Unusual Trojan/Hijacker/Spyware Combo Problem

Discussion in 'adware, spyware & hijack cleaning' started by Dman33, May 5, 2004.

Thread Status:
Not open for further replies.
  1. Dman33

    Dman33 Registered Member

    Joined:
    May 5, 2004
    Posts:
    3
    I have about 5 users on my LAN that have been 'infected' with this Trojan. The first occurance was sometime last week around Thursday. Below are the symptoms:
    Machine Info: Win 2000 Pro SP3 with Critical Patches as of April. IE 6 SP1
    AntiVirus: Symantec Antivirus Corp Ed. with latest defs updated nightly.

    Symptoms:
    SAV will detect that htm[1].htm located in the user's Temporary Internet Files folder is infected with "Download.Trojan" which is generic.

    IE Start page is now Lycos. The following are now installed:
    Sidesearch, BargainBuddy, Clock Sync, eZula, exactSearchbar... a ton of them.. see the HJT log below.

    The problem is this can and has occured on freshly imaged computers, so these are all being installed together through one site/exploit. We have not had problems with hijacks prior to late last week and this is a medium sized office with 100+ PCs. Any help is appreciated. BTW, the following has been run so far but these come back:
    CWShredder, AdAware, Spybot S&D, HJT (for logging only)

    LOGFILE
    Logfile of HijackThis v1.97.7
    Scan saved at 11:32:24 AM, on 5/5/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINNT\wt\updater\wcmdmgr.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\Hot Keyboard\HotKeyb.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Apps\PowerMenu\PowerMenu.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    D:\Design Tools\FastKey\FASTKEY.EXE
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\AutoCAD 2004\acad.exe
    C:\WINNT\System32\mshta.exe
    C:\WINNT\system32\ntvdm.exe
    D:\DOCUME~1\scottb\LOCALS~1\Temp\~e5d141.tmp
    c:\winnt\temp\uG5tASa.exe
    C:\WINNT\SYSTEM32\CS4P028.EXE
    C:\WINNT\System32\mshta.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Lycos\Sidesearch\CSV5P086.exe
    C:\WINNT\SYSTEM32\CS4P028.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Program Files\3dsmax5\3dsmax.exe
    C:\WINNT\System32\JxaW8.exe
    C:\WINNT\System32\Bki6Lz6.exe
    C:\WINNT\System32\IEHost.exe
    D:\DOCUME~1\scottb\Application Data\atep.exe
    C:\Program Files\Bargain Buddy\bin\bargains.exe
    C:\WINNT\System32\tsd3msp.exe
    C:\PROGRA~1\eZula\mmod.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Program Files\SysAI\SysAI.exe
    c:\progra~1\exact\exactupdate00136.exe
    C:\PROGRA~1\CLOCKS~1\Sync.exe
    C:\WINNT\system32\pcs\pcsvc.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\Program Files\Common files\updmgr\updmgr.exe
    X:\TEMP\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ewebsearch.net/sp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.studio2s.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
    O2 - BHO: eXact Browser Companion - {F9765480-72D1-11D4-A75A-004F49045A87} - c:\progra~1\exact\exacttoolbar00068.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
    O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOT
    O4 - HKLM\..\Run: [uG5tASa.exe] c:\winnt\temp\uG5tASa.exe
    O4 - HKLM\..\Run: [29X9MTL2ZTN2X3] C:\WINNT\System32\UbgrYPnp.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
    O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
    O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
    O4 - HKLM\..\Run: [57nR3mh] C:\WINNT\System32\tsd3msp.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Hot Keyboard] C:\Program Files\Hot Keyboard\HotKeyb.exe -minimized
    O4 - HKCU\..\Run: [Oduh] D:\DOCUME~1\scottb\Application Data\atep.exe
    O4 - HKCU\..\Run: [WNSI] C:\WINNT\System32\wnscpcc.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - Startup: Shortcut to PowerMenu.exe.lnk = D:\Apps\PowerMenu\PowerMenu.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Handle with &Hot Keyboard - C:\Program Files\Hot Keyboard\IEScript.htm
    O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! MLB StatTracker - http://aud1.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
    O16 - DPF: Yahoo! NBA StatTracker - http://aud2.sports.sc5.yahoo.com/java/y/nbast8268_x.cab
    O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud3.sports.yahoo.com/java/y/nflgcst1008_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/music/Sidesearch.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/162ae3397f6729e6f116/netzip/RdxIE601.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://211.79.170.21/plugin/1/AxisCamControl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.7324652778
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Dman,

