Free Malware Removal Forum

[elle]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:28 AM, on 12/15/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINNT\system32\mdm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar5.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar5.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINNT\system32\mdm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINNT\system32\mdm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [Windows Networking Monitoring] C:\WINNT\system32\mdm.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com ... hcImpl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://imagelab.bestbuy.ca/en/ulcontrol.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activ ... .0.0.9.cab?
O20 - AppInit_DLLs:
O23 - Service: 57640 - Unknown owner - \\24.85.248.207\Admin$\eraseme_56680.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINNT\system\NOTEPAD.exe (file missing)
O23 - Service: PSEXESVC - Unknown owner - C:\WINNT\System32\PSEXESVC.EXE (file missing)
O23 - Service: ptssvc - Unknown owner - D:\My Pictures\Kodak\Kodak EasyShare software\bin\ptssvc.exe (file missing)

--
End of file - 5768 bytes

[askey127]

Hi elle,
Sorry for the delay. We have been extremely busy.
-------------------------------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.
First step:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the older version 1.4, Click on Exit Spybot S&D Resident
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.

Second step, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident (shows a red/white shield).
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

-----------------------------------------------------------
Stop A Process
Close ALL open windows. Use Ctrl-Alt-Delete together and choose to bring up the task manager.
Under the processes tab, if it is visible, check the box 'Show processes from all users'.
Highlight each of these that are listed (there could be more than one) and "End Process":
mdm.exe

-----------------------------------------------------------
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath.
Copy and paste this filepath:

C:\WINNT\system32\mdm.exe

Then hit Submit or Upload, depending on the scanner.
The scan will take a while before the result comes up so please be patient.
Then copy and/or save the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html
or virus.org here: http://scanner.virus.org/
----------------------------------------------------------
Download and Install CCleaner

• Download CCleaner from here Choose the "Slim" version.
• Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
• Click OK
• Click Next
• Click I agree
• Click Next
• Click Install
• Once the installation has finished, click Finish

-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

Please post back with the Jotti result, and the contents of Install.txt from CCleaner.
askey127

[elle]

Thanks askey127. Here are the results of the 1. Jotti scan and 2. CCleaner. I await your response.

Cheers,
elle
------------------------------
File: mdm.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 19e459afc138a06dea4839a5a2c6cd12
Packers detected: -
Bit9 reports: File not found

Scan taken on 21 Dec 2007 02:51:18 (GMT)
A-Squared Found nothing
AntiVir Found WORM/IrcBot.53248.16
ArcaVir Found Trojan.Ircbot.Avc
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found BackDoor.W32.IRCBot.avc
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.IRCBot.avc
Fortinet Found W32/IRCBot.AVC!tr.bdr
Ikarus Found Backdoor.Win32.IRCBot.avc
Kaspersky Anti-Virus Found Backdoor.Win32.IRCBot.avc
NOD32 Found a variant of Win32/Injector.G
Norman Virus Control Found nothing
Panda Antivirus Found W32/Rxbot.SA.worm
Rising Antivirus Found Backdoor.Win32.SdBot.qpw
Sophos Antivirus Found Mal/Behav-169
VirusBuster Found nothing
VBA32 Found nothing
Zoner Antivirus Found nothing

---------------------------
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
CardRd81
CCleaner (remove only)
CCScore
CR2
DirectX 9 Hotfix - KB839643
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
HLPIndex
HLPPDOCK
HLPSFO
Kodak EasyShare software
KSU
McAfee Firewall
McAfee VirusScan Professional Edition
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1
Microsoft Office 2000 SR-1 Premium
Microsoft VGX Q833989
Notifier
OfotoXMI
OTtBP
OTtBPSDK
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
Spybot - Search & Destroy
SpywareBlaster v3.5.1
VPRINTOL
WebFldrs
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB824141
Windows 2000 Hotfix - KB824146
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828028
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841356
Windows 2000 Hotfix - KB841533
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB871250
Windows 2000 Hotfix - KB873333
Windows 2000 Hotfix - KB873339
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB885250
Windows 2000 Hotfix - KB885835
Windows 2000 Hotfix - KB885836
Windows 2000 Hotfix - KB888113
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890047
Windows 2000 Hotfix - KB890175
Windows 2000 Hotfix - KB890859
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB891711
Windows 2000 Hotfix - KB891781
Windows 2000 Hotfix - KB893066
Windows 2000 Hotfix - KB893086
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix (Pre-SP4) [See Q322842 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q322913 for more information]
Windows 2000 Hotfix (Pre-SP4) [See q323172 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q324096 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q324380 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q326830 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q326886 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q327269 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q328523 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q329115 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q329834 for more information]
Windows 2000 Hotfix (Pre-SP4) Q328310
Windows 2000 Hotfix (Pre-SP4) Q329170
Windows 2000 Hotfix (Pre-SP4) Q331953
Windows 2000 Hotfix (Pre-SP4) Q810833
Windows 2000 Hotfix (SP4) KB810217
Windows 2000 Hotfix (SP4) KB817606
Windows 2000 Hotfix (SP4) KB822679
Windows 2000 Hotfix (SP4) Q329553
Windows 2000 Hotfix (SP4) Q811493
Windows 2000 Hotfix (SP4) Q814033
Windows 2000 Hotfix (SP4) Q815021
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
WinZip
WIRELESS

