Vundo

V

Volodymyr Shcherbyna

Yes, autoruns requires installation.

In your case, I would boot the machine with \DEBUG switch, attach debugger
and set breakpoints on file system functions (CreateFile, ...ReadFile,
WriteFile), module management function (LoadLibrary, ...) and started
investigations of what is going on on a system, but this way requires some
low level knowledge...

--
V
This posting is provided "AS IS" with no warranties, and confers no
rights.
"John" <a> wrote in message news:uGkBS0iWIHA.4868@TK2MSFTNGP03.phx.gbl...
> That is what I thought too. This crapware hooks itself to system files to
> make sure it's loaded on every system startup, no matter what mode we get
> into. What's interesting is the fact that the HD is not accessible when
> installed on a clean system. I've also tried using BartPE boot CD. I can't
> see the drive either. I'm thinking perhaps the trojan might have changed
> HD partition tables???
>
> Does Autoruns require installation? Does it run in Safe Mode without
> installation? I try to avoid getting into normal mode. Why? Because the
> system takes a few minutes to respond to a single mouse click. It has
> become almost unusable. Forget about installing/removing software. It
> might take hours to install a single software.
>
>
> "Volodymyr Shcherbyna" <v_scherbina@online.mvps.org> wrote in message
> news:uhNlRPiWIHA.2000@TK2MSFTNGP05.phx.gbl...
>> Simple deletion of files is not enought. This crap uses interesting
>> techniques of injection into system. Usually, it registers itself as a
>> shell-addon, which becomes active when you open my computer, or any
>> folder. So I'd suggest you to download autoruns from sysinternals.com,
>> and check all add-ons for shell.
>>
>> --
>> V
>> "John" <a> wrote in message news:uqYli6hWIHA.1208@TK2MSFTNGP03.phx.gbl...
>>>I have a Windows XP Home SP2 PC infected with Vundo trojan. Norton AV
>>>detects it but can't remove it. I've used Vundo removal tools from a few
>>>sites. None can remove it. I've also done manual removal by deleting
>>>files and registry entries. That does not work either (and yes I always
>>>boot into safe mode).
>>>
>>> Here's a list of things that I have done (Note: I do all my virus
>>> removal work in Safe Mode. Never in normal mode):
>>>
>>> - Boot into Safe Mode.
>>>
>>> - Use VundoFix from atribune.org to scan and clean Vundo. It detects and
>>> deletes a few files. Some malicious DLLS (for example GEBXVTT.DLL in
>>> C:\Windows\System32) can not be deleted (in use by other program).
>>>
>>> - Restart the system and use NTFS4DOS from free-av.com to (clean) boot
>>> into command prompt with NTFS support to remove malicious DLL files
>>> created by the trojan. Delete all infected files that VundoFix fails to
>>> delete in safe mode. All bad files are successfully deleted.
>>>
>>> - Restart the system into Safe Mode. Malicious files gets recreated.
>>> They're back in place.
>>>
>>> - Use regedit in Safe Mode. Delete registry keys that should be there (I
>>> know they're created by trojan). Key gets recreated in a split second as
>>> soon as I delete it. This is why I know the trojan is alive in safe
>>> mode.
>>>
>>> - Remove the (infected) HD and install the HD in a clean PC as secondary
>>> master. Then boot the PC (primary master - clean OS with Antivir virus
>>> software installed). The system detects a new HD but does not assign a
>>> drive letter. This means I can't access the data in the HD. Windows Disk
>>> Management shows the new HD but does not 'mount' it or assign a drive
>>> letter.
>>>
>>> I run out of ideas. My last resort would be reformat HD and reinstall
>>> the OS but I don't want to lose the data. If I back it up, I'm afraid
>>> the trojan will reinfect the PC when data is restored.
>>>
>>> Anyone has any ideas? Thanks.
>>>
>>
>>
>
>
 
J

John

Malke,

Thanks for your reply. I've looked at one of the links (castlecops forum).
The posts that I read are all 'in progress' malware removal discussion. Some
of them have been going on for over 1 month and the system is still infected
(crap!). Somehow I get the feeling that there's a rootkit on the PC that I'm
working on.

