yesterday i think i may have recieved a virus through my msn. i have no idea how to remove it. it has stopped my norton anti viras from working and my internet explorer and my system restore (it says [system restore has been turned off by group policy to turn it back on please contact your administrator] even tho i am an administrator) it wont let me download i hav a program called hijackthis or sumthing but i dont no how to use it. what can i do????????

i know there have been other posts like this but unfortunatly i dont understand what peopl meen in these plz can sum 1 help me and explain it to me carefully.
plz help me.
thanks.
ur my only hope.
:-]

i had the same problem. the virus is recieved through your contacts who also have the virus. once you get it, it automatically displays it to all your other contacts as if its a funny file or image.

what you'l have to do to get rid of it, is boot up windows in SAFE MODE (its one of the F keys at the top of the keyboard) and then run your virus scanners. If this doesnt help, try to get hold of a spyware remover (spybot search and destroy or windows spyware remover are good ) but if you cant download i dont know what else to suggest.

Hope this helps

_Fáté™_

ive tryed this and it still wont work thx anyway

Without having much to go on, i'd say you have the same trojan as in THIS (http://www.cbttechs.com/forums/index.php?) thread.

Go to the second page and follow the instructions given by sccsux. That should work ;). If it doesn't work, post back and we'll look in to it further :thumbsup:

tht takes me to a website but i dont know where to look for the thred which catogry is it in

:hihi: :hihi: Sorry grimdeath909 :hihi: :hihi:

That's the link to our forum, Wasn't trying to poach....Honest :suspect:

Clickety Click here (http://www.sheffieldforum.co.uk/showthread.php?s=&threadid=31896) for the real thread ;).

[EDIT] *Vidster slaps himself for not checking his link :hihi: *

i have looked at that post before but i dont seem to be able to do any of the stuff he did what is hijackthis for and how do i use it i have downloaded it but i dont understand plz help

Logfile of HijackThis v1.98.2
Scan saved at 18:22:33, on 15/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\mcsv.com
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lee\My Documents\stinger.exe
C:\DOCUME~1\Lee\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media59.fastclick.net/w/safepop.cgi?mid=50388&sid=8222&id=102700&len=87&c=24&nfcp=1&fp=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\mcsv.com
O1 - Hosts: 212.58.240.33 www.symantec.com
O1 - Hosts: 212.58.240.33 www.sophos.com
O1 - Hosts: 212.58.240.33 www.mcafee.com
O1 - Hosts: 212.58.240.33 www.viruslist.com
O1 - Hosts: 212.58.240.33 www.f-secure.com
O1 - Hosts: 212.58.240.33 www.avp.com
O1 - Hosts: 212.58.240.33 www.kaspersky.com
O1 - Hosts: 212.58.240.33 www.networkassociates.com
O1 - Hosts: 212.58.240.33 www.ca.com
O1 - Hosts: 212.58.240.33 www.my-etrust.com
O1 - Hosts: 212.58.240.33 www.nai.com
O1 - Hosts: 212.58.240.33 www.trendmicro.com
O1 - Hosts: 212.58.240.33 www.grisoft.com
O1 - Hosts: 212.58.240.33 securityresponse.symantec.com
O1 - Hosts: 212.58.240.33 symantec.com
O1 - Hosts: 212.58.240.33 sophos.com
O1 - Hosts: 212.58.240.33 mcafee.com
O1 - Hosts: 212.58.240.33 liveupdate.symantecliveupdate.com
O1 - Hosts: 212.58.240.33 viruslist.com
O1 - Hosts: 212.58.240.33 f-secure.com
O1 - Hosts: 212.58.240.33 kaspersky.com
O1 - Hosts: 212.58.240.33 kaspersky-labs.com
O1 - Hosts: 212.58.240.33 avp.com
O1 - Hosts: 212.58.240.33 networkassociates.com
O1 - Hosts: 212.58.240.33 ca.com
O1 - Hosts: 212.58.240.33 mast.mcafee.com
O1 - Hosts: 212.58.240.33 my-etrust.com
O1 - Hosts: 212.58.240.33 download.mcafee.com
O1 - Hosts: 212.58.240.33 dispatch.mcafee.com
O1 - Hosts: 212.58.240.33 secure.nai.com
O1 - Hosts: 212.58.240.33 nai.com
O1 - Hosts: 212.58.240.33 update.symantec.com
O1 - Hosts: 212.58.240.33 updates.symantec.com
O1 - Hosts: 212.58.240.33 us.mcafee.com
O1 - Hosts: 212.58.240.33 liveupdate.symantec.com
O1 - Hosts: 212.58.240.33 customer.symantec.com
O1 - Hosts: 212.58.240.33 rads.mcafee.com
O1 - Hosts: 212.58.240.33 trendmicro.com
O1 - Hosts: 212.58.240.33 grisoft.com
O1 - Hosts: 212.58.240.33 sandbox.norman.no
O1 - Hosts: 212.58.240.33 www.pandasoftware.com
O1 - Hosts: 212.58.240.33 uk.trendmicro-europe.com
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SDAv] C:\WINDOWS\svhost.exe
O4 - HKLM\..\Run: C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NDAv] C:\WINDOWS\system32\csnss.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScan\hpsjbmgr.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKCU\..\Run: [SDAv] C:\WINDOWS\svhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NDAv] C:\WINDOWS\system32\csnss.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41724607-D1CB-4B8B-B59B-E0BD228EA516}: NameServer = 205.188.146.145

