Help
This topic is locked
Now I remember. It was quarantined by McAfee. Should I redownload it? And if so, should I turn on McAfee?
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Unable to remove calc.dll and ntuser.dll web browser redirects to other sites
#31
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 19 November 2009 - 08:21 PM
Back to top
#32
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 19 November 2009 - 08:31 PM
If you have not run any of those steps (ComboFix uninstall and OTM cleaning) McAfee might have removed Combofix. Give me feedback about it and don't run Combofix until we are ready to do it.
#33
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 19 November 2009 - 08:33 PM
McAfee did remove it. I haven't run either step.
#34
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 19 November 2009 - 08:34 PM
Sorry I missed your post.
Disable McAfee auto protection.
Download ComboFix from one of these locations and save it to your desktop:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Go to Start => Run => copy and paste next command in the field then hit enter:
ComboFix /Uninstall
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.
Disable McAfee auto protection.
Download ComboFix from one of these locations and save it to your desktop:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Go to Start => Run => copy and paste next command in the field then hit enter:
ComboFix /Uninstall
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.
#35
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 19 November 2009 - 08:42 PM
I did that. Nothing came up. (No log.) Just a msg that ComboFix was uninstalled.
#36
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 19 November 2009 - 08:45 PM
That is sufficient for us. I noticed you had no system restore. Now you should have one system restore. Please check to make sure of that.
Then disable McAfee, then download ComboFix and run it. Let's see if this time we get a log.
Then disable McAfee, then download ComboFix and run it. Let's see if this time we get a log.
#37
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 19 November 2009 - 08:47 PM
farbar, on Nov 19 2009, 08:45 PM, said:
That is sufficient for us. I noticed you had no system restore. Now you should have one system restore. Please check to make sure of that.
Then disable McAfee, then download ComboFix and run it. Let's see if this time we get a log.
Then disable McAfee, then download ComboFix and run it. Let's see if this time we get a log.
How do I make sure I have one?
#38
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 19 November 2009 - 08:55 PM
Go to Start =>All Programs => Accessories => System Tools => System Restore.
- The option "Restore my computer to an earlier point" should be checked.
- Click "Next".
- There should be one system restore listed.
- Close the window without clicking Next.
#39
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 19 November 2009 - 09:16 PM
The restore point is there, however I ran combofix again and still no long longer than this:
ComboFix 09-11-19.05 - Compaq_Owner 11/19/2009 20:53:46.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.481 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
The combofix ran ok, but after the reboot, it went into diskcheck for D: again and when it got to explorer, it never opened ComboFix again. If that prevents us from being able to install SP3, that's ok. I've taken up enough of your time today.
ComboFix 09-11-19.05 - Compaq_Owner 11/19/2009 20:53:46.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.481 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
The combofix ran ok, but after the reboot, it went into diskcheck for D: again and when it got to explorer, it never opened ComboFix again. If that prevents us from being able to install SP3, that's ok. I've taken up enough of your time today.
#40
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 19 November 2009 - 09:28 PM
I'm not sure what is preventing ComboFix from completing running.
I am going to see if others have seen this before. What do you have on the D drive?
If you wanted to stop it is okay with me. It is quite up to you.
It is too late here and I'm going to sleep.
I am going to see if others have seen this before. What do you have on the D drive?
If you wanted to stop it is okay with me. It is quite up to you.
It is too late here and I'm going to sleep.
#41
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 19 November 2009 - 09:34 PM
D: is my recovery partition and there is also a folder called Qoobox that was created today. It contains one folder called Quarintine and that contains one folder called D and in there is one file: Autorun.inf.vir
This can wait until another day. You have done enough for me today. Thanks again.
This can wait until another day. You have done enough for me today. Thanks again.
#42
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 19 November 2009 - 09:40 PM
That folder and and its content is made by ComboFix. Nothing to worry about.
I'll post a reply tomorrow.
I'll post a reply tomorrow.
#43
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 20 November 2009 - 06:34 AM
You you have the Windows installation CD? We can use it to check the integrity of the system files.
Have you recently performed a disk error check (chkdsk) to take care of the possible errors on the volume?
Have you recently performed a disk error check (chkdsk) to take care of the possible errors on the volume?
#44
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,811
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 20 November 2009 - 07:47 AM
You may download and apply User Profile Hive Cleanup and see if you still get hangup/freezing when you log off.
Tell me if you have a Windows installation CD. We need to check the integrity of the system files.
Also tell me if you have done a disk check recently (chkdsk) to check the volume for possible errors.
Tell me if you have a Windows installation CD. We need to check the integrity of the system files.
Also tell me if you have done a disk check recently (chkdsk) to check the volume for possible errors.
#45
- Member
-
- Group: Members
- Posts: 56
- Joined: 18-November 09
- Gender:Male
- Location:Northern VA
Posted 20 November 2009 - 02:57 PM
Thanks for the continued help. I haven't had a chance to try them yet and I won't be able to for another couple of the hours. But I have tried to do CHKDSK in the past and each time, after phase 2, I get a message that it is unable to complete the task. The way I am running it is to open My Computer, right-clicking on C: and going to Properties and then going to Tools and running it from there. Is there a better way to run it?
