It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Help-Had FBI virus, removed it now on startup command prompt looks for an exe that isn't there.
page: 1share:
Hello ATS, I need some quick help.
My friend had the FBI virus on his computer. We couldn't get in via safe mode (any version of safe mode at all-the virus was still active). After I ran the program and deleted this file called "1c54cad4.exe". Now when I start windows (safe mode or not) a command prompt opens and says that (the .exe that Hitman Pro deleted)
"1c54cad4.exe is not a recognized as an internal operable program or batch file".
So some program in the system is still calling that virus file-how can I find that program? How can I fine this entry in the system and tell the computer to ignore it? Is there a list of .exe's that run on startup that is in the registry somewhere? I checked in msconfig and nothing out of the ordinary is there. I also ran Hijackthis and the call for the exe wasn't in there either.
My friend had the FBI virus on his computer. We couldn't get in via safe mode (any version of safe mode at all-the virus was still active). After I ran the program and deleted this file called "1c54cad4.exe". Now when I start windows (safe mode or not) a command prompt opens and says that (the .exe that Hitman Pro deleted)
"1c54cad4.exe is not a recognized as an internal operable program or batch file".
So some program in the system is still calling that virus file-how can I find that program? How can I fine this entry in the system and tell the computer to ignore it? Is there a list of .exe's that run on startup that is in the registry somewhere? I checked in msconfig and nothing out of the ordinary is there. I also ran Hijackthis and the call for the exe wasn't in there either.
reply to post by samlf3rd
Start button, run or windows key R, type msconfig, go to start up tabe.. find it and uncheck box.
Start button, run or windows key R, type msconfig, go to start up tabe.. find it and uncheck box.
reply to post by Berzerked
Well I posted that I did that already:
Well I posted that I did that already:
I checked in msconfig and nothing out of the ordinary is there. I also ran Hijackthis and the call for the exe wasn't in there either.
Oh, I didnt see it..
I guess it could be in the registry then, other than that, I dont know.
I guess it could be in the registry then, other than that, I dont know.
Get a Malware detector/removers, Malware Bytes, also get a Registry Cleaner, probably you torrent it if you can't find a free one.
I had a similar attack, when i tried to "skip an ad" - It had an invisible layer, that made me acknowledge a virus file download.
FBI Web Cam Virus(ATS).
I had a similar attack, when i tried to "skip an ad" - It had an invisible layer, that made me acknowledge a virus file download.
FBI Web Cam Virus(ATS).
reply to post by samlf3rd
Have you seen this site, www.2-spyware.com...
It explains all you need to do.
Have you seen this site, www.2-spyware.com...
It explains all you need to do.
edit on 13-5-2013 by creatives because: (no reason given)
you may have to use a live boot disk such as Ultimate Boot Disk for Windows, Linux Live (any distro may work), or even creating or finding a
Pre-Installation Environment Disk with Windows 7 would work. Or if you can some how get into safe mode or similar, you will need to get to the
registry. Regedit or similar registry editing software.
look under these reg keys for your little exe file.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Or you can run a search for your EXE file and delete it from your registry. Or you can try setting your PC back to another day.
If your PC is MS Windows, consider downloading Sysinternals Suite.
look under these reg keys for your little exe file.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Or you can run a search for your EXE file and delete it from your registry. Or you can try setting your PC back to another day.
If your PC is MS Windows, consider downloading Sysinternals Suite.
reply to post by Skada
Ditto to Skada's suggestion. If you don't get the whole suite, get "Autoruns" as a minimum. Make sure you run it as administrator. It comes from Microsoft directly so it's clean as far as that goes. It's the single best free Util I know of to see EVERYTHING starting and running on a machine. It's also the #1 thing, literally, #1 that I put on any clean format/install I do on a Windows machine.
