Active Is this page contain virus?

[Active] Is this page contain virus?

ok, this is what happen, i type "how to defrag in cmd" at google.
Then i click on the 1st search that comes out.
this is the topic that came out in google "HowTo Defragment a Drive From The Command Prompt | Daily Cup of Tech "

I only read few sentences and then i close it, once i close it, within 2 second Explorer keep opening up new explorer... and it spam like 10 explorer within 5 second. I alt-F4 like heck and it still spam... within 10 sec, the shut down and restart button pop up. I click cancel, and the spam keep coming.

What i do is just alt-ctrl-del and look for processes tab. end task iexplorer.exe and everythings back to normal.

And i notice i forgot turn on AVG today.

Open up, scan up, and get trackers and this virus.

Infection - Virus identified Klone.AP - in system32\ckvo0.dll
Infection - Trojan Horse PSW.OnlineGame.2.S - in system restore



So, in this situation, wat i should do more now? restart?
will i get infected after restart?
did AVG handle everything for me?
and guys.... careful of other website >.<

 

info.txt logfile of random's system information tool 1.05 2008-12-19 23:59:15

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems HDA Modem-->agrsmdel
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5--> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe "
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=" "
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.01.19.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp (remove only)--> "C:\Program Files\Winamp\UninstWA.exe "
Windows Driver Package - ENE HIDClass (04/29/2008 2.5.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\enecir_4BA43C76F3A42D69263383E81D20CBD5173E39DF\enecir.inf
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: INTEL-77ADBD7C1
Event Code: 15007
Message: Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

Record Number: 5
Source Name: HTTP
Time Written: 20080311115427.000000+480
Event Type: information
User:

Computer Name: INTEL-77ADBD7C1
Event Code: 3260
Message: This computer has been successfully joined to workgroup 'WORKGROUP'.

Record Number: 4
Source Name: Workstation
Time Written: 20080311115101.000000+480
Event Type: information
User:

Computer Name: INTEL-77ADBD7C1
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to INTEL-77ADBD7C1.

Record Number: 3
Source Name: EventLog
Time Written: 20080311115048.000000+480
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20080311113434.000000+480
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20080311113434.000000+480
Event Type: information
User:

Application event log

Computer Name: INTEL-77ADBD7C1
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20080311115221.000000+480
Event Type: information
User:

Computer Name: INTEL-77ADBD7C1
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20080311115219.000000+480
Event Type: information
User:

Computer Name: INTEL-77ADBD7C1
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20080311115053.000000+480
Event Type: information
User:

Computer Name: INTEL-77ADBD7C1
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20080311115050.000000+480
Event Type: information
User:

Computer Name: INTEL-77ADBD7C1
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20080311115049.000000+480
Event Type: information
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION "=0f0d
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP

-----------------EOF-----------------
[/QUOTE]

 

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Recommend you run the tool on the laptop as well.



Next, please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

OMG, flash drive infection? you wouldn't be kidding me...
are u trying to mean my Pen Drive?
after this incident, i did use the pen drive on my new harddisk yesterday. (My desktop pc)
So, would this mean my pc get infected as well? Should i do a new topic for my pc?

back to the laptop...
About this "flash disinfector ", this program will clean the infection in my pc and pen drive as well?
I understand the steps you provide me, will follow it once i reach home, 10hours from now

 

Yes, your pen drive. Likely it has infected new harddisk as well. Better run the tool on it as well, then post a log from it too.

 

Geez, dam it...
thanks dave. Will get back to here soon.

