MntDrCore.exe is a worm. It spread via removable drives, including floppy drives and USB keys. It creates an autorun.inf which is designed to start the worm once the removable drive is connected to an uninfected computer. Disable auto run in your computers. Even though the autorun is disabled it can infect the computer by double clicking the drive icon or by opening the drive content using right click & open option. Hence it is advisable to right click and exploring the drive in order to mitigate the risk.

MntDrCore.exe copies it self to %systemroot%\system32 with a name of isass.exe. There is an original system file which is also with the name lsass.exe. But isass.exe is a fake one. You can see it in the task manager as system process. It is not recommend delete the file listed above manually as this malware can use the same name as the genuine file and you could accidentally delete the genuine one.

You can use a tool or antivirus software to remove the file.



Symantec nam allanne na! If you want to try ur AV n post...

Download the virus... - unrar - password 123 (http://www.speedyshare.com/614695326.html)

ahh KIS 6 eken aluwa :P

mntdrcore.exe is seen on abt 70% of SL's comps. It can be removed manually no need of anti virus software you can stop spreading all orms,trojans..etc that spread by autorun by doing the following,
1. load up cmd.exe
2. goto the removable's root
3. type "attrib"
4. just remove the unwanted attributes of unknown files(kill_vbs.vbs, ms32dll.dll.vbs,mntdrcore.exe,autorun.inf) by using "attrib <filename> -R -S -H"
5. now delete the file[its showing in the explorer now]

ahh KIS 6 eken aluwa :P

kaspersky ne? mamath danna ona! 7 eka banna thanak nadda?

mntdrcore.exe is seen on abt 70% of SL's comps. It can be removed manually no need of anti virus software you can stop spreading all orms,trojans..etc that spread by autorun by doing the following,
1. load up cmd.exe
2. goto the removable's root
3. type "attrib"
4. just remove the unwanted attributes of unknown files(kill_vbs.vbs, ms32dll.dll.vbs,mntdrcore.exe,autorun.inf) by using "attrib <filename> -R -S -H"
5. now delete the file[its showing in the explorer now]

thnx lolZ! but if the av takes care it's easier ne........ ;)

AVG th allanawalu! eaka dala balanna ona! kaspersky dammama slow wenawa kiyala forum wala thiyenawa!

kaspersky ne? mamath danna ona! 7 eka banna thanak nadda?
ow ban 7 newi habi 6 eka :yes: :yes:

ow ban 7 newi habi 6 eka :yes: :yes:
7 detected in my virtual pc.

7 detected in my virtual pc.
nod32 nt detected da :eek: :eek:

thx 4 the info;)

Symantec nam allanne na! If you want to try ur AV n post...

Download the virus... - unrar - password 123 (http://www.speedyshare.com/614695326.html)


I had NORTON IS 2006 and now using 2007.Virus detected in Both.:yes:

Avast hora wa alluwaaaaa..YIPPEEEEEEEE

I had NORTON IS 2006 and now using 2007.Virus detected in Both.:yes:

really? oh! Symantec didn't detect! eventhough I right clicked on the virus file n scanned! AVG did! Thumbs up to it!

Don't know

Avast hora wa alluwaaaaa..YIPPEEEEEEEE
athi yanthan :P :lol: :lol: :lol: :lol:

Mcafee tiyenne. up to date. meken ahuveida?

Mcafee tiyenne. up to date. meken ahuveida?

allala balanna ahuwenawada kiyala:lol:

really? oh! Symantec didn't detect! eventhough I right clicked on the virus file n scanned! AVG did! Thumbs up to it!

http://img508.imageshack.us/img508/7586/vv3oh3.jpg

Details about virus in NORTON IS 2007.

evry antivirus dat uses byte checkin libraries suk ! i knw dem evn da best fails wher they meet a new one they fail we're not that nutty to give sum dumb prog access da net n download its too nutty as i see it; nyway othrs think its da best way we hav n i say NO....use zonealarm i use it havnt met a btr prog for lock stuf up and the taskmanager at www.sysinternals.com its realli gud go there n see there're lots of utilities for removing viruses manually for me its fun but i use nod32 too jst incase
:P

AVG also detects this

I've heard that AVG can detect this. But unfortunately I don't have any AV software installed. I had to remove by hand.

http://www.sophos.com/security/analyses/w32sillyfdcaj.html

It's a suprise that no other major AV suppliers have this worm listed on their sites. None have manual removal instructions.