I can't afford spending a few days/weeks/months to outsmart this malware.
It's not my PC. I'm only doing a favor for a friend. I'm sure my friend
wants the PC back as soon as possible. Having said that, I'll take a
shortcut. Backup, format and reinstall. Patch the system. Install AV product
then restore. I just hope this crapware won't bite my system again when I
restore data.

I'd also want to thank others for the replies.

"Malke" <notreally@invalid.invalid> wrote in message
news:uF$yKsjWIHA.5716@TK2MSFTNGP05.phx.gbl...
>
> Definitely, David. In fact, where in former years I almost never had to
> reinstall Windows because of virus/malware infection, now it is becoming
> extremely common. We're seeing rootkits, respawning, and Vundo variants
> that came from installing infected codecs where the best solution is to
> back up data (scan before putting it back on a clean machine!) and flatten
> the system.
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
 
J

John

Yesterday I decided to take another last look at the infected system while
waiting for Sony recovery DVD media (my friend forgot to the DVD). Here's
what I did:

- used NTFS4DOS to clean boot to command prompt and deleted several
malicious DLLs, EXEs
- used a boot CD to boot to Windows 9x and ran PTEDIT (partition editor) but
I didn't make any changes to the partitions
- removed infected HD from the PC and installed it on a clean system

Bam! This time I can access the data. Since I did two different things at
once, I'm not sure which one allows me to access the data. I was unable to
access the data last week when I installed the HD on a clean system.

Wasting no time, I started my Avira Antivir scanner to scan the drive. It
detects more than 25 infected files scattered all over the directories. They
are as follows (not the complete list):

\Program Files\Beachhead2000\BH.exe
\Program Files\Common Files\Yazzle1552OinAdmin.exe
\Program Files\Common Files\rzzm\rzzma.exe
\Program Files\Common Files\rzzm\rzzml.exe
\Program Files\Common Files\rzzm\rzzmm.exe
\Program Files\Common Files\rzzm\rzzmp.exe
\Program Files\QDRdrive\QDRLoader.exe (HEUR/Malware)
\Program Files\RcvSystem\httpdchk.dll (HEUR/Malware)
\Program Files\Temporary\kerninstall.exe (TR/Dldr.Agent.hag)
\Program Files\kernel\kernel.exe
\Program Files\Malware Alarm\Uninstall.exe
\Program Files\Words\Uninstall.exe (TR/Agent.12800.42)
\Program Files\Words\Words.exe (TR/Dldr.Agent.77824)
\Recycler\S-1-5-18\Dc141.bad
\Windows\b104.exe
\Windows\b122.exe
\Windows\mrofinu11.exe.tmp
\Windows\uninstall_nmon.vbs
\Windows\System32\RCX86.TMP
and
about 460+ files in Norton quarantined folder (from previous scan with
Norton AV installed on the infected system)

I rescanned it the second time today. None found. Next move, I'm going to
put the HD back on the PC. Boot into normal mode. Install AV and scan the
system.

I'd be really impressed if the malware respawns.


"John" <a> wrote in message news:uLC0xaSXIHA.3556@TK2MSFTNGP02.phx.gbl...
> Malke,
>
> Thanks for your reply. I've looked at one of the links (castlecops forum).
> The posts that I read are all 'in progress' malware removal discussion.
> Some of them have been going on for over 1 month and the system is still
> infected (crap!). Somehow I get the feeling that there's a rootkit on the
> PC that I'm working on.
>
> I can't afford spending a few days/weeks/months to outsmart this malware.
> It's not my PC. I'm only doing a favor for a friend. I'm sure my friend
> wants the PC back as soon as possible. Having said that, I'll take a
> shortcut. Backup, format and reinstall. Patch the system. Install AV
> product then restore. I just hope this crapware won't bite my system again
> when I restore data.
>
> I'd also want to thank others for the replies.
>
> "Malke" <notreally@invalid.invalid> wrote in message
> news:uF$yKsjWIHA.5716@TK2MSFTNGP05.phx.gbl...
>>
>> Definitely, David. In fact, where in former years I almost never had to
>> reinstall Windows because of virus/malware infection, now it is becoming
>> extremely common. We're seeing rootkits, respawning, and Vundo variants
>> that came from installing infected codecs where the best solution is to
>> back up data (scan before putting it back on a clean machine!) and
>> flatten the system.
>>
>>
>> Malke
>> --
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> "Don't Panic!"
>> MS-MVP Windows - Shell/User
>
>
 