 

ComboFix 08-12-21.04 - INTEL 2008-12-22 20:06:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1572 [GMT 8:00]
Running from: c:\documents and settings\INTEL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\INTEL\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-20 02:09 . 2008-12-22 20:08 477,216 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-20 02:09 . 2008-12-22 02:05 5,180 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-20 02:08 . 2008-12-20 02:08 <DIR> d-------- c:\program files\ZoneAlarmSB
2008-12-20 02:02 . 2008-12-20 02:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-12-20 02:01 . 2008-12-20 02:01 <DIR> d-------- c:\program files\Zone Labs
2008-12-20 02:00 . 2008-12-22 19:35 352,918 --a------ c:\windows\system32\vsconfig.xml
2008-12-20 01:59 . 2008-12-22 19:34 <DIR> d-------- c:\windows\Internet Logs
2008-12-19 23:58 . 2008-12-19 23:59 <DIR> d-------- C:\rsit
2008-12-19 23:58 . 2008-12-19 23:59 <DIR> d-------- c:\program files\trend micro
2008-12-11 15:07 . 2008-12-11 15:07 <DIR> d-------- C:\Utopia
2008-12-04 00:18 . 2008-12-04 00:18 <DIR> d-------- c:\documents and settings\INTEL\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 07:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 07:01 --------- d-----w c:\program files\SUYIN
2008-11-20 07:01 --------- d-----w c:\program files\ACER Crystal Eye webcam
2008-11-20 07:01 --------- d-----w c:\documents and settings\INTEL\Application Data\InstallShield
2008-11-20 06:46 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 06:46 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-20 06:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-20 06:46 --------- d-----w c:\program files\AVG
2008-11-20 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-18 06:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-18 06:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_enecir_01005.Wdf
2008-11-18 05:57 --------- d-----w c:\program files\WIDCOMM
2008-11-18 05:54 --------- d-----w c:\program files\DIFX
2008-11-18 05:45 315,392 ----a-w c:\windows\HideWin.exe
2008-11-18 05:45 --------- d-----w c:\program files\Realtek
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"StormCodec_Helper "= "c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 97357]
"AzMixerSel "= "c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"RTHDCPL "= "RTHDCPL.EXE" [2008-04-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-20 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-20 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-20 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-20 76040]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-11-18 54784]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-11-18 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-11-18 5632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-18 108032]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-11-18 84240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a547a6bc-b6ce-11dd-8015-001eecd10e4b}]
\Shell\AutoRun\command - 0u.cmd
\Shell\explore\Command - 0u.cmd
\Shell\open\Command - 0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a547a6bd-b6ce-11dd-8015-001eecd10e4b}]
\Shell\AutoRun\command - 0u.cmd
\Shell\explore\Command - 0u.cmd
\Shell\open\Command - 0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c396e3cf-ef1a-11dc-940b-806d6172696f}]
\Shell\AutoRun\command - C:\0u.cmd
\Shell\explore\Command - C:\0u.cmd
\Shell\open\Command - C:\0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea321188-b532-11dd-98fa-806d6172696f}]
\Shell\AutoRun\command - D:\0u.cmd
\Shell\explore\Command - D:\0u.cmd
\Shell\open\Command - D:\0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea32118b-b532-11dd-98fa-a4d8a3c62b78}]
\Shell\AutoRun\command - F:\0u.cmd
\Shell\explore\Command - F:\0u.cmd
\Shell\open\Command - F:\0u.cmd

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 20:08:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-22 20:09:14
ComboFix-quarantined-files.txt 2008-12-22 12:09:11

Pre-Run: 72,739,971,072 bytes free
Post-Run: 73,099,784,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

146


[FONT= "Arial Black"]already[/FONT] run Flash Disinfector.
I would like to ask, after i run this "disinfector ".. is my pen drive clean?
cause i don't want it to spread to other pc or frns.

and here is combofix log.... thanks in advance dave!

 

Autorun has been disabled on the pen drive and the computer, so there should be no more spreading of the infection. Please insert your pen drive and leave it there until ComboFix has completed the following routine.

Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\0u.cmd
D:\0u.cmd
F:\0u.cmd
Suspect::[22]
c:\windows\system32\DRIVERS\jmcr.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a547a6bc-b6ce-11dd-8015-001eecd10e4b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a547a6bd-b6ce-11dd-8015-001eecd10e4b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c396e3cf-ef1a-11dc-940b-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea321188-b532-11dd-98fa-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea32118b-b532-11dd-98fa-a4d8a3c62b78}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.


Please note that I have instructed CFScript to collect a file for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.
Thanks!