Been attacked by a virus
Closed
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
-
Jan 22, 2015 at 05:04 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 25, 2015 at 06:31 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 25, 2015 at 06:31 AM
Related:
- Iskysoft helper
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- Can a jpg have a virus - Guide
- Attrib - r-h-s /s /d *.* virus - Viruses & Security Forum
- Access Denied Attrib Functions ✓ - Hard Drive & SSD Forum
12 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 22, 2015 at 05:06 AM
Jan 22, 2015 at 05:06 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on Full.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on Full.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 22, 2015 at 06:05 AM
Jan 22, 2015 at 06:05 AM
Hi
thanks very much for your quick reply , I have attached the text file below on this link.
http://speedy.sh/mRWgn/ZHPDiag.txt
thanks very much for your quick reply , I have attached the text file below on this link.
http://speedy.sh/mRWgn/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 22, 2015 at 06:30 AM
Jan 22, 2015 at 06:30 AM
Hello
All the pleasure is mine.
The log is presently being analyzed by a colleague, I shall get back to you as soon as possible.
Hang in there!
Best regards
All the pleasure is mine.
The log is presently being analyzed by a colleague, I shall get back to you as soon as possible.
Hang in there!
Best regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 22, 2015 at 06:52 AM
Jan 22, 2015 at 06:52 AM
Could you explain
1. what are these software
-registry-repair-5-0-1-26
-Remo Repair Word
-iSkysoft PDF Editor
2. Where did you get them from and if you purchased them
Go to this site:
https://www.virustotal.com/gui/
For all of the above software, upload the .exe file and request a scan and give me the complete results
Good luck
1. what are these software
-registry-repair-5-0-1-26
-Remo Repair Word
-iSkysoft PDF Editor
2. Where did you get them from and if you purchased them
Go to this site:
https://www.virustotal.com/gui/
For all of the above software, upload the .exe file and request a scan and give me the complete results
Good luck
Didn't find the answer you are looking for?
Ask a question
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 22, 2015 at 09:13 AM
Jan 22, 2015 at 09:13 AM
These software were installed by me , I download them on the internet by google search. I did not purchase them. iwanted just to repair the files using these mentioned softwares but invain.
these are the link :
RegistryCleaner.exe
https://www.virustotal.com/gui/file/45db1858564fce455bcba6ac7fe9b1af3fccf560bd0963a9298a45f22c883ac0
iSkysoft PDFEditor.exe
https://www.virustotal.com/gui/file/da9dfe64d48a6197d55a040288b10add639f8a2238371c0bbdf4fb5ea9207910
this is the last one
Remo Repair rs-repairdoc.exe
https://www.virustotal.com/gui/file/1c169f9c7be74d41b5e0e42dca1ee9b215caafe20bddf229fe76236540e5cdbc
these are the link :
RegistryCleaner.exe
https://www.virustotal.com/gui/file/45db1858564fce455bcba6ac7fe9b1af3fccf560bd0963a9298a45f22c883ac0
iSkysoft PDFEditor.exe
https://www.virustotal.com/gui/file/da9dfe64d48a6197d55a040288b10add639f8a2238371c0bbdf4fb5ea9207910
this is the last one
Remo Repair rs-repairdoc.exe
https://www.virustotal.com/gui/file/1c169f9c7be74d41b5e0e42dca1ee9b215caafe20bddf229fe76236540e5cdbc
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 22, 2015 at 05:30 PM
Jan 22, 2015 at 05:30 PM
Okay,
The zhp log and Virus Total shows the software is clean.
Lets see if it's just the file extensions which were changed.
# Download USB Fix on your computer, and launch it.
# It will start automatically, and a shortcut will be created on your desktop.
# Connect all your external data sources to your PC (Usb keys, external drives, etc...) Do not open them.
# Choose " Deletion " option.
#The computer will re-start, and it may be longer than usually.
# UsbFix will display a message at re-start.
# Click "OK" to start cleaning.
# Copy/paste the report here.
Tutorial : http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/
Catch you later
Ambucias
Moderator and Virus/Security Contributor
The zhp log and Virus Total shows the software is clean.
Lets see if it's just the file extensions which were changed.
# Download USB Fix on your computer, and launch it.
# It will start automatically, and a shortcut will be created on your desktop.
# Connect all your external data sources to your PC (Usb keys, external drives, etc...) Do not open them.
# Choose " Deletion " option.
#The computer will re-start, and it may be longer than usually.
# UsbFix will display a message at re-start.
# Click "OK" to start cleaning.
# Copy/paste the report here.
Tutorial : http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/
Catch you later
Ambucias
Moderator and Virus/Security Contributor
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 23, 2015 at 02:33 AM
Jan 23, 2015 at 02:33 AM
Hi
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.
so what I did was to clean and below are my result.