Also...I hadn't seen you mention it. Are you using Malwarebytes? That is, believe it or not, what the IT department at the school was using to clean this little bugger. Safe-Mode then Malwarebytes on a full scan. It sounds almost too simplistic for how evil this one is ..but they've found it to work in most cases?
Ditto to Skada's suggestion. If you don't get the whole suite, get "Autoruns" as a minimum. Make sure you run it as administrator. It comes from Microsoft directly so it's clean as far as that goes. It's the single best free Util I know of to see EVERYTHING starting and running on a machine. It's also the #1 thing, literally, #1 that I put on any clean format/install I do on a Windows machine.
Also...I hadn't seen you mention it. Are you using Malwarebytes? That is, believe it or not, what the IT department at the school was using to clean this little bugger. Safe-Mode then Malwarebytes on a full scan. It sounds almost too simplistic for how evil this one is ..but they've found it to work in most cases?
Originally posted by Wrabbit2000
reply to post by Skada
Ditto to Skada's suggestion. If you don't get the whole suite, get "Autoruns" as a minimum. Make sure you run it as administrator. It comes from Microsoft directly so it's clean as far as that goes. It's the single best free Util I know of to see EVERYTHING starting and running on a machine. It's also the #1 thing, literally, #1 that I put on any clean format/install I do on a Windows machine.
Also...I hadn't seen you mention it. Are you using Malwarebytes? That is, believe it or not, what the IT department at the school was using to clean this little bugger. Safe-Mode then Malwarebytes on a full scan. It sounds almost too simplistic for how evil this one is ..but they've found it to work in most cases?
I'm in IT and have had to remove this (or one of its several variants) several times and I have to agree with the suggestion of Malwarebytes run in Safe Mode. It's taken care of it in almost all the cases I've run into.
Thanks guys for the great tips. I have already ran spybot, hijackthis, avg, hitman pro, emeri emergency, and a few more.
I didn't see anything in the registry under run or run once (just normal stuff).
I will let you guys know in a few after I go through all of your suggestions.
Thank you very much ATS!
Sam
I didn't see anything in the registry under run or run once (just normal stuff).
I will let you guys know in a few after I go through all of your suggestions.
Thank you very much ATS!
Sam
I had this same virus and payed my buddy to get rid of it. He cleaned up all the junk files, programs not used, and did a malwarebytes scan and found
the location of the virus to delete it
Originally posted by luciddream
Get a Malware detector/removers, Malware Bytes, also get a Registry Cleaner, probably you torrent it if you can't find a free one.
I had a similar attack, when i tried to "skip an ad" - It had an invisible layer, that made me acknowledge a virus file download.
FBI Web Cam Virus(ATS).
Right, because downloading pirated software is a great way to remove malware
Originally posted by samlf3rd
Hello ATS, I need some quick help.
My friend had the FBI virus on his computer. We couldn't get in via safe mode (any version of safe mode at all-the virus was still active). After I ran the program and deleted this file called "1c54cad4.exe". Now when I start windows (safe mode or not) a command prompt opens and says that (the .exe that Hitman Pro deleted)
"1c54cad4.exe is not a recognized as an internal operable program or batch file".
So some program in the system is still calling that virus file-how can I find that program? How can I fine this entry in the system and tell the computer to ignore it? Is there a list of .exe's that run on startup that is in the registry somewhere? I checked in msconfig and nothing out of the ordinary is there. I also ran Hijackthis and the call for the exe wasn't in there either.
Look for lsass.exe in you ruser profile from the hijackthis logs.. or post the hijackthis logs..
if you checked msconfig for startup it will list the executables that start on your system, as you have checked. But it does not mean it has not assumed a known name, so you think it's normal.
lsass.exe in system32 is normal. elsewhere it can be part of the fbi virus.
post the log.
