Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection. Help!


  • This topic is locked This topic is locked
1 reply to this topic

#1 zabird

zabird

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 11 June 2008 - 12:44 AM

Hi. A couple of weeks ago, my computer was infected with several trojans, I ran a Kaspersky scan and then posted that log and the combofix log, as per requested, but never got an answer. Here's the topic on it.
www.bleepingcomputer.com/forums/topic149772.html

In the meantime, I got rid of the crappy McAfee program and downloaded the free 30-day Kaspersky trial software and it cleaned up what I thought was everything, but since then, every time I run the full scan of my computer, I get a warning box (complete with that godawful shriek) that it's found something and it wants me to disinfect it. I click on "disinfect" and it doesn't let me.

when I look at the detected list on the report, this is what I find:

not found: virus Heur.Invader (modification) File: c:\documents and settings\alison\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
not found: virus Heur.Invader (modification) File: c:\documents and settings\alison\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe//PE_Patch.UPX
not found: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP80\A0005372.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe

I downloaded and ran the Malwarebytes Anti-Malware software and it came up clean.

I see "combofix" within those file names above. Is that in reference to the combofix software? Thinking that that might be the case, I deleted it from my desktop and am rerunning a full Kaspersky scan on my computer right now. It's still scanning, but I've gotten the same warning box again with the same file name, etc.

I don't know if it's just a false positive or malware of some sort. Help!

I'm basically clueless on computers, but I'm learning a little bit here.

I'm running XP service pack 3.

Thanks!

BC AdBot (Login to Remove)

 


m

#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:09:17 AM

Posted 11 June 2008 - 01:08 AM

Hello zabird,

Since you have a HJT log posted in the HijackThis Logs and Malware Removal forum, I'm going to close this Topic.

Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.

How about if you give them a gentle reminder by posting a link to your HijackThis Log, in the the thread titled "Haven't Had A Reply In Five Days?".

If you have any questions, don't hesitate to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users