---------------------------------------------------------------
[b]############################## | UsbFix V 7.811 | [Clean][/b]
User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015
Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net/[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0
[b]################## | Security Information |[/b]
AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS
[b]################## | Generic Research |[/b]
(!) Temporary files deleted. (44.2610645294189 MB)
[b]################## | Registry |[/b]
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
[b]################## | UsbFix - Information |[/b]
Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
[b]################## | Hijack |[/b]
[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]
[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix
[b]################## | D:\ - Fixed drive (NTFS) |[/b]
[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal[/url] - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD
[b]################## | G:\ - Fixed drive (NTFS) |[/b]
[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD
[b]################## | Vaccin |[/b]
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.
so what I did was to clean and below are my result.
---------------------------------------------------------------
[b]############################## | UsbFix V 7.811 | [Clean][/b]
User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015
Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net/[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0
[b]################## | Security Information |[/b]
AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS
[b]################## | Generic Research |[/b]
(!) Temporary files deleted. (44.2610645294189 MB)
[b]################## | Registry |[/b]
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
[b]################## | UsbFix - Information |[/b]
Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
[b]################## | Hijack |[/b]
[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]
[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix
[b]################## | D:\ - Fixed drive (NTFS) |[/b]
[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal[/url] - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD
[b]################## | G:\ - Fixed drive (NTFS) |[/b]
[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD
[b]################## | Vaccin |[/b]
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 23, 2015 at 04:04 AM
Jan 23, 2015 at 04:04 AM
Hi
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.
so what I did was to clean and below are my result.
---------------------------------------------------------------
[b]############################## | UsbFix V 7.811 | [Clean]/b
User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015
Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog//url
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net//url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact//url
[b]################## | System information |/b
MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0
[b]################## | Security Information |/b
AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
[b]################## | Disk Information |/b
C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS
[b]################## | Generic Research |/b
(!) Temporary files deleted. (44.2610645294189 MB)
[b]################## | Registry |/b
[b]################## | Regedit Run |/b
F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
[b]################## | UsbFix - Information |/b
Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)/url
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?/url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url
[b]################## | Hijack |/b
[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |/b
[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix
[b]################## | D:\ - Fixed drive (NTFS) |/b
[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal/url - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD
[b]################## | G:\ - Fixed drive (NTFS) |/b
[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD
[b]################## | Vaccin |/b
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net//url | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url |/b
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.
so what I did was to clean and below are my result.
---------------------------------------------------------------
[b]############################## | UsbFix V 7.811 | [Clean]/b
User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015
Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog//url
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net//url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact//url
[b]################## | System information |/b
MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0
[b]################## | Security Information |/b
AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
[b]################## | Disk Information |/b
C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS
[b]################## | Generic Research |/b
(!) Temporary files deleted. (44.2610645294189 MB)
[b]################## | Registry |/b
[b]################## | Regedit Run |/b
F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
[b]################## | UsbFix - Information |/b
Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)/url
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?/url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url
[b]################## | Hijack |/b
[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |/b
[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix
[b]################## | D:\ - Fixed drive (NTFS) |/b
[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal/url - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD
[b]################## | G:\ - Fixed drive (NTFS) |/b
[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD
[b]################## | Vaccin |/b
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net//url | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url |/b
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 23, 2015 at 05:41 AM
Jan 23, 2015 at 05:41 AM
Hello
No infection so no delete button.
When you click right on the file and go to properties does it indicate a previous version?
Can you try to change the file extension of any one file?
Or upload any non important file (word) on speedyshare so that I will examine it.
Combofix is a very last resort for disinfection, it may have created collateral damage.
No infection so no delete button.
When you click right on the file and go to properties does it indicate a previous version?
Can you try to change the file extension of any one file?
Or upload any non important file (word) on speedyshare so that I will examine it.
Combofix is a very last resort for disinfection, it may have created collateral damage.
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 23, 2015 at 06:17 AM
Jan 23, 2015 at 06:17 AM
hi
again I would like to thank you a million for your help , thought I still havent found the solution I believe with time thinks will come easily.
below is the link for speedy share
http://speedy.sh/2nZKC/3-05-Annexe-Exemple-Plan-Affaires-Quebec.PDF.lgupfnj
do u suggest that I use combofix ,is the free trial can do the job ? please let me know .
again I would like to thank you a million for your help , thought I still havent found the solution I believe with time thinks will come easily.
below is the link for speedy share
http://speedy.sh/2nZKC/3-05-Annexe-Exemple-Plan-Affaires-Quebec.PDF.lgupfnj
do u suggest that I use combofix ,is the free trial can do the job ? please let me know .