Originally posted by Skada
you may have to use a live boot disk such as Ultimate Boot Disk for Windows, Linux Live (any distro may work), or even creating or finding a Pre-Installation Environment Disk with Windows 7 would work. Or if you can some how get into safe mode or similar, you will need to get to the registry. Regedit or similar registry editing software.
look under these reg keys for your little exe file.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Or you can run a search for your EXE file and delete it from your registry. Or you can try setting your PC back to another day.
If your PC is MS Windows, consider downloading Sysinternals Suite.
It's unlikely to be the runonce key as that, as its name implies, runs once, and this seems to be a recurring issue for the op.
also, there is the hk_local_machine/.../Run key, and if they have a 64 bit OS, the Wow6432Node/../Run key.
But as they say they checked msconfig, which lists all programs in these keys, as well as the startup folder, it's likely something they're assuming is a normal executable, calling the randomly generated executable.
Originally posted by KeepYourAnonymity
I had this same virus and payed my buddy to get rid of it. He cleaned up all the junk files, programs not used, and did a malwarebytes scan and found the location of the virus to delete it
I need buddies who I pay .. lol
Actually, I need buddies who pay me! Oo
reply to post by winofiend
I put in the RunOnce because there could be a reoccurring "re-register this exe/dll in this temp location". Had to try to cover all the bases.
I put in the RunOnce because there could be a reoccurring "re-register this exe/dll in this temp location". Had to try to cover all the bases.
reply to post by samlf3rd
If you can get Windows or safe mode to load hit the CRTL-ALT-DEL to open the task manager. Have a look at the processes. Look for anything that doesn't make sense like files with numbers.exe or a combination of letters and numbers.exe.
Then do a search on your system for that file name. But just because you are able to find that file and delete does not mean that you will kill the issue.
If you really want to do it effortlessly .. Download COMBOFIX.exe from Bleeping Computers. com
About 5-10 minutes later you will be good to go and everything will be clean.
Keep in mind that allot of times antivirus programs do not work so well if you have a virus before you install the anti-virus.
P.S. .. . By thye way., .. you had better check that system for CHILD PORN since it has something to do with the FBI. .. . .. Just sayin'.
If you can get Windows or safe mode to load hit the CRTL-ALT-DEL to open the task manager. Have a look at the processes. Look for anything that doesn't make sense like files with numbers.exe or a combination of letters and numbers.exe.
Then do a search on your system for that file name. But just because you are able to find that file and delete does not mean that you will kill the issue.
If you really want to do it effortlessly .. Download COMBOFIX.exe from Bleeping Computers. com
About 5-10 minutes later you will be good to go and everything will be clean.
Keep in mind that allot of times antivirus programs do not work so well if you have a virus before you install the anti-virus.
P.S. .. . By thye way., .. you had better check that system for CHILD PORN since it has something to do with the FBI. .. . .. Just sayin'.
edit on 13-5-2013 by ShadellacZumbrum because: (no reason given)
reply to post by winofiend
Here is my hijackthis log if you can help that would be great.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:44:06 AM, on 5/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
FIREFOX: 11.0 (en-US)
Boot mode: Safe mode
Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Chris Montez\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = g.msn.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - [bf7380fa-e3b4-4db2-af3e-9d8783a45bfc] - (no file)
R3 - URLSearchHook: (no name) - [7473b6bd-4691-4744-a82b-7854eb3d70b6] - (no file)
