- Joined
- Sep 16, 2014
- Messages
- 349
Hello.
Today, I opened my computer that runs Windows 8.1 as OS.
When I opened it, I found an application icon removed and one moved, so I worried about it.
I'm good in PC, but this time it's something new for me.
I tried to check if I had a virus, so I began to run a scan with my Antivirus, then I opened my prompt to check the [drivers] files.
I wrote "system.ini", so the string became like this: C:\Windows\system.ini.
In the text file that opened up, I found this:
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
I searched a bit and I found that "timer=timer.drv" is a spyware, that takes your informations by a keylogger, like the known rootkit.
Someone said that this is malicious, but other say that this could be safe.
I'm very good, but this time I'm asking help because this is something new for me.
I posted this thread on other forums, too, to get some help from other people, too.
Could you help me?
Did this happen to you, too?
How could I remove it, if this is malicious?
Thanks,
Bishop.
Today, I opened my computer that runs Windows 8.1 as OS.
When I opened it, I found an application icon removed and one moved, so I worried about it.
I'm good in PC, but this time it's something new for me.
I tried to check if I had a virus, so I began to run a scan with my Antivirus, then I opened my prompt to check the [drivers] files.
I wrote "system.ini", so the string became like this: C:\Windows\system.ini.
In the text file that opened up, I found this:
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
I searched a bit and I found that "timer=timer.drv" is a spyware, that takes your informations by a keylogger, like the known rootkit.
Someone said that this is malicious, but other say that this could be safe.
I'm very good, but this time I'm asking help because this is something new for me.
I posted this thread on other forums, too, to get some help from other people, too.
Could you help me?
Did this happen to you, too?
How could I remove it, if this is malicious?
Thanks,
Bishop.