yet another securityuptodate, about:blank hijack

bronskater · 2006/06/10

hello, my computer has been affected, and i have downloaded and ran the smitfraudfix already, here is the report, any help would be appreciated!

SmitFraudFix v2.56

Scan done at 0:25:36.21, Sat 06/10/2006
Run from C:\Documents and Settings\Chris R\Desktop\SmitFraudFix1\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris R\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRISR~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1} "= "glochid "

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@= "C:\WINDOWS\system32\wfkduei.dll "

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@= "C:\WINDOWS\system32\wfkduei.dll "

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

PeteC · 2006/06/10

bronskater - Welcome to the Board

The SmitfraudFix log confirms the Securityuptodate.com infection - here's where we go from here ....

Please download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location. When entries are fixed with HJT a backup is made to the folder from which HJT is run and this must be in a permanent location. Do not run it yet.

You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

Boot into Safe Mode and log onto your usual account.

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
Click to expand...

In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process - a copy of this file is saved as C:\rapport.txt.

Stay in or reboot into Safe Mode and open the folder in which you put hijackthis.exe and double click on the file to run it. Select Scan and save a log file - this will be saved in the same folder as HJT.

Reboot into Normal Mode and post the contents of the SmitfraudFix log located at C:\rapport.txt and the HJT log into this thread.

bronskater · 2006/06/11

SmitFraudFix v2.56

Scan done at 2:30:03.60, Sun 06/11/2006
Run from C:\Documents and Settings\Chris R\Desktop\SmitFraudFix1\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1} "= "glochid "

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@= "C:\WINDOWS\system32\wfkduei.dll "

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@= "C:\WINDOWS\system32\wfkduei.dll "

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\wfkduei.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 2:35:50 AM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm ",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

PeteC · 2006/06/11

Your log looks clean to me - are your problems resolved?

bronskater · 2006/06/11

yes that looks good right now, but now my antivirus has found 10 files infected with TROJ ZLOB.TW and they have been quarantined, any suggestions on what to do about that?

PeteC · 2006/06/11

To complete the cleanup following the SmitfraudFix....

Turn off System Restore, reboot and turn it back on again. Some of your restore points will be inevitably infected - turning off System Restore will delete all the restore points.

Your antivirus has done it's job and detected and quarantined the infected files. The TROJ ZLOB has many variants - the suffix .TW is shown in only one Google hit - in Japanese.

Please download the trial version of Ewido. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ". Once installed please update it by clicking on the Update button. Do not run it yet.

Boot into Safe Mode.

Run Ewido ....

Click on Scanner and select a 'Complete System Scan'.
If anything is found during scanning you will be prompted to clean the files.
Select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" and then click on OK

Once the scan has completed save the report to a known location.

Reboot into Normal mode and post the report.

bronskater · 2006/06/12

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:48:03 AM, 6/12/2006
+ Report-Checksum: 150EA541

+ Scan result:

HKU\S-1-5-21-1292428093-1220945662-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wfkigidjslp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wfkycoajeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wflowjcpsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wgmyckcjmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wgmywmdjwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjk4ckcpchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjk4olcpmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjkoemc5kdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjkyuoazwbq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjlieocpefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjliqnazmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjlyclc5oho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@e-2dj6wjlyqnczgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Chris R\Cookies\chris r@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup
C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup

::Report End

PeteC · 2006/06/12

Ewido did not find anything of major concern - just a few tracking cookies.

Trojan.Small may be a false positive according to discussions in other forums.

I think you computer is as clean as it can be

You might like to read this ....

Keep your Computer free from Viruses, Trojans, Spyware and other Malware

bronskater · 2006/06/12

thanks alot petec, i really appreciate all the help. i read that link before, i have been using adaware se personal for over a year now and i scan atleast once a week, and i just bought pc-cillin. do you think that combination is a good one? should i use any additional spy/mal ware removers or would you recommend a different anti-virus, i paid for pc-cillin so i hope its a good one.
once again thankd for the help.

PeteC · 2006/06/12

You're welcome

You should have no problems with pc-cillin - it is one of the majors.

I would add a couple of other spyware/malware tools to your arsenal ....

Windows Defender provides real time protection agaonst a range of spyware/adware, etc and autoscans and autoupdates. Note that for reasons best known to MS the autoscan time is set by default to 2 am - it can be changed.

SpywareBlaster is not a scanner, but provides a high level of permanent protection - currently nearly 6,500 undesireable items are blocked. Download, update and Apply all protection. Check for updates weekly.

You could add to these Spybot and scan weekly - always remember to update weekly.

You may think that this is overkill, but the fact of the matter is that each program relies on it's definition files to track down items of spyware/malware, etc and one program may find something that the other won't because of differences in the definitions.

bronskater · 2006/06/12

I have downloaded, installed, updated and scanned for infections with all the programs and found 6 or so malware and a few tracking cookies, but all is removed/deleted/fixed and good to go. My system seems to be running great and I will be keeping it going good with updates and scans weekly. I thank you once again for your help I really appreciate it and I will spread the word about this forum!

Log in or Sign up

yet another securityuptodate, about:blank hijack

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

Share This Page

Log in or Sign up

yet another securityuptodate, about:blank hijack

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

PeteC SuperGeek Staff

bronskater Inactive Thread Starter

Share This Page

Useful Searches