Your knowledge has been a great asset to us being able to get this cleaned up. I want to do some checking and see if the Safe Boot Key Repair is targeting the same keys as what you found in the fix. This is something that could be very useful in the future.
Since you never could get ComboFix to run properly the following may not be needed but we'll run it anyway. Uninstall Combofix
- Press the Windows Key + R on your keyboard.
- Now copy & paste the green bolded text in the run-box and click OK.
<Notice the space between the "x" and "/".>
- The following will implement some very important cleanup procedures as well as reset System Restore points.
The following removes a lot of other tools as well as itself.Cleanup! with OTMoveIt
* Double click OTMoveIt3.exe
to run it.
* Click the Clean Up
button at the top . If you receive a warning from your security program, select allow to download the packet.
* A pop-up box will appear saying "Cleanup list download successfully Begin Removal Process?"
. Click Yes
* If required for a reboot click Yes
Below are some steps to follow in order to lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
- Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
- Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
- Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here
You can download SpywareBlaster from here
- Install the MVPs hosts file, and update it regularly
You can use the HostMan host file manager to do this automaticly if you wish.
For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts fileNote: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
- Click Start > Run
- Type services.msc & click OK
- In the list, find the service called DNS Client & double click on it.
- On the dropdown box, change the setting from automatic to manual.
- Click OK & then close the Services window
- Finally, this is very important. It is absolutely essential to keep all of your security programs up to date
If you have any other questions or issues feel free to ask as I will be checking back on this topic.
Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum. thewall