Does anyone know what this virus actually DOES????

I tested it in the virtual PC without any antivirus, but I can't seem to find anything abnormal that has happened :S (after that I tested several viruses, and the only virus that affected the virtual pc was the ctfmon.exe because it added to startup FOLDER. I could easily remove it though. :)

I've heard that AVG can detect this. But unfortunately I don't have any AV software installed. I had to remove by hand.

http://www.sophos.com/security/analyses/w32sillyfdcaj.html

It's a suprise that no other major AV suppliers have this worm listed on their sites. None have manual removal instructions.
BTW, are you not using any antivirus software in Windows? :shocked:

Does anyone know what this virus actually DOES????

I tested it in the virtual PC without any antivirus, but I can't seem to find anything abnormal that has happened :S (after that I tested several viruses, and the only virus that affected the virtual pc was the ctfmon.exe because it added to startup FOLDER. I could easily remove it though. :)

AFAIK it just copies itself to any usb flash drive inserted to an infected computer and now if you open the usb drive in a clean computer, it will be infected. It just seems to like being present in as many computers it can. It didn't give any abnormal results to me. But it did prevent me from viewing hidden system files such as it's autorun.inf

Might be due to this as per Sophos:

W32/SillyFDC-AJ also sets the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\SuperHidden
UncheckedValue
0


Also it runs on startup as "isass.exe" (not lsass.exe).

BTW, are you not using any antivirus software in Windows? :shocked:

I'm used to remove virus manually. :lol:
Normally symantec gives manual removal instructions for major threats on their site. I was suprised that there was no entry for this. (might be due to this worm is "low threat")
I was lost untill I found the sophos entry. It worked. :)

Since I don't have any AV (actually you don't need one if you can manage you system) I've disabled autorun for removable drives (is it disabled by default in XP service pack 2 :confused:). Also my usb flash drives have custom made autoruns with icons of my choice. So if a virus/worm overwrites my flash drive autorun.inf then I'll not see my icon displayed when plugged to my comp, instead the default removable drive icon will be displayed. So I can guess something fishy has happened. That simple thing seems enough for me to keep usb propagating viruses away from my comp. :yes:

After running the exe, I could still view the hidden files and hidden OS protected system files (super hidden files). Guess I wasn't infected. That means, limited user account in Vista (maybe XP too) does a good job at preventing malicious activities. :)

I'm used to remove virus manually. :lol:
Normally symantec gives manual removal instructions for major threats on their site. I was suprised that there was no entry for this. (might be due to this worm is "low threat")
I was lost untill I found the sophos entry. It worked. :)

Since I don't have any AV (actually you don't need one if you can manage you system) I've disabled autorun for removable drives (is it disabled by default in XP service pack 2 :confused:). Also my usb flash drives have custom made autoruns with icons of my choice. So if a virus/worm overwrites my flash drive autorun.inf then I'll not see my icon displayed when plugged to my comp, instead the default removable drive icon will be displayed. So I can guess something fishy has happened. That simple thing seems enough for me to keep usb propagating viruses away from my comp. :yes:
Right now I'm not using a virus guard either. :shocked:

But I'm running myself as a limited user. I have installed all the software I need to install (while I had NOD32 installed) and there is no need for any new softwares. Besides, I download almost all my software from private torrent sites, which are very strict on malicious software. :)

Vista doesn't execute the autorun.inf automatically. It has its own auto play window and it asks whether I want to execute what's in the autorun.inf or whether perform generic activities like explore the drive, view photos, play music etc. So there is no need to turn off autorun in Vista :)

However, I might install BitDefender (but not with realtime protection) once they release the final version of BitDefender Total Security 11 (which is the 2nd full native 64bit virus guard I have come across :D)

After running the exe, I could still view the hidden files and hidden OS protected system files (super hidden files). Guess I wasn't infected. That means, limited user account in Vista (maybe XP too) does a good job at preventing malicious activities. :)

If you have the isass.exe in your startup list then you are infected. It seems your comp is not infected :)

Maybe using a limited account could help. (Can you install programs with the vista limited account):lol:

Even we create a user account in linux and use it instead of root, sadly on windows most (including me) don't follow that safety step. I'm used to an account with admin priveledges in windows, If I go limited I'll dearly miss the ability to terminate processes at will and install programs as I want.

