Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zlock Reoccurring Plus Unknown Background Malware


  • Please log in to reply
14 replies to this topic

#1 cleesr

cleesr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 14 January 2008 - 10:11 PM

I have Norton 360, Netcom3, Xoftspy, Spybot S&D, Adaware SE, RegCure, Spyware Blaster, Spring Cleaning, and have used them ALL religiously. I've used some of the methods I've seen suggested on here (at least to the point where I was afraid of deleting something vital) and everytime I get rid of Zlock, comes right back on the next reboot. Also there is something I haven't been able to identify running in the background at ALL times (browser open or not) and it accumulates cookies and fills my cache making my system progressively get slower. Could somebody ANYBODY please help?!?! It would surely be MUCH appreciated.

Here's my current HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:29 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\WINDOWS\cli32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\mxtask.exe
C:\WINDOWS\explorer.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\cli32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intellicast.com/icastpage/loadpage....mp;prodnav=none
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://intellicast.com/icastpage/loadpage....mp;prodnav=none
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intellicast.com/IcastPage/LoadPage....mp;prodnav=none
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CLI32] C:\WINDOWS\cli32.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Notify 98 Check.lnk = C:\Program Files\Notify 98\Notify.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
O23 - Service: PC FineTune Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6135 bytes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 29 January 2008 - 04:44 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#3 cleesr

cleesr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 29 January 2008 - 07:56 PM

Thanks for your reply! I had all but given up, and maybe now there's still hope. Following other advice that I've found on this site I think I've been able to finally get rid of Zlock, however, the constantly running background malware is driving me crazy. All I have to do is boot up my computer and my cookie file starts accumulating cookies, my cache starts filling, my history starts showing multiple sites that I have never visited and my temperary internet files start mutiplying. It's as though my computer is visiting multiple sites per minute and I haven't even opened my browser. What's even worse is that judging from the names of the sites, most of them seem to be porn. This was a real "perv" that created this one. Sure hope that you can help me locate and destroy! Here's the brand new HJT log that you requested. Hope to hear back soon. THANKS again...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:40 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\cli32.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\mxtask.exe
C:\WINDOWS\cli32.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intellicast.com/icastpage/loadpage....mp;prodnav=none
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intellicast.com/icastpage/loadpage....mp;prodnav=none
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CLI32] C:\WINDOWS\cli32.exe
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Notify 98 Check.lnk = C:\Program Files\Notify 98\Notify.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
O23 - Service: PC FineTune Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5868 bytes

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 30 January 2008 - 01:08 PM

Go to : http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to the C:\WINDOWS\cli32.exe file on your desktop. Finally click on the Send File button.


Next,


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [CLI32] C:\WINDOWS\cli32.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\cli32.exe

Reboot your computer to go back to normal mode.

Then,
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#5 cleesr

cleesr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 30 January 2008 - 03:00 PM

I followed all of your instructions so far, right up to the point of downloading and running Combofix. However, when I try to run the application I get a pop up error window that says "you cannot rename Combofix as Combofix. please use another name" and the program won't open. I tried renaming just to see if it might make a difference, but it didn't. I also tried re-downloading several times, but still no change. I also cleaned it from my computer completely with Spring Cleaning 3.0 before I redownlaoded but it make no difference. Any suggestions?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 30 January 2008 - 03:22 PM

Hmmm... thats strange. Redownload it in an hour and see if the error is gone.

#7 cleesr

cleesr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 30 January 2008 - 04:57 PM

Cleaned it, redownloaded and it still does the same thing.........???

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 31 January 2008 - 05:22 PM

Have you rebooted since you had the error.

#9 cleesr

cleesr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 31 January 2008 - 05:57 PM

I've cleaned it, rebooted, redownloaded and attempted to ComboFix several times in the past 24hrs, always with the same result. The good news is that your instructions to this point seems to have solved my problem. Seems that cli32 was definately the culprit. My system is no longer visiting sites and picking up cookies in the background and is running much quicker now. Can't THANK YOU enough for that! You're THE MAN!

Wish I could resolve this ComboFix fix problem and send you the logs you requested, but thusfar I've had no luck. If you have anymore suggestions I'd be happy to listen and comply.

Once again THANKS A' MILLION! So happy I found this forum.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 01 February 2008 - 04:58 PM

Let's try this:


Let's uninstall ComboFix

Please navigate to, and delete the following:
  • Click on : Start >> Run...
  • Type: Combofix /u and hit Enter
Now reboot and when back at your desktop, do the following:
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#11 cleesr

cleesr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 01 February 2008 - 08:17 PM

Well,.....this just keeps getting more strange. When I try to run Combofix /u , a combofix popup window states:

"Windows cannot find 'combofix'. Make sure you typed the name correctly, and then try again. To search for a file, click the START button, and then click search."

I tried several times making sure that I typed things correctly, with the same result each time. So I did a file search and found 3 combofix files including combofix.exe. If a search finds these files, I can't help wondering why Windows can't find them while trying to run Combofix /u ?

This is ALL over my head, so the ball is back in your court............

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 02 February 2008 - 12:37 PM

No thats normal. I just wanted to make sure you did not have an older version installed that could be confusing matters.

Have you downloaded the newest version and see if you still have the same error?

#13 cleesr

cleesr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 03 February 2008 - 05:34 PM

I've downloaded it at least a dozen times over the past few days. Each time I downloaded from the link that you supplied me previously. I assume that this is the latest version. If not, show me where to get it and I'll give it a try.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 04 February 2008 - 05:54 PM

Sorry for the delay. I will ask the author if he knows what may be happening.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:20 PM

Posted 05 February 2008 - 05:35 PM

It was recommended that we try having you disable symantec while running Combofix. Having symantec run could be causing this error.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users