Posted 20 January 2010 - 03:54 PM
Okay, I'm just looking to pick up a couple ideas from the kind and wonderful people here.
I use combofix fairly regularly with my job, I'm lead tech for a small district of a large corp. and I was introduced to combofix a couple years ago and found that it simplifies the cleanup and removal of certain malware to where I can take care of them in mere moments.
And so I had a customer with sysguard on it, sysguard is not a new bug, nor is it exceptionly bad, just annoying. Program wise its actually very similar to smitfraud, and can be removed using some of the same tactics. But combofix can kill it in one fell swoop, unfortunately when I ran it this last time I received the error Not Admin when it started scanning. I went though everything I could think of to find where this permission error was coming from, but its WinXP MCE sp3, there are not a lot of choices inside the Administrator Account in SafeMode.
I went and manually removed the hoaxware, much more time consuming. I decided to try combofix again just to see if the bugger was what was stopping it from running, but I get the same error. Everything else I have runs fine, even the batch and com tools that I have.
So, anyone with information would be good. I unfortunately will not be able to post any logs as I do not have access to the computer anymore. I'm mostly looking for ideas that i can try in case I run into this again.