Vista doesn't execute the autorun.inf automatically. It has its own auto play window and it asks whether I want to execute what's in the autorun.inf or whether perform generic activities like explore the drive, view photos, play music etc. So there is no need to turn off autorun in Vista :)


That's a cool feature, you are making me desire vista :P
In xp the autorun menu will popup if you don't disable autorun and ask for choice, but I think it doesn't bypass the autorun.inf contents.

If you have the isass.exe in your startup list then you are infected. It seems your comp is not infected :)

Maybe using a limited account could help. (Can you install programs with the vista limited account):lol:

Even we create a user account in linux and use it instead of root, sadly on windows most (including me) don't follow that safety step. I'm used to an account with admin priveledges in windows, If I go limited I'll dearly miss the ability to terminate processes at will and install programs as I want.
Yes, you can install software with limited user account. But this is where we have to trust the provider of the software. It asks for the admin password when you install softwares. If the setups are downloaded from the original sofware manufacturer or private bittorrent communities, I think it is safe to run them as admin.

Amazingly it didn't ask for the admin level privileges while running the virus (I tested three more viruses too, and none of them asked). Hence they couldn't do any harm. I think the UAC of Vista is more than just a privilege extender.

That's a cool feature, you are making me desire vista :P
In xp the autorun menu will popup if you don't disable autorun and ask for choice, but I think it doesn't bypass the autorun.inf contents.
Yes, there are small small things normal people don't notice in Vista. They always want to see the big changes, which might not even matter to most. (eg: Windows Media Center :D)

Right now I'm not using a virus guard either. :shocked:

However, I might install BitDefender (but not with realtime protection) once they release the final version of BitDefender Total Security 11 (which is the 2nd full native 64bit virus guard I have come across :D)

My case, I have ZoneAlarm as the firewall, also PeerGuardian to block incoming IPs, It's a good supplement for utorrent's ip banning feature (in case of torrents) Also there is the router firewall. So even if a virus/worm bypass ZoneAlarm it might not be able to take the router firewall.

The only program which is allowed port forwarding is utorrent. But I can't get why irc works on opera even irc protocol use a different set of ports than http. :confused:

My case, I have ZoneAlarm as the firewall, also PeerGuardian to block incoming IPs, It's a good supplement for utorrent's ip banning feature (in case of torrents) Also there is the router firewall. So even if a virus/worm bypass ZoneAlarm it might not be able to take the router firewall.

The only program which is allowed port forwarding is utorrent. But I can't get why irc works on opera even irc protocol use a different set of ports than http. :confused:
What does PeerGuardian do? Torrent-damage has blocked certain Sir Lankan IPs and I can't log in at times. Can I use this software to overcome it?

BTW, I'm using the plain Windows Firewall with Windows Defender. Maybe not the strongest of software out there, but they should do a very good job coupled with UAC and their native support for each other. I wished OneCare was a better product. It doesn't detect these viruses. :(

Yes, there are small small things normal people don't notice in Vista. They always want to see the big changes, which might not even matter to most. (eg: Windows Media Center :D)
Windows Media Center !! :shocked:
That's not what an OS should do.

I've seen that the Steve Jobs guy was speaking about bringing computers to the living room (aka replace your TVs,DVD players,MP3 players maybe your phone) That might be good if you have a reducto mentality. Only one piece of hardware does it all. But I'll like a computer to be a computer not a TV cum DVD player setup mega system suitable only for the International Space Station, where you are serious about conserving space for much valuble things.

ADO KES6 eken allanawa sure....
:) :) :love:

thanx for the in4..:yes: :yes:

ADO KES6 eken allanawa sure....
:) :) :love:
Aiyo, aparaade :P

What does PeerGuardian do? Torrent-damage has blocked certain Sir Lankan IPs and I can't log in at times. Can I use this software to overcome it?


http://phoenixlabs.org/pg2/

Peer Guardian is used to block incoming IPs and Ports, This is useful in case of hash fails in torrents (I use public trackers :( ). You can ban IPs responsible for hash fails. Even utorrent bans IPs it's only for that specific torrent. They will return for another torrent and utorrent starts the process all again. (6 hashfails--- ban). That's the primary use I have from PeerGuardian.