hope that helps tht program found it what is it

Whooaaa there grimdeath909 ;)

I said to follow the instructions given by sccsux ;). You need to go to his site and install the removal tool, then run it.
If that doesn't work we'll look in to a HJT log :thumbsup:

[EDIT] I just had a quick look at your log and the removal tool WILL work ;)

right i hav down loaded the remouval tool and it has scaned my computer it seys i havnt got serflog but what could be messing up my pc?

OK....Try running the removal tool and Norton in safe mode.
Tap f8 repeatedly while restarting your computer. When the boot menu pop up, select safe mode. :)

It's strange that the tool didn't pick it up though :?


To have your HJT log checked, you will be better joining the forum in my sig. Then post your log in the relevant forum :).
Your log will be analysed much better there.

If not, there may be someone on here that will analyse your log. Just be careful what you remove!.

ok i will try tht soon im going for a bit ill b bak soon tho

it didnt work the vires just continued to close programs

Vidster,

Do you know how this trojan is transmitted?

If you can't download anything, you may be better joining the CbtTechs forum and posting your HJT log there ;).

You will more than likely loose all your extra toolbars (did you intend to have so many?), so make it clear if there are any you definitely don't want to loose.

Shout up if there is anything else you need to know :).

Originally posted by cgksheff
Vidster,

Do you know how this trojan is transmitted?

Well it looks like the one Fetish Fairy had, but i haven't had a proper look at the log yet.
The one FF had is transmitted through msn messenger (which i don't use anyway ;) ) but it is advisable to email all the people who use msn and get them to install the removal tool.

If grimdeath909 comes over and does need a removal tool, i'll post back in this thread the instructions on how to remove it anyway :).

thanks, vid.

Does this mean by recieving a file or picture on Messenger from someone? Not just by chatting?

Edit: I just did a quick google and there are a variety of worms spread mainly via pictures.

I wouldn't have a clue at the moment cgksheff, although i would have thought it would have to be an attachment of some kind :?.



I just had a thought for anyone else 'in the know'......Wouldn't Spybot S&D's Tea-Timer detect any of this worm/Trojans actions and try to alert you to registry changes ?

Originally posted by vidster
[EDIT] I just had a quick look at your log and the removal tool WILL work ;)


No it won't;)

The reason....?

I think this is a newer version of the same worm/virus (look @ the ammendments to the hosts file.... this one redirects to the BBC website IP addr).




I'm a little busy @ the moment so a quick and nasty temporary fix (which may, or may not, work).....


Edit your hosts file and delete the following entries:


212.58.240.33 www.symantec.com
212.58.240.33 www.sophos.com
212.58.240.33 www.mcafee.com
212.58.240.33 www.viruslist.com
212.58.240.33 www.f-secure.com
212.58.240.33 www.avp.com
212.58.240.33 www.kaspersky.com
212.58.240.33 www.networkassociates.com
212.58.240.33 www.ca.com
212.58.240.33 www.my-etrust.com
212.58.240.33 www.nai.com
212.58.240.33 www.trendmicro.com
212.58.240.33 www.grisoft.com
212.58.240.33 securityresponse.symantec.com
212.58.240.33 symantec.com
212.58.240.33 sophos.com
212.58.240.33 mcafee.com
212.58.240.33 liveupdate.symantecliveupdate.com
212.58.240.33 viruslist.com
212.58.240.33 f-secure.com
212.58.240.33 kaspersky.com
212.58.240.33 kaspersky-labs.com
212.58.240.33 avp.com
212.58.240.33 networkassociates.com
212.58.240.33 ca.com
212.58.240.33 mast.mcafee.com
212.58.240.33 my-etrust.com
212.58.240.33 download.mcafee.com
212.58.240.33 dispatch.mcafee.com
212.58.240.33 secure.nai.com
212.58.240.33 nai.com
212.58.240.33 update.symantec.com
212.58.240.33 updates.symantec.com
212.58.240.33 us.mcafee.com
212.58.240.33 liveupdate.symantec.com
212.58.240.33 customer.symantec.com
212.58.240.33 rads.mcafee.com
212.58.240.33 trendmicro.com
212.58.240.33 grisoft.com
212.58.240.33 sandbox.norman.no
212.58.240.33 www.pandasoftware.com
212.58.240.33 uk.trendmicro-europe.com

