Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Back After Firewall Change


  • This topic is locked This topic is locked
10 replies to this topic

#1 waterface

waterface

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 24 September 2007 - 12:55 PM

Hi
Today i changed my ZA free firewall to Ashampoo 1.2 firewall.
I ran Spybot & it found ' Virtumonde Generic'.
It said it had removed it, but i'm unsure because of the Firewall change.
I did a scan with www.hackerwatch.org/portscan/ & it showed my ports 23 (telnet) & 80 (http) were open & visible, saying for 80, if this computer is not supposed to be acting as a server, you should have this port open!!

My log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:32, on 25/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4597 bytes

BC AdBot (Login to Remove)

 


#2 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 26 September 2007 - 06:09 AM

anyone please!!

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:24 PM

Posted 03 October 2007 - 01:40 PM

Looks clean, but lets take a look:
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

Is your XP the professional edition? It could be that you have IIS running.

#4 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 03 October 2007 - 02:32 PM

Hi Grinler & thanks, i also recently changed my firewall from ZA free to Ashampoo 2.
After ComboFix, my default browser changed & i got a message from Windows Firewall about alowing messenger, i don't know why!
Anyhow, here is ComboFix & then HijackThis.

ComboFix 07-10-03.8 - user 2007-10-04 20:06:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.18 [GMT 1:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-09-25 14:20 <DIR> d-------- C:\Program Files\Ashampoo
2007-09-21 17:38 <DIR> d-------- C:\Program Files\CCleaner
2007-09-15 16:35 <DIR> d-------- C:\WINDOWS\pss
2007-09-14 22:59 <DIR> d-------- C:\Documents and Settings\user\Contacts
2007-09-14 22:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-14 18:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-11 23:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-11 20:46 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-09-09 18:31 316,112 --a------ C:\WINDOWS\system32\dn881a0c3b.dat
2007-09-09 16:30 <DIR> d-------- C:\Program Files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 11:02 --------- d-------- C:\Documents and Settings\user\Application Data\MailWasher
2007-09-15 20:24 --------- d-------- C:\Documents and Settings\user\Application Data\Spybot - Search & Destroy
2007-09-14 22:57 --------- d-------- C:\Program Files\MSN Messenger
.

((((((((((((((((((((((((((((( snapshot_2007-09-12_235219.47 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-28 08:06:08 C:\WINDOWS\catchme.exe
----a-r 29,926 2007-09-14 21:56:58 C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
----a-w 51,056 2007-01-19 11:53:04 C:\WINDOWS\system32\sirenacm.dll
----a-w 844,800 2007-07-22 17:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 479,232 2006-06-05 13:14:28 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
----a-w 548,864 2006-06-05 13:14:28 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
----a-w 626,688 2006-06-05 13:14:28 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
----a-w 109,056 2007-07-19 23:47:22 C:\WINDOWS\catchme.exe
----a-w 118,784 2006-01-24 10:34:24 C:\WINDOWS\system32\sirenacm.dll
----a-w 279,552 2007-07-22 17:39:27 C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-03-26 16:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

R3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\user\LOCALS~1\Temp\ASFWHide
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6df0a843-1a15-11d3-94d5-806d6172696f}]
AutoRun\command- D:\SETUP.EXE /AUTORUN
configure\command- D:\SETUP.EXE
install\command- D:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 16:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Documents and Settings\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 20:15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 20:19:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 20:18
.
--- E O F ---


Hijack this :-


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:39, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4619 bytes

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:24 PM

Posted 03 October 2007 - 02:44 PM

Looks clean.. Nothing here. If you have Messenger starting automatically, then it will attempt to bind itself to various network ports on your computer. When it does this, the firewall blocks. You should either allow it, if you use it, or block it if not.

#6 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 03 October 2007 - 04:17 PM

Hi & thanks
My Windows live messenger does open on startup, but not automaticaly signes me in! I do use it regular, so this is ok.
I thought i had Windows Firewall turned off! Could ComboFix have enabled it & also changed my default browser?
I have turned Windows Firewall off as i have Ashampoo as having 2 Firewalls isn't a good idea i think??

wf

Edited by waterface, 03 October 2007 - 04:19 PM.


#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:24 PM

Posted 03 October 2007 - 05:00 PM

Yes, you definitely do not want to run two firewalls at the same time. it is one thing to have a hardware firewall and a software firewall, but two software firewalls is asking for trouble.

I do not believe combofix changes default settings like that. What were they set to previously?

#8 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 04 October 2007 - 10:10 AM

Well, i thought my Windows Firewall was turned off as i never has the prompt before, or any for that matter as i always had my own Firewall, previously ZA free & now Ashampoo.
My default Browser is Firefox, but after using ComboFix, & i rebooted, my browser opened up as IE 6, which i have on my pc!
I have changed these settings & now seems ok, but i'm unsure why these changes took place!

Regards

wf

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:24 PM

Posted 04 October 2007 - 01:54 PM

Checking to see if combofix changes the default browser settings for you

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:24 PM

Posted 04 October 2007 - 02:14 PM

It does indeed revert your default browser. Do not worry about that if you changed it back to firefox.

Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

When shown the disclaimer, select 2
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

#11 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 05 October 2007 - 11:37 AM

Many thanks Grinler, i guess thats all for now! :thumbsup:

wf




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users