I don't think it could help to overcome the SriLankan IP ban by Torrent-Damage, coz the IPs are banned by the tracker. I'd like to see true anon bittorrent, but that might not work with private trackers :(

Besides, I download almost all my software from private torrent sites, which are very strict on malicious software. :)


:shocked: Do you really seed ! :confused:

Yes, you can install software with limited user account. But this is where we have to trust the provider of the software. It asks for the admin password when you install softwares. If the setups are downloaded from the original sofware manufacturer or private bittorrent communities, I think it is safe to run them as admin.

Amazingly it didn't ask for the admin level privileges while running the virus (I tested three more viruses too, and none of them asked). Hence they couldn't do any harm. I think the UAC of Vista is more than just a privilege extender.

That's great, using the admin password instead of logging as admin. But I see this as a feature copied from linux. :lol:

I agree that this is a step in the correct direction, If I decide to install vista (now I may do sooner) I think I'll be comfortable with the limited account if it alows admin priveledges at the prompt for password :yes:. That's a big change from using the XP admin priveledged account for everyday tasks.

Does it really matter? :D

That's great, using the admin password instead of logging as admin. But I see this as a feature copied from linux. :lol:

I agree that this is a step in the correct direction, If I decide to install vista (now I may do sooner) I think I'll be comfortable with the limited account if it alows admin priveledges at the prompt for password :yes:. That's a big change from using the XP admin priveledged account for everyday tasks.
Well, asking for the Admin password for admin level tasks maybe copied from Linux, but the concept of UAC is far greater IMO. If you really wanna look into how UAC works, check this video out: http://download.microsoft.com/download/d/b/e/dbe03433-2cee-4587-ae07-4af721e2b400/GoingDeep_UAC_Corio_Schwartz.wmv
(Huge file, but worth downloading if you on ADSL)

gataluwak naaa......... kaspersky does da job ..........

Cooooool Thx for da info....:)

NOD32 detect karanawa

That's great, using the admin password instead of logging as admin. But I see this as a feature copied from linux. :lol:

I agree that this is a step in the correct direction, If I decide to install vista (now I may do sooner) I think I'll be comfortable with the limited account if it alows admin priveledges at the prompt for password :yes:. That's a big change from using the XP admin priveledged account for everyday tasks.

ah good to see a slackware user; hehe. XP had that too remember run as for exe's but its only for running progams :P ...vista eh? patches upon patches better not to talk about it; tho i must say ms doesnt clear up those ...older registry entries in newer versions:p i found win 3.1 entries in xp:P...same as in the kernel..just gets bigger and bigger..its true that the kernel must grow but man it's growing space not functionality:P

and just a quick thingy that i found out long ago, windoz doesnt hav tru mutiuser support for that fast user switching thing, it only loads up the RAM. everything runs under winlogon.exe nothing is PAGED, NO IMAGES, NO SWAPPING...n they say they are low in RAM good for someone has 3 GBs of ram

Machan Kaspaski Walin Meka deleate wenawa machan,Thanks for the info

NOD32 detect karanawa
Welcome to EK machan Keep posting &have Fun with EK macho:yes: :yes:

KIS 7.0 detected that.... :yes: :yes: :yes: :yes:

KIs allanawa
macafee allanawa
nod allanawa
anith ewa mama dannaa

Symantic nam allanne naaaaaaaaaaaaaaaaaaaaaaaaa
(2006)

Well, asking for the Admin password for admin level tasks maybe copied from Linux, but the concept of UAC is far greater IMO. If you really wanna look into how UAC works, check this video out: http://download.microsoft.com/download/d/b/e/dbe03433-2cee-4587-ae07-4af721e2b400/GoingDeep_UAC_Corio_Schwartz.wmv
(Huge file, but worth downloading if you on ADSL)