[askey127]

elle,
Unfortunately, the Jotti scan has confirmed that you have an infection called Backdoor.Win32.IRCBot.avc ,, which is quite dangerous.
This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
You are strongly advised to do the following immediately:

• Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
• Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
• Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet. (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

If you do not have the resources to reinstall your Windows Operating System and would like me to attempt to clean your machine, I will be happy to do so. This is your choice to make.
The following articles may be of assistance in your decision:

• Danger: Remote Access Trojans.
• When should I re-format? How should I reinstall?
• How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

Should you have any questions, please feel free to ask.
========================================================
If you decide you want me to try and clean your machine, please proceed as follows:
-----------------------------------------------------------
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to a folder named \SDFix\ located in the system drive.
(typically it will be C:\SDFix\)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally, paste the contents of the Report.txt in a reply, along with a new HijackThis log

askey127

[elle]

Thanks... I'm not surprised... I actually just got a new PC, so I guess that solves my problem. But can you tell me what is the best way to protect my new PC against malware?

[askey127]

elle,
Sure. You asked.

• Set the machine to receive Windows updates automatically.
• When you use the machine routinely, sign in to a limited account instead of an administrator account.
• Install ONE antivirus. Don't go onto the Internet at all without one, and don't allow there to be TWO of them. Make sure it is always up to date, or if not, get a new one immediately.
• Install an AntiSpyware application (these can co-exist with an antivirus) like Sunbelt CounterSpy
  http://www.sunbelt-software.com/Home-Ho ... ounterSpy/
  OR
  AVG AntiSpyware
  http://free.grisoft.com/doc/download-fr ... e/us/frt/0
• Don't use Peer to Peer file sharing programs like Limewire, Morpheus, or Azurea.
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
  After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
• Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
  - WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.
• Don't open links (the underlined internet locations) in any e-mails , unless you are expecting them. Seeing something coming from a sender you recognize is NOT ENOUGH. Malware purveyors steal mailing lists all the time and can masquerade as one of your "buddies". Save all attachments prior to opening, and right click to scan with your antivirus first.

------------------------------------------
Install a third party firewall like Comodo or Sunbelt Kerio
http://www.sunbelt-software.com/Home-Ho ... -Firewall/
(the paid Kerio firewall is better than the free one)
OR Comodo
http://www.personalfirewall.comodo.com/
------------------------------------------
Last but not least, install a HOSTS file.
My instruction to do that is here:

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, just HOSTS (no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Whatever list your HOSTS file has will be used by your browser. You can open the HOSTS file with Notepad and look at it.
In Windows XP, it is located in this folder ==> C:\Windows\System32\Drivers\etc\

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:

Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK

Download BlueTack's HOSTS Manager here, using Internet Explorer:
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=5
A short distance down the page in the center, click on the Download button.
Agree to the license.
On the next page, to the right side of where it says "Download Estimates, right click on the underlined word "Hosts Manager" choose "Save Target As" and download the installer Hosts20setup.exe to your desktop.
Double click the Installer on your desktop and let it Install the Hosts Manager

After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the Hosts Switch icon).
When the manager comes up, got to the left pane, click Download.
It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then Save.
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.

If you have a firewall, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
------------------------------------------------------------------------------------------------------------
If you are interested, extra information about HOSTS files :
Read an excellent tutorial about HOSTS files (the Bluetack version) here:
http://www.bluetack.co.uk/forums/index.php?showtopic=8406

There is a very detailed resource for those wanting to spend more time reading up, or to have as a reference:
http://www.bluetack.co.uk/forums/index.php?showtopic=8337

You can see another HOSTS file tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
and choose to manually download and install the MVPS HOSTS File instead of using the BlueTack HOSTS.
The BlueTack version (80k+ entries) is more aggressive than the mvps (12k + entries), and targets adware sites as well as more dangerous ones.

askey127

[NonSuch]

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.