D

David H. Lipman

From: "John" <a>

| Yesterday I decided to take another last look at the infected system while
| waiting for Sony recovery DVD media (my friend forgot to the DVD). Here's
| what I did:
|
| - used NTFS4DOS to clean boot to command prompt and deleted several
| malicious DLLs, EXEs
| - used a boot CD to boot to Windows 9x and ran PTEDIT (partition editor) but
| I didn't make any changes to the partitions
| - removed infected HD from the PC and installed it on a clean system
|
| Bam! This time I can access the data. Since I did two different things at
| once, I'm not sure which one allows me to access the data. I was unable to
| access the data last week when I installed the HD on a clean system.
|
| Wasting no time, I started my Avira Antivir scanner to scan the drive. It
| detects more than 25 infected files scattered all over the directories. They
| are as follows (not the complete list):
|
| \Program Files\Beachhead2000\BH.exe
| \Program Files\Common Files\Yazzle1552OinAdmin.exe
| \Program Files\Common Files\rzzm\rzzma.exe
| \Program Files\Common Files\rzzm\rzzml.exe
| \Program Files\Common Files\rzzm\rzzmm.exe
| \Program Files\Common Files\rzzm\rzzmp.exe
| \Program Files\QDRdrive\QDRLoader.exe (HEUR/Malware)
| \Program Files\RcvSystem\httpdchk.dll (HEUR/Malware)
| \Program Files\Temporary\kerninstall.exe (TR/Dldr.Agent.hag)
| \Program Files\kernel\kernel.exe
| \Program Files\Malware Alarm\Uninstall.exe
| \Program Files\Words\Uninstall.exe (TR/Agent.12800.42)
| \Program Files\Words\Words.exe (TR/Dldr.Agent.77824)
| \Recycler\S-1-5-18\Dc141.bad
| \Windows\b104.exe
| \Windows\b122.exe
| \Windows\mrofinu11.exe.tmp
| \Windows\uninstall_nmon.vbs
| \Windows\System32\RCX86.TMP
| and
| about 460+ files in Norton quarantined folder (from previous scan with
| Norton AV installed on the infected system)
|
| I rescanned it the second time today. None found. Next move, I'm going to
| put the HD back on the PC. Boot into normal mode. Install AV and scan the
| system.
|
| I'd be really impressed if the malware respawns.
|


Based upon the number of items found, scanning the system with additional scanners is
warranted as one may catch what another may miss.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose Unzip
Choose Close

Execute C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
J

John

I agree. This is proven by the fact that I still get pop-ups when I put the
HD back in the system. A portion of this crap is still there. I am sure if I
leave it running and connected to the internet for a long period, the
infection will get worse. Perhaps someone out there is controlling this PC
remotely.

I just removed the HD and put it back on a clean system. Scanning it once
more with Avira Antivir. I will give Multi_AV a shot if I have time.
Otherwise, I'll just back it up and reformat the HD.

Thanks David.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23sGIWYgXIHA.4440@TK2MSFTNGP06.phx.gbl...
>
> Based upon the number of items found, scanning the system with additional
> scanners is
> warranted as one may catch what another may miss.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.pctipp.ch/downloads/dl/35905.asp
>
> To use this utility, perform the following...
> Execute Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose Unzip
> Choose Close
>
> Execute C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
> Normal Mode.
> This way all the components can be downloaded from each AV vendor's web
> site.
> The choices are Sophos, Trend, McAfee, Kaspersky, Exit this menu and
> Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
> or you can
> download the files and perform a scan in Normal Mode. Once you have
> downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
> Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
> to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
> Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
> comprehensive PDF help
> file.
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
J

John

Turns out I do have time to play around with the infected drive.

The link you gave me was unresponsive so I decided to download trial AVs.
Install and use them (not at the same time) to scan the infected drive.
First one was Avira Antivir, then eset NOD32. Followed by BitDefender. Now
I'm running Kaspersky.

Each one finds a few more infections that the previous AV product can't
find.

NOD32 detects legitimate files (such as iTunesHelper, nmon.exe) being
trojanized. They're disinfected but I hard deleted (SHIFT DEL) them anyway.

BitDefender finds infections mostly in the:
\System Volume Information\...
\Recycler\...

I have deleted all files found in the D:\System Volume Information\ and
D:\Recycler
(D drive is the infected HD).