    First start with this uninstaller while being online :

    http://www.memorywatcher.com/uninst.exe

    After doing so have only HijackThis running and fix. Make sure you put HijackThis in a seperate folder, for backup purposes (like c:\hijackthis) :



    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ewebsearch.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL

    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
    O2 - BHO: eXact Browser Companion - {F9765480-72D1-11D4-A75A-004F49045A87} - c:\progra~1\exact\exacttoolbar00068.dll

    O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll

    O4 - HKLM\..\Run: [uG5tASa.exe] c:\winnt\temp\uG5tASa.exe
    O4 - HKLM\..\Run: [29X9MTL2ZTN2X3] C:\WINNT\System32\UbgrYPnp.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINNT\System32\dp-him.exe
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
    O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
    O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
    O4 - HKLM\..\Run: [57nR3mh] C:\WINNT\System32\tsd3msp.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKCU\..\Run: [Oduh] D:\DOCUME~1\scottb\Application Data\atep.exe
    O4 - HKCU\..\Run: [WNSI] C:\WINNT\System32\wnscpcc.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

    O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US.../Sidesearch.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/162ae3397f6729...ip/RdxIE601.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://211.79.170.21/plugin/1/AxisCamControl.cab

    Then make sure all hidden files/folders are set to show : Here's How

    After doing so restart your PC in Safe Mode : Here's How and remove (if still present) :

    c:\winnt\temp\uG5tASa.exe <- this file
    C:\WINNT\System32\IEHost.exe <- this file
    C:\WINNT\System32\dp-him.exe <- this file
    C:\Program Files\Bargain Buddy\ <- this folder
    C:\Program Files\Save\ <- this folder
    C:\PROGRAM FILES\WHENUSEARCH\ <- this folder
    C:\WINNT\System32\tsd3msp.exe <- this file
    C:\WINNT\system32\pcs\ <- this folder
    C:\Program Files\Common Files\Dpi\ <- this folder
    C:\Program Files\Common files\updmgr <- this folder
    D:\DOCUME~1\scottb\Application Data\atep.exe <- this file
    C:\WINNT\System32\wnscpcc.exe <- this file
    C:\PROGRAM FILES\CLOCKSYNC <- this folder

    Clean temp internet files

    Restart again in normal mode and run cwshredder again.

    Finally repost another log so we can check up

    Cheers,
     
    Last edited: May 5, 2004
  3. Dman33

    Dman33 Registered Member

    Joined:
    May 5, 2004
    Posts:
    3
    Thanks. As of right now, it looks like the problem has been pacified. Now I need to know how it got there and if there are any patches that will prevent this from happening. I am watching on my LAN and one computer is being taken over by this per 4 hours or so. That is not good! Looks like it is propigating itself instead of being passive on a malicious website. If I manage to isolate the htm[1].htm that is being picked up by SAV in the temp internet files location I will check the contents in a sandbox.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  5. Dman33

    Dman33 Registered Member

    Joined:
    May 5, 2004
    Posts:
    3
    Thanks for the help. I have been able to clean and fortify these machines... what I find disturbing is that one SpyWare injection can install so many apps such as Purity, SideSearch, ClockSync, WNSI, UpdateManager, BargainBuddy etc etc... I count about 14 Spywares being installed with one single 'infection' and it is an identical 'infection' on each of the 5 computers at my site that had this problem. I am trying to deal with Symantec regarding this as I feel a Trojan being injected that will install 14 rogue apps without user knowledge is considered a virus and should be prevented at the AV level. Granted, SAV did detect htm[1].htm as being Trojan.Downloader but that did not prevent from all this stuff being installed. I imagine that if 5 machines at my site get hit with the same thing all from different internet activity (the 5 users have no common denominators) that indicates that this may be resident on several malicious sites.

    I just wonder if we are going to see more and more of this bugger... a colleague of mine in a different state detected this on a machine on his LAN this morning. o_O

    Additionally, is there any way to send a comprehensive logfile (perhaps even moreso than HJT) to the makers of SpyBot S&D / AdAware? I would like to help get a good detection of this one so it can be cleaned by others much easily than what I had to go through. The average user should not have to sort all files in C:\WINNT\System32 by modified date and discern the baddies from the goodies... just thinking here...
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Dman33,

    Submitting the files is about all us mortals can do. After that it is up to the programmers to unravel the malware, add detection and come up with removal tools.

    You can imagine this all takes time, especially at the rate new malware gets unleashed all the time. The people that write those don't have to worry about beta-testing what they release. ;)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.