Sure 500MB is too huge for my taste even on ADSL, I wonder what Microsoft has to demonostrate using such a huge "movie".
But I think I got the basic fact that somewhat better user management (user levels and security) system is implemented on vista, which is not found on win xp.
If I feel very bored (not likely too soon) I'll download that video and see what microsoft has to say. Thanks for the link. :D

ah good to see a slackware user; hehe. XP had that too remember run as for exe's but its only for running progams :P ...vista eh? patches upon patches better not to talk about it; tho i must say ms doesnt clear up those ...older registry entries in newer versions:p i found win 3.1 entries in xp:P...same as in the kernel..just gets bigger and bigger..its true that the kernel must grow but man it's growing space not functionality:P

and just a quick thingy that i found out long ago, windoz doesnt hav tru mutiuser support for that fast user switching thing, it only loads up the RAM. everything runs under winlogon.exe nothing is PAGED, NO IMAGES, NO SWAPPING...n they say they are low in RAM good for someone has 3 GBs of ram

I see your userbar states you as a ubuntu and fedora user, nice to see Linux users around EK :) :) :) :)

Windows has it's problems, mostly arising due to their development practices, Their first foray into OS market is through DOS (not a product built from scratch by Microsoft) then they used it as a foundation for the Windows series, using the previous OS as a base for the next. They are limited by the capacities of their basic OS whic is DOS, but has improved dramatically over the years. (can you try to compare DOS to vista)
DOS was single user OS, so you have to build multiuser features on later OSes, Windows is not used on a serious multiuser environment just because of it's shortcomings.

I think the old reg entries must be due to DOS age programs like telnet.

I'm critical of Microsoft software but I'll not try to bash them without reason, so you may find that above comments on Windows is too light hearted :lol:

Now on to the linux kernel (If the kernel you speak about is it :lol:), Linux is based on UNIX which is truly multiuser unlike DOS(only experience I have with UNIX is trying to ping it through telnet on Windows and trying to do hopeless editing tasks in vi :( )
The linux kernel is constantly being developed to suit latest technologies and hardware. That's the reason for the kernel to increase in size. It's not without good reason since people use various hardware configurations, like PATA or SATA, single core or multicore processor, different filesystems and even RAID arrays! All these must be accomodated by the kernel. It increases in size and exponently increase in functionality. :)

The linux kernel is modular, that is hardware support and functionalites are built on to it as modules, You can add new modules and remove unwanted modules from the kernel. That means you can modify the kernel to remove unwanted features and to add features you need. [rebuilding the kernel] This greatly enchances the performance and decrease the boot time. Also reduce the kernel size.

The size of kernel becomes a major problem only when you create a distro. Let's take Fedora(RedHat), this distro is used in RAID arrays as well as on a normal user's desktop, also it might end up on a busyman's laptop. The Fedora developers don't know where their distro might end up, so they will have to make sure their kernel supports all the above hardware configurations.
Let's take a desktop user, He finds that his fat kernel checks for raid even it's not at all reasonable for a desktop, Let's say he also doesn't have a broadband connection and has no intention of getting one, so he will find Fedora checking for DHCP useless. All the above increases his boot time. He will be better off with a kernel which have raid ethernet etc disabled.

I got a nasty suprise sometimes ago when I installed the linux distro Zenwalk, on my laptop, It's kernel didn't load ACPI! and I had no way of monitoring my fan or battery. :shocked:

You will find that distros today ship with a very fat kernel or a collection of kernels suited for various environemnts. You can reduce the size of the kernel used, also increase performance and lessen boottime if you rebuild the kernel just to suit your machine.
On Slackware you are encouraged to rebuild the kernel (even you are a newbie to linux :shocked:). I had to do just that (first time I did that) to make slackware work with my laptop. I must say that it actually reduced boot time and increased performance, also I have all those cool monitoring tools unique to laptops working perfectly.

If you have tried installing official drivers for a nvidia vga card on linux, you may have some experience with kernel rebuilding. :yes:

This post has gone too long :lol: But I'll recommend you try rebuilding the kernel if you have some experience with linux, you will not regret the experience you'll get. Kinda makes you geekish :P

I went through all the posts under this topic, but non describe how to remove the virus properly. :(

To remove MntDrCore.exe from your system, just deleting the files is not enough. Virus can exist in some other places also.

This blog shows you how to neutralize and remove MntDrCore.exe from your system manually and protect your system from similar types of attacks.

http://neo-code.blogspot.com/ :D :D

I went through all the posts under this topic, but non describe how to remove the virus properly.

To remove MntDrCore.exe from your system, just deleting the files is not enough. Virus can exist in some other places also.