and then Save the file (but do not close it - this keeps it in use, so no other program can modify it).

Now close all instances of IE.

Then try an update of your AV and perform a full scan (using both your current scanner & one of the online scans - which you should now be able to reach)!



If this doesn't work, try the above again, in Safe Mode.

Originally posted by vidster
Wouldn't Spybot S&D's Tea-Timer detect any of this worm/Trojans actions and try to alert you to registry changes ?



It would certainly prevent any "important" changes to the reg (we have it running on all our Windows PCs that have a net facing IP.

Just as a hint: if you can still get online, it's sometimes worth running Trend Micro's online virus scanner as an alternative/addition to your normal antivirus software: http://housecall.trendmicro.com/en/start_corp.asp

Also, I had to clean up somebody's machine recently that was infected with over 150 viruses and trojans; it was running so sluggishly that I couldn't get anything at all to work on it. In the end, I discovered that by un-installing his anti-virus software (which seemed to be worse than useless anyway: it was an old version of F-Prot) suddenly everything worked much better and I could get enough done to be able to clean up what was on the machine. This is a potentially dangerous strategy but, hey, it worked for me!

Originally posted by DanSumption
Just as a hint: if you can still get online, it's sometimes worth running Trend Micro's online virus scanner as an alternative/addition to your normal antivirus software: http://housecall.trendmicro.com/en/start_corp.asp



Trend is one of the domains being blocked by the ammended hosts file.

Originally posted by sccsux
Trend is one of the domains being blocked by the ammended hosts file.

Presumably you can still open up the hosts file in notepad and remove the entry for Trend? Or does it lock the file?

Looks like someone got clever with this one then...

So far I'd agree with everything everyone's said... hadn't thought of keeping the hosts file open tbh... so thanks for that tip...

Originally posted by DanSumption
Presumably you can still open up the hosts file in notepad and remove the entry for Trend? Or does it lock the file?


Cough.
Edit your hosts file and delete the following entries:

Originally posted by cgksheff
Cough.

I'll take that as a yes then :)

i have been messing about with every online and downloadable virus detecter i can find it seems to b working.

wat i noticed is sumtimes i can catch the virus by pressing
ctrl + alt + delete as soon as i log on i hav managed this twice.
the first time i updated my virus remover (norton) and then it told mr to restart but wen it logged bak on the updates were gone and the virus was still there. im now trying a scan without restarting ill tell u my results
cya all l8r
:)

it seems to have deleted and destroyed
syflog.c or wateva
is tht good plz tell me as im afraid to restart yet.
:) :P :)

While you are able to access the security sites, i would run Panda Active Scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) and do a search on the worm. Hopefully you will find a security site at the top of the search page with a removal tool. Download it and reboot. If the worm pops up again you should be able to run the removal tool.
Infact i'd run the removal tool in safe mode anyway, just to make sure ;).

I know I might be pointing out the obvious here but you have turned system restore off haven't you? Only if you haven't the worm may come back if it's in there.

Originally posted by wendy
I know I might be pointing out the obvious here but you have turned system restore off haven't you? Only if you haven't the worm may come back if it's in there.


The worm/virus does this iteself when it first installs;)

Originally posted by sccsux
The worm/virus does this iteself when it first installs;)

I know it did with the one that Fetish Fairy had but they do differ and grimdeath hadn't said either way! Just a thought anyway. Hope you got sorted on this grimdeath.

Originally posted by wendy
grimdeath hadn't said either way!


Originally posted by grimdeath909
yesterday i think i may have recieved a virus....... it has stopped my ....... and my system restore (it says [system restore has been turned off by group policy to turn it back on please contact your administrator] even tho i am an administrator) ;)

:blush: :blush: Don't know how I missed that:blush:

Scratch that - yes I do have you seen the length of some of these posts! I obviously skimmed past that!:D