Help
This topic is locked
You can redownload the application here: http://www.winpcap.org/
You can simply test if Acer recovery is still accessible when booting the computer (it should show an option: press <key> to start Acer recovery).
However, if it shows up in disk management, you should be okay.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Jumped the gun running Combofix before finding this site TR/Hiloti.3 and TR/Spy.60928.1 Trojans
#31
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 24 April 2011 - 02:24 PM
Back to top
#32
- Member
-
- Group: Members
- Posts: 20
- Joined: 12-April 11
Posted 24 April 2011 - 06:18 PM
Elise,
I reinstalled WinPcap from your link. Thanks for that - easier than relocating from Qoobox\Quarantine and I'm not sure if it would have registered otherwise. DDS was already removed from your previous instructions so here are my final questions (maybe):
I reinstalled WinPcap from your link. Thanks for that - easier than relocating from Qoobox\Quarantine and I'm not sure if it would have registered otherwise. DDS was already removed from your previous instructions so here are my final questions (maybe):
- What about the HelpAsst_backup folder on the root directory containing StandardGOPList.reg and DomainGOP.reg - delete it?
- Before removing Combofix with the command switch, does it matter that I downloaded it to C:\Documents and Settings\Owner\My Documents\Download Files instead of the Desktop? Is that still a command path? Also, will it remove both Comcons and Qoobox? Is there any reason I should keep the Restore Console or is it useful only when doing removal forensics? I try to keep this HDD lean by current standards.
- Is there any value in using an additional software firewall or is it redundant to Windows XP standard which seems grossly ineffective after this experience? I'm always behind a router so I'm still uncertain what to blame as the weakest link.
- Where/how do I send you a tip? Seriously. Don't ignore responding to that question please.
#33
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 25 April 2011 - 09:28 AM
Ooops, sorry, forgot about helpassistant. If necessary, redownload the tool we used, click start > run, type the following and press enter.
helpasst -cleanup
Uninstalling Combofix will remove the qoobox folder and all its contents. It will not touch CmdCons, which is the folder containing the recovery console information. This is a part of windows and it can't hurt having it (it offers an option to boot in the command line environment when starting windows, which can be handy if windows is having problems starting up).
If you are beyond a router, no need for an extra software firewall. XP's firewall is not sufficient, but a router definitely is and an additional software firewall really is not worth the trouble.
I hope this answers all your questions.
helpasst -cleanup
Uninstalling Combofix will remove the qoobox folder and all its contents. It will not touch CmdCons, which is the folder containing the recovery console information. This is a part of windows and it can't hurt having it (it offers an option to boot in the command line environment when starting windows, which can be handy if windows is having problems starting up).
If you are beyond a router, no need for an extra software firewall. XP's firewall is not sufficient, but a router definitely is and an additional software firewall really is not worth the trouble.
I hope this answers all your questions.
#34
- Member
-
- Group: Members
- Posts: 20
- Joined: 12-April 11
Posted 25 April 2011 - 08:03 PM
Elise,
The only thing I botched was not turning off Avast before removing Combofix with that line command. It squealed all the way through but everything looks to be clean now. It did leave ERDNT in the windows directory and I assumed that was a system cache prior to Combofix scan deletions. Reading about it I decided ERUNT by Lars Hederer was worthwhile to install for reliable and complete registry backups since System Restore is unreliable whenever something goes wrong after malware infestation. Tomorrow I'll run windows updates and hopefully go another 3 years before anything like this happens again.
I repeat, you're an ace. Let me know that my donation wasn't hijacked
Thanks again, Craig
The only thing I botched was not turning off Avast before removing Combofix with that line command. It squealed all the way through but everything looks to be clean now. It did leave ERDNT in the windows directory and I assumed that was a system cache prior to Combofix scan deletions. Reading about it I decided ERUNT by Lars Hederer was worthwhile to install for reliable and complete registry backups since System Restore is unreliable whenever something goes wrong after malware infestation. Tomorrow I'll run windows updates and hopefully go another 3 years before anything like this happens again.
I repeat, you're an ace. Let me know that my donation wasn't hijacked
Thanks again, Craig
#35
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 26 April 2011 - 12:59 AM
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