This blog shows you how to neutralize and remove MntDrCore.exe from your system manually and protect your system from similar types of attacks.

http://neo-code.blogspot.com/

ela ela

Symantec nam allanne na! If you want to try ur AV n post...

Download the virus... - unrar - password 123 (http://www.speedyshare.com/614695326.html)

To remove MntDrCore.exe from your system, just deleting the file in system32 is not enough. isass.exe can exists some other places also. Visit this link www.neo-code.blogspot.com.

Madura.8x plz explain me how to delet dat virus!!!
mata eka therenne!!! poddak kiyala denn plzzz......mage pc eketh oya magula thiyanava!!!
mala karadarayak!!!
pplzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

I went through all the posts under this topic, but non describe how to remove the virus properly. :(

To remove MntDrCore.exe from your system, just deleting the files is not enough. Virus can exist in some other places also.

This blog shows you how to neutralize and remove MntDrCore.exe from your system manually and protect your system from similar types of attacks.

http://neo-code.blogspot.com/ :D :D

Welcome to Elakiri Bro. . . .:D :D :D

Your blog post is great, If I had such instructions I would have saved myself from countless frustration. Only the sophos site post was a help. Not even symantec which normally provide manual removal instructions was any help.
I removed this worm using the sophos instructions :)

BTW this worm enables super hidden for system files, how can it be fixed? :eek:

AVG allanawaaaaa

Welcome to Elakiri Bro. . . .:D :D :D

BTW this worm enables super hidden for system files, how can it be fixed? :eek:

I’m not much sure about what you mean by supper hidden. But when this virus wanted to hide files, it makes them both “system” and “hidden”. So if you want to unhide these files you have to use “attrib” command with both –H and –S operators.

$> attrib –H –S [path to file]

Some times isass.exe related viruses disable the ability of the user to unhide files though windows explorer. If isass.exe is not running in the background in this situation, there might be another process.

Most of the times it starts with letter ‘c’. The only real system process start with letter ‘c’ is “csrss.exe”. Try killing all other process start with letter ‘c’.

I’m not much sure about what you mean by supper hidden. But when this virus wanted to hide files, it makes them both “system” and “hidden”. So if you want to unhide these files you have to use “attrib” command with both –H and –S operators.

$> attrib –H –S [path to file]

Some times isass.exe related viruses disable the ability of the user to unhide files though windows explorer. If isass.exe is not running in the background in this situation, there might be another process.

Most of the times it starts with letter ‘c’. The only real system process start with letter ‘c’ is “csrss.exe”. Try killing all other process start with letter ‘c’.

I'm sure there are no more instances of this worm on my computer. But I still can't view those files marked as system and hidden in explorer. I can unmark files set as system through the command line using attrib as you specified.
But still I can't view other system files in explorer.

As per sophos:

W32/SillyFDC-AJ also sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\SuperHidden
UncheckedValue
0

I think if I could reset this value, I'll get the ability to view files normally. Will I? :eek:

No you can't. By setting it to '0' you can keep "Hide system files option" unchecked. But that do not show files attributed by (attrib +H +S) command. :(

If you can’t view hidden system file in the usual way u used to do with explorer and you don’t need to use (Attrib –H –S), bcoz you want to keep change the attributes. (it dangerous to remove system attribute of your system files).

Try this method.

1. Go to folder options and select show hidden files.
2. Open regedit and go to HKEY_CURRENT_USER\Software\Mocrosoft\Windows\Curre ntVersion\explorer\advanced
3. Change the value of ‘SuperHidden’ to 0
4. Change the value of ‘ShowSuperHidden’ to 1

Done
:D

If you can’t view hidden system file in the usual way u used to do with explorer and you don’t need to use (Attrib –H –S), bcoz you want to keep change the attributes. (it dangerous to remove system attribute of your system files).

Try this method.

1. Go to folder options and select show hidden files.
2. Open regedit and go to HKEY_CURRENT_USER\Software\Mocrosoft\Windows\Curre ntVersion\explorer\advanced
3. Change the value of ‘SuperHidden’ to 0
4. Change the value of ‘ShowSuperHidden’ to 1

Done
:D

It worked! ! ! ! !

Thanks :D :D :yes:

USE THE KASPERSKY INTERNET SECURITY. IT GOT THE VIRUS. I Unrar the File Then Kasperesky got the virus