O2 - BHO: AcroIEHelperStub - [18DF081C-E8AD-4283-A596-FA578C2EBDC3] - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - [53707962-6F74-2D53-2644-206D7942484F] - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - [761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - [8D10F6C4-0E01-4BD4-8601-11AC1FDF8126] - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - [DBC80044-A445-435b-BC74-9C25C1C588A9] - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - [E76FD755-C1BA-4DCB-9F13-99BD91223ADE] - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - [219C3416-8CB2-491a-A3C7-D9FCDDC9D600] - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - [219C3416-8CB2-491a-A3C7-D9FCDDC9D600] - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - [25510184-5A38-4A99-B273-DCA8EEF6CD08] - C:\Program Files (x86)\Hewlett-Packard\HP Suppor
Here is my hijackthis log if you can help that would be great.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:44:06 AM, on 5/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
FIREFOX: 11.0 (en-US)
Boot mode: Safe mode
Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Chris Montez\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = g.msn.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - [bf7380fa-e3b4-4db2-af3e-9d8783a45bfc] - (no file)
R3 - URLSearchHook: (no name) - [7473b6bd-4691-4744-a82b-7854eb3d70b6] - (no file)
O2 - BHO: AcroIEHelperStub - [18DF081C-E8AD-4283-A596-FA578C2EBDC3] - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - [53707962-6F74-2D53-2644-206D7942484F] - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - [761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - [8D10F6C4-0E01-4BD4-8601-11AC1FDF8126] - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - [DBC80044-A445-435b-BC74-9C25C1C588A9] - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - [E76FD755-C1BA-4DCB-9F13-99BD91223ADE] - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - [219C3416-8CB2-491a-A3C7-D9FCDDC9D600] - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - [219C3416-8CB2-491a-A3C7-D9FCDDC9D600] - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - [25510184-5A38-4A99-B273-DCA8EEF6CD08] - C:\Program Files (x86)\Hewlett-Packard\HP Suppor
I am running MBAM right now If I find anything I will let you know.
Originally posted by ShadellacZumbrum
reply to post by samlf3rd
If you can get Windows or safe mode to load hit the CRTL-ALT-DEL to open the task manager. Have a look at the processes. Look for anything that doesn't make sense like files with numbers.exe or a combination of letters and numbers.exe.
Then do a search on your system for that file name. But just because you are able to find that file and delete does not mean that you will kill the issue.
If you really want to do it effortlessly .. Download COMBOFIX.exe from Bleeping Computers. com
About 5-10 minutes later you will be good to go and everything will be clean.
Keep in mind that allot of times antivirus programs do not work so well if you have a virus before you install the anti-virus.
P.S. .. . By thye way., .. you had better check that system for CHILD PORN since it has something to do with the FBI. .. . .. Just sayin'.edit on 13-5-2013 by ShadellacZumbrum because: (no reason given)
He had so much porn in there it was crazy. I told him to just watch a stream-who the hell downloads porn? No bad porn though, I deleted every last bit of it.
new topics
-
Just learned a really helpful trick for internet searches
Computer Help: 5 hours ago -
Not off to a good start
General Chit Chat: 7 hours ago
top topics
-
If they can see...they can read!!
Rant: 14 hours ago, 7 flags -
Not off to a good start
General Chit Chat: 7 hours ago, 5 flags -
Just learned a really helpful trick for internet searches
Computer Help: 5 hours ago, 4 flags
active topics
-
Vehicle Strikes people in New Orleans
Mainstream News • 264 • : atsalex2 -
The Hand that Rocks the Cradle - Labour Plans “diversities of our society” Curriculum Change
Regional Politics • 18 • : onestonemonkey -
Not off to a good start
General Chit Chat • 14 • : visitedbythem -
The C.D.C. Says There Was NO INFLUENZA Worth Reporting for the 2020-2021 Flu Season.
Diseases and Pandemics • 92 • : BedevereTheWise -
Maybe they didn't get away with it: The Lincoln-Kennedy assassination parallels. 7 sentences long.
History • 12 • : Solvedit -
Just learned a really helpful trick for internet searches
Computer Help • 7 • : Cvastar -
Simulation theory and have we reset before like a game?
Conspiracies in Religions • 42 • : crayzeed -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7978 • : underpass61 -
DONALD J. TRUMP - TIME's Most Extraordinary Person of the Year 2024.
Mainstream News • 45 • : WeMustCare -
Tesla Cybertruck Explodes in Front of Trump Hotel in Las Vegas
Mainstream News • 82 • : WeMustCare