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 23, 2015 at 06:35 AM
Jan 23, 2015 at 06:35 AM
No, do not run combofix, I thought that you had used it already.
This is a very strange phenomenon.
I am sending the file to a colleague for an opinion. I will get back to you.
P.S. I'm impressed, a French pdf!
This is a very strange phenomenon.
I am sending the file to a colleague for an opinion. I will get back to you.
P.S. I'm impressed, a French pdf!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Jan 23, 2015 at 06:36 AM
Jan 23, 2015 at 06:36 AM
P.S. Can you read and write French?
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Jan 23, 2015 at 11:41 AM
Jan 23, 2015 at 11:41 AM
yes I do read french 5/5 and I understand french 5/5 but my problem is writting am from the french speaking country but am experienced in english , did my studies in english and all the IT technical terms most of them are in know them in english. but if u wanna communicate in french its fine with me . but my spelling and writting are not that perfect .
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 23, 2015 at 04:21 PM
Jan 23, 2015 at 04:21 PM
Bonjour,
A French speaking country, probably born from the French imperialist era.
The virus encrypted your files.
You must now decrypt them.
Download this decrypt tool:
https://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip
Once the file has been downloaded, extract the zip file, and run the Anti-CryptorBit.exe program. This will open the main dashboard for Anti-CryptorBit as shown below
Simply click on the recovery method that you wish to run and follow the instructions.
Bonne chance et donnez-m'en des nouvelles.
A French speaking country, probably born from the French imperialist era.
The virus encrypted your files.
You must now decrypt them.
Download this decrypt tool:
https://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip
Once the file has been downloaded, extract the zip file, and run the Anti-CryptorBit.exe program. This will open the main dashboard for Anti-CryptorBit as shown below
Simply click on the recovery method that you wish to run and follow the instructions.
Bonne chance et donnez-m'en des nouvelles.
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 24, 2015 at 08:59 AM
Jan 24, 2015 at 08:59 AM
bonjour ,
merci pour votre aide encore une , but still the files can't open they seem to be really corrupt . I have followed the method you show me on the last post invain. if there is still something I can do please let me know .
merci encore une fois.
merci pour votre aide encore une , but still the files can't open they seem to be really corrupt . I have followed the method you show me on the last post invain. if there is still something I can do please let me know .
merci encore une fois.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 24, 2015 at 04:10 PM
Jan 24, 2015 at 04:10 PM
Bonjour,
I have tried to change the file extension without success. I sent the file to an expert colleague for analysis and there is no doubt in his mind that the file was encrypted. This usually happens when your machine is hacked and the hackers ask for a ransom to return your files to normal. Unfortunately your system security software
1. Trend Micro OfficeScan Anti-spyware
2. Windows Defender
3. Windows Firewall
were not able to protect you from intrusion.
Having said that, to avoid conflcts between antivirus's you should have only one, otherwise they get confused and protection is not as good. You may also get false positive reports.
I suggest that you use an antivirus software with it's own firewall, not Windows's.
Last but not least, I regret to inform you that the files cannot be recovered. In the future, should you come across a threat, I suggest that before attempting disinfection that you come to Kioskea first.
Je suis désolé.
Cordialement
Ambucias
Moderator
I have tried to change the file extension without success. I sent the file to an expert colleague for analysis and there is no doubt in his mind that the file was encrypted. This usually happens when your machine is hacked and the hackers ask for a ransom to return your files to normal. Unfortunately your system security software
1. Trend Micro OfficeScan Anti-spyware
2. Windows Defender
3. Windows Firewall
were not able to protect you from intrusion.
Having said that, to avoid conflcts between antivirus's you should have only one, otherwise they get confused and protection is not as good. You may also get false positive reports.
I suggest that you use an antivirus software with it's own firewall, not Windows's.
Last but not least, I regret to inform you that the files cannot be recovered. In the future, should you come across a threat, I suggest that before attempting disinfection that you come to Kioskea first.
Je suis désolé.
Cordialement
Ambucias
Moderator
ft85
Posts
24
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
Jan 25, 2015 at 03:16 AM
Jan 25, 2015 at 03:16 AM
Big thanks to your sir , I understand that its not your fault but ours. We should have known this before. But its too late la prochaine fois I will be very watchfull. Quel est le meilleur antivirus reseau que tu p me proposer pour mon entreprise de 50 a 100 pc?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 25, 2015 at 06:31 AM
Jan 25, 2015 at 06:31 AM
I suggest Kapersky