Now I am running Kaspersky AV.

"John" <a> wrote in message news:ufgQr8gXIHA.4828@TK2MSFTNGP05.phx.gbl...
>I agree. This is proven by the fact that I still get pop-ups when I put the
>HD back in the system. A portion of this crap is still there. I am sure if
>I leave it running and connected to the internet for a long period, the
>infection will get worse. Perhaps someone out there is controlling this PC
>remotely.
>
> I just removed the HD and put it back on a clean system. Scanning it once
> more with Avira Antivir. I will give Multi_AV a shot if I have time.
> Otherwise, I'll just back it up and reformat the HD.
>
> Thanks David.
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:%23sGIWYgXIHA.4440@TK2MSFTNGP06.phx.gbl...
>>
>> Based upon the number of items found, scanning the system with additional
>> scanners is
>> warranted as one may catch what another may miss.
>>
>>
>> Download MULTI_AV.EXE from the URL --
>> http://www.pctipp.ch/downloads/dl/35905.asp
>>
>> To use this utility, perform the following...
>> Execute Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
>> Choose Unzip
>> Choose Close
>>
>> Execute C:\AV-CLS\StartMenu.BAT
>> { or Double-click on 'Start Menu' in C:\AV-CLS }
>>
>> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
>> go through your
>> FireWall to allow it to download the needed AV vendor related files.
>>
>> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
>> C:\AV-CLS}
>> This will bring up the initial menu of choices and should be executed in
>> Normal Mode.
>> This way all the components can be downloaded from each AV vendor's web
>> site.
>> The choices are Sophos, Trend, McAfee, Kaspersky, Exit this menu and
>> Reboot the PC.
>>
>> You can choose to go to each menu item and just download the needed files
>> or you can
>> download the files and perform a scan in Normal Mode. Once you have
>> downloaded the files
>> needed for each scanner you want to use, you should reboot the PC into
>> Safe Mode [F8 key
>> during boot] and re-run the menu again and choose which scanner you want
>> to run in Safe
>> Mode. It is suggested to run the scanners in both Safe Mode and Normal
>> Mode.
>>
>> When the menu is displayed hitting 'H' or 'h' will bring up a more
>> comprehensive PDF help
>> file.
>>
>> Additional Instructions:
>> http://pcdid.com/Multi_AV.htm
>>
>>
>> * * * Please report back your results * * *
>>
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>
>
 
D

David H. Lipman

From: "John" <a>

| Turns out I do have time to play around with the infected drive.
|
| The link you gave me was unresponsive so I decided to download trial AVs.
| Install and use them (not at the same time) to scan the infected drive.
| First one was Avira Antivir, then eset NOD32. Followed by BitDefender. Now
| I'm running Kaspersky.
|
| Each one finds a few more infections that the previous AV product can't
| find.
|
| NOD32 detects legitimate files (such as iTunesHelper, nmon.exe) being
| trojanized. They're disinfected but I hard deleted (SHIFT DEL) them anyway.
|
| BitDefender finds infections mostly in the:
| \System Volume Information\...
| \Recycler\...
|
| I have deleted all files found in the D:\System Volume Information\ and
| D:\Recycler
| (D drive is the infected HD).
|
| Now I am running Kaspersky AV.
|


I can access http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
In fact, I just did.

Can you ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
J

John

I was able to access
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
but it's not in English.
I couldn't find English link on the above site so I decided to go to
http://pcdid.com/Multi_AV.htm but nothing happened for a few minutes.

I can go to both sites now but that's ok... I'm almost done scanning the
infected drive. Thanks for your reply anyway.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23Qh8a3uXIHA.1212@TK2MSFTNGP05.phx.gbl...
> From: "John" <a>
>
> | Turns out I do have time to play around with the infected drive.
> |
> | The link you gave me was unresponsive so I decided to download trial
> AVs.
> | Install and use them (not at the same time) to scan the infected drive.
> | First one was Avira Antivir, then eset NOD32. Followed by BitDefender.
> Now
> | I'm running Kaspersky.
> |
> | Each one finds a few more infections that the previous AV product can't
> | find.
> |
> | NOD32 detects legitimate files (such as iTunesHelper, nmon.exe) being
> | trojanized. They're disinfected but I hard deleted (SHIFT DEL) them
> anyway.
> |
> | BitDefender finds infections mostly in the:
> | \System Volume Information\...
> | \Recycler\...
> |
> | I have deleted all files found in the D:\System Volume Information\ and
> | D:\Recycler
> | (D drive is the infected HD).
> |
> | Now I am running Kaspersky AV.
> |
>
>
> I can access
> http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
> In fact, I just did.
>
> Can you ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
A

antioch

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:BA3B01BD-CA5E-43FD-A9B7-F40F33D6E072@microsoft.com...

