• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
r0b

Recurring malware

9 posts in this topic

Someone kindly helped me recently eradicate some spyware but it seems to have come back again. Please could someone have a look at my HJT and suggest a fix:

Logfile of HijackThis v1.97.7

Scan saved at 14:27:37, on 22/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE

C:\WINDOWS\SYSTEM\ICSMGR.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\C_PAN.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\WASHER\WASHER.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\PROGRAM FILES\BROTHER\BRMFLPRO\FAXRX.EXE

C:\HPOJET\MGR\HPOJDMAN.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE

C:\WINDOWS\SYSTEM\BRMFRSMG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"

O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"

O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"

O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe

O4 - HKLM\..\Run: [iCSMGR] ICSMGR.EXE

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [httpd] C:\WINDOWS\c_pan.exe /i

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\BRMFLPRO\faxrx.exe

O4 - Startup: HP OfficeJet Auto Prompt.lnk = C:\HPOJET\MGR\HPOJDMAN.EXE

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE

O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com

O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab

 

Thanks in advance

Share this post


Link to post
Share on other sites

I haven't had a response and could really do with some help. I am not sure if this is recurring or a new parasite. It has the same symptoms as before i.e. "hotxxx" keeps appearing all over the place and I believe it dials up premium sites. After some assistance here a couple of weeks ago it disappeared but has now returned.

Help please! :gasp:

Share this post


Link to post
Share on other sites

Getting a bit desperate now as I have had no replies and all sorts of strange things keep happening. My home page has just been hijacked to a site called www.sureseeker.com

Help gratefully appreciated please.

Share this post


Link to post
Share on other sites

Oh yes and in case it has changed my hjt log today looks like this:

Logfile of HijackThis v1.97.7

Scan saved at 14:34:47, on 23/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\C_PAN.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\C_PAN.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\7.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE

C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE

C:\WINDOWS\SYSTEM\ICSMGR.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\C_PAN.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\WASHER\WASHER.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\PROGRAM FILES\BROTHER\BRMFLPRO\FAXRX.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\HPOJET\MGR\HPOJDMAN.EXE

C:\WINDOWS\SYSTEM\BRMFRSMG.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE

C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"

O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"

O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"

O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe

O4 - HKLM\..\Run: [iCSMGR] ICSMGR.EXE

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [httpd] C:\WINDOWS\c_pan.exe /i

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\BRMFLPRO\faxrx.exe

O4 - Startup: HP OfficeJet Auto Prompt.lnk = C:\HPOJET\MGR\HPOJDMAN.EXE

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE

O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com

O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab

 

Thanks all

Share this post


Link to post
Share on other sites

Hello again r0b! It appears that you have the identical problem that you had during your last visit here. I am concerned as to how you became re-infected so I will walk you through a few extra steps in a follow up post (after we get the issue cleaned up) to try and prevent future infection.

 

icon11.gif Reboot your PC into Safe Mode by doing the following:

  • Start Windows, or if it is running, shut Windows down, and then turn off the computer.
  • Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
  • As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

icon11.gif Make sure you are set to Show Hidden Files and Folders:

  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View Tab.
  • In the Hidden files section select Show all files.
  • Click OK.

icon11.gif Delete the following files:

  • C:\WINDOWS\C_PAN.EXE

icon11.gif Close all application and browser windows and run HijackThis.

 

Click on the Scan button

Put a check beside the following line(s)

  • O4 - HKLM\..\Run: [httpd] C:\WINDOWS\c_pan.exe /i

You have OSA.EXE loading at startup which is resource hog that can be launched manually if it is required. I recommend letting HijackThis fix it by checking the following line:

  • O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Click on the "Fix Checked" button

 

icon11.gif Reboot your PC a couple of times and reply to this topic with an updated HijackThis log.

Share this post


Link to post
Share on other sites

Yes hello again smckillop

is it a re-infection or recurrence of something lurking after the last fix? The hijack to "pureseeker" didn't happen before.

However after much tapping of f8 without success I discovered the other way of getting into safe mode and carried out your instructions. Here's the subsequent hjt log:

Logfile of HijackThis v1.97.7

Scan saved at 09:02:10, on 24/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE

C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE

C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\ICSMGR.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\WASHER\WASHER.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\HPOJET\MGR\HPOJDMAN.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE

C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"

O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"

O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"

O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe

O4 - HKLM\..\Run: [iCSMGR] ICSMGR.EXE

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\BRMFLPRO\faxrx.exe

O4 - Startup: HP OfficeJet Auto Prompt.lnk = C:\HPOJET\MGR\HPOJDMAN.EXE

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE

O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com

O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab

 

Thanks again.

Share this post


Link to post
Share on other sites

Nice work r0b!

 

I don't see any visible problem in your HijackThis log. You didn't state in your post if you're still being redirected to "pureseeker". Let me know and I'll see if I can find some info, otherwise, you should be good to go!

 

icon11.gif I would recommend looking into the following to try and prevent future infections:

 

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

http://www.wilderssecurity.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally to check for updates.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

 

Thanks!

Share this post


Link to post
Share on other sites

I have done all you recommend. No pureseeker hasn't appeared again.

Interestingly I have been running spywareblaster for a few months now but it didn't stop me getting infected twice. I have just downloaded an update.

Thanks a million for your help.

Share this post


Link to post
Share on other sites

Thanks r0b!

 

Since your symptoms have been resolved. I am considering the issue closed. If you do come across another problem, please start a new topic. :wave:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0