Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Please help - Computer 1/malware, tried combifix, cant log into vista

  • Please log in to reply
1 reply to this topic

#1 sach_1600


  • Members
  • 4 posts
  • Local time:03:28 AM

Posted 02 February 2009 - 01:36 PM


I use vista 32 home premium; firewall enabled.

I got a virus of some kind that resdtarted the pc and locked on logging in, and tried to remove it using a variety of tools in safe mode, including malwarebytes - it found and removed several viruses but on restart they appeared again. I searched online and found and used combofix twice. While it seems to have removed the virus (according to malwarebytes) when logging on it says "an unauthorized change has been made to windows". I have disabled all startup programs and uninstalled divx (which is when the virus happened) in appwiz, this hasnt worked. I cant get online on my desktop and am using my laptop wlan. Howefver i plugged the mobile broadband from my desktop into my laptop (didnt work onn the laptop either - the virus seems to have done something to it), so I may be infected, although nothing bad is happening on the laptop so maybe not - malwarebytes detects no virus on the laptop.

I've attached the dds logs as requested, and the other logs from various tools that i could find.

Looking on this forum I see now I shouldnt have used combofix on my own - sorry. I know you ask not to attach the combofix log but since the problem of logging on happened after using combofix I'm guessing you will want to look at the log.

I cant find details of the virus itself anymore except that one of the detections was "ebcebddbde.dll"

I would really appreciate your help/advice, thank you.


Edit - To add, I cant use dr web as a free scanner as I've used it before and exceeded the free trial period. I have anti-vir and malwarebytes installed and neither picked up the virus from the divx installer, though malwarebytes picked them up after. I used sdfix, vundofix too. I dont have anti-vir guard running.

Edit2 - I ran search and destroy and it picked up a bunch of stuff including pw.ldpinchIE, so it seems my combofixing didn't work... I wont do anything else until I gegt some advice here now - I've learnt my lesson! Hope to hear from you guys soon.

And oh crap - its on my laptop now too - argh! What is the world coming to?!

Attached Files

Edited by sach_1600, 02 February 2009 - 06:56 PM.

BC AdBot (Login to Remove)


#2 kahdah


  • Security Colleague
  • 11,138 posts
  • Gender:Male
  • Location:Florida
  • Local time:04:28 AM

Posted 15 February 2009 - 09:59 AM

Hello sach_1600

Welcome to BleepingComputer :thumbup2:
Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to samples.

Click Here to upload the files please.
After that please post an updated dds log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users