> I recently saw the first system in several years where I couldn't identify
> the malware that was installed and remove it. It was playing tricks with
> the mbr among other things. It did initially look like a vundo variant. It
> was not mebroot or if it was it has changed considerably. Even overwriting
> the mbr then booting from a Linux CD to inspect suspicious files I
> couldn't get rid of it. It would come back as soon as explorer loaded in
> safe or normal mode. I'm guessing it infects some system files as well as
> the mbr and the scanners I was using didn't identify it yet. It is getting
> very nasty. I think that more and more the solution will be backup the
> data then flatten the system. If the malware starts attacking the factory
> restore partition then even that method of cleaning a system will be
> beyond most people's abilities :-(
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> http://www.vistahelp.ca/phpBB2/
>
>
Kerry
Your reference to Mebroot rang a bell -
This link to an article in a UK Comp Magazine may be of interest - unless of
course you are already aware.

http://www.computeractive.co.uk/computeractive/news/2207251/mebroot-attack-takes-security

Rgds
Antioch
 
K

Kerry Brown

"antioch" <antioch@home.com> wrote in message
news:utl11$4XIHA.6140@TK2MSFTNGP02.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:BA3B01BD-CA5E-43FD-A9B7-F40F33D6E072@microsoft.com...
>
>> I recently saw the first system in several years where I couldn't
>> identify the malware that was installed and remove it. It was playing
>> tricks with the mbr among other things. It did initially look like a
>> vundo variant. It was not mebroot or if it was it has changed
>> considerably. Even overwriting the mbr then booting from a Linux CD to
>> inspect suspicious files I couldn't get rid of it. It would come back as
>> soon as explorer loaded in safe or normal mode. I'm guessing it infects
>> some system files as well as the mbr and the scanners I was using didn't
>> identify it yet. It is getting very nasty. I think that more and more the
>> solution will be backup the data then flatten the system. If the malware
>> starts attacking the factory restore partition then even that method of
>> cleaning a system will be beyond most people's abilities :-(
>>
>> --
>> Kerry Brown
>> Microsoft MVP - Shell/User
>> http://www.vistahelp.ca/phpBB2/
>>
>>
> Kerry
> Your reference to Mebroot rang a bell -
> This link to an article in a UK Comp Magazine may be of interest - unless
> of course you are already aware.


I haven't actually seen mebroot but I've read quite a bit about it. This was
a three pronged infection that appeared to use the same method as mebroot
(altering the mbr) as one of it's infections. From what I have read about
mebroot it was not mebroot but some other malware that used a similar method
to hide. This was actually a very common method for viruses to spread back
when floppy disks were used more.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca/phpBB2/
 
D

David H. Lipman

From: "John" <a>

| I was able to access
| http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
| but it's not in English.
| I couldn't find English link on the above site so I decided to go to
| http://pcdid.com/Multi_AV.htm but nothing happened for a few minutes.
|
| I can go to both sites now but that's ok... I'm almost done scanning the
| infected drive. Thanks for your reply anyway.
|

Yeah, I know the description is in Swiss-German.

However the utility is in English and if you go down almost to the bottom of the page you'll
find "Download von www pctipp.ch:"
And the link to download it is below that and to the right it shows 18900 downloads.

Additional, English, instructions are the following web site, not the download.
http://pcdid.com/Multi_AV.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
You must log in or register to reply here.

Similar threads

T
Trojan wacatac trouble
Replies
0
Views
41
Toge Luga
T
G
Stuck in safe mode with a black screen.
Replies
0
Views
31
Gerald_taken
G
G
Stuck in safe mode with a black screen.
Replies
0
Views
31
Gerald_taken
G
J
Trojan?
Replies
0
Views
18
John_556
J
J
Trojan?
Replies
0
Views
19
John_556
J
Back
Top Bottom