup of all partitions of my HDD  8)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89431
  • No support PMs thanks
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #20 on: November 29, 2008, 09:34:11 PM »
Quote from: sh3r3d3r
after the restart in safe mode i'll rename the autorun.inf to no-run.inf as you said.

"See if you can find resycled folder", did you men Recyclebin folder?

No that is the name of the folder from the autorun.inf file contents, made to look like recycled in the hope you might think it is a legit folder.

Thankfully you now have essexboy on the case with his bigger bag of tricks.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89431
  • No support PMs thanks
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #21 on: November 29, 2008, 09:38:15 PM »
@DavidR:

True, my computer can do the same; however, I am lax in actually MAKING backups regularly like I should.  ::)

I do a weekly image back-up as part of my weekly system maintenance right after my on-demand scans, my data files, bookmarks, address book, emails, etc. anything I don't want to lose, gets at least a daily back-up often two or three times a day.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sh3r3d3r

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #22 on: November 29, 2008, 10:04:37 PM »
Hi essexboy. First, many thanks for trying to help me here.

yes, i use a router.

i do everything you said.

the OTMoveIt3 Log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1659EA2F-3024-4B7F-A191-42B83163A7A4}\\NameServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C84EBBDE-3945-45B5-A9F7-A2FAACFFF2A6}\\NameServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1659EA2F-3024-4B7F-A191-42B83163A7A4}\\NameServer not found.
========== FILES ==========
C:\resycled moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\MessengerCache\XKMUKoXwHwOYiImEt2F4luAcbrQQ= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\etilqs_VzGFDAf9WTxWNyO7bMDT scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\tmp144.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\tmp145.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\~DFA8D6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_694.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
 
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_204110

Files moved on Reboot...
C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\MessengerCache\XKMUKoXwHwOYiImEt2F4luAcbrQQ= moved successfully.
File C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\etilqs_VzGFDAf9WTxWNyO7bMDT not found!
File C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\tmp144.tmp not found!
File C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\tmp145.tmp not found!
C:\DOCUME~1\SIRNUN~1\DEFINI~1\Temp\~DFA8D6.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_694.dat moved successfully.
C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sir Nuno Silva\Definições locais\Application Data\Mozilla\Firefox\Profiles\8ld4scic.default\urlclassifier3.sqlite moved successfully.

The FixEDef log:
*                              Version 1.7.20.6825                             *
*                                                                              *
********************************************************************************

Created at 21:01:45 on Saturday, November 29, 2008

Time Zone            :

Logged On User       : Sir Nuno Silva

Operating System     : Microsoft Windows XP Professional Service Pack 3
OS Version           : 5.1.2600
System Langauge      : Portuguese (Standard)
Keyboard Layout      : Portuguese (Standard)
Processor            : X86               Intel(R) Pentium(R) 4 CPU 3.00GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 50 GB
System Drive Free    : 7.17 GB

Total Physical Memory: 1535 MB
Free Physical Memory : 815 MB
Total Page File      : 1535 MB
Free Page File       : 2686 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1959 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!


sh3r3d3r

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #23 on: November 29, 2008, 10:10:13 PM »
Quote from: sh3r3d3r
after the restart in safe mode i'll rename the autorun.inf to no-run.inf as you said.

"See if you can find resycled folder", did you men Recyclebin folder?

No that is the name of the folder from the autorun.inf file contents, made to look like recycled in the hope you might think it is a legit folder.

Thankfully you now have essexboy on the case with his bigger bag of tricks.

hum, i can't find that folder..

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89431
  • No support PMs thanks
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #24 on: November 29, 2008, 11:37:53 PM »
You won't it was deleted by OTMoveIt3, see extract of your log above:
Quote
========== FILES ==========
C:\resycled moved successfully.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sh3r3d3r

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #25 on: November 29, 2008, 11:43:50 PM »
You won't it was deleted by OTMoveIt3, see extract of your log above:
Quote
========== FILES ==========
C:\resycled moved successfully.

yap, i see it. tha avast shows that i dont have virus. i hope not.

Many, Many thanks for your help David.
All the good for you

BR
Nuno

sh3r3d3r

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #26 on: November 29, 2008, 11:45:22 PM »
essexboy. I think the problem is solved.
MAny thanks for your help. Seriously.
Keep the good work.

BR
Nuno

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89431
  • No support PMs thanks
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #27 on: November 29, 2008, 11:52:28 PM »
<snip>
yap, i see it. tha avast shows that i dont have virus. i hope not.

Many, Many thanks for your help David.
All the good for you

You're welcome.

With all the other tools that you have run and avast I think we can be reasonably confident you are in the clear. Unless essexboy has any other tools he might want you to use.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sh3r3d3r

  • Guest
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #28 on: November 30, 2008, 12:00:22 AM »
i think my computer is clear now.  :)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: BV:AutoRun-E [Wrm] i don't know how to remove it
« Reply #29 on: November 30, 2008, 12:01:54 AM »
Could you post one more Hijackthis log to ensure that the wareout has gone and is not resident in you router