Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacking Malware: Affects Safari, IE8, Firefox


  • Please log in to reply
3 replies to this topic

#1 adama23

adama23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 March 2010 - 11:37 PM

Hello and thank you in advance for your help.

I recently wound up with some malware in my system. I thought I'd removed it with Avast! and Malwarebytes, but apparently there are more pieces of it that the software cannot track and they're playing havoc on my browsers.
I had somone take a look and he was not very helpful.

The malware affects browsers in this way:
• Internet Explorer 8 - occasionally opens new windows which generally go right to google. When performing google searches for solution to this malware or any references to java based problems, it redirected me to other search sites, as well as travel sites, spammer sites, etc...
• Safari - I installed safari recently, just to see if this problem went across browsers. It does. The problems were the same as with internet explorer.
•Firefox - simply will not open.

Here is the DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Adam at 22:11:18.00 on Thu 03/18/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1014.233 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\SKDAEMON.EXE
C:\IBMTOOLS\utils\ibmprc.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Server\Apache2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\gearsec.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Server\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Server\Apache2\bin\httpd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Adam\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ControlCenter] "c:\program files\ibm fingerprint software\ctlcntr.exe" /startup
mRun: [Hot Key Kbd Daemon] SKDAEMON.EXE
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [UC_Start] c:\program files\ibm\updater\\ucstartup.exe
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Notify: psfus - c:\program files\ibm fingerprint software\psfus.dll
LSA: Notification Packages = scecli pwdmon
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\h4rq0xau.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\server\apache2\bin\httpd.exe [2008-12-10 24636]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-22 1153368]
R2 SmiHlp;SMI helper driver;c:\windows\system32\smihlp.sys [2005-1-27 3328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-10 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-4-21 84832]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-12-8 120232]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-03-19 02:56:06 287952 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-19 02:55:55 54156 ---ha-w- c:\windows\QTFont.qfn
2010-03-19 02:55:55 1409 ----a-w- c:\windows\QTFont.for
2010-03-19 02:52:49 0 d-----w- c:\programdata\Apple
2010-03-19 00:47:24 0 ----a-w- c:\users\adam\defogger_reenable
2010-03-18 22:39:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 22:39:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 22:39:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 22:26:20 0 d-----w- c:\windows\IBM
2010-03-18 22:13:27 98816 ----a-w- c:\windows\sed.exe
2010-03-18 22:13:27 77312 ----a-w- c:\windows\MBR.exe
2010-03-18 22:13:27 261632 ----a-w- c:\windows\PEV.exe
2010-03-18 22:13:27 161792 ----a-w- c:\windows\SWREG.exe
2010-03-18 22:13:13 0 d-s---w- C:\toolb
2010-03-18 14:05:29 0 d-----w- c:\program files\ESET
2010-03-16 15:33:29 0 d-----w- c:\programdata\Alwil Software
2010-03-16 00:36:20 0 d-----w- C:\Sun
2010-03-11 17:01:35 0 d-----w- c:\users\adam\appdata\roaming\Malwarebytes
2010-03-11 17:01:28 0 d-----w- c:\programdata\Malwarebytes
2010-02-24 15:13:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 15:13:11 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 15:13:10 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 15:13:10 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 15:13:10 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 15:13:10 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 15:13:10 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 15:13:10 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 15:13:10 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 15:13:10 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

==================== Find3M ====================

2010-03-18 20:14:06 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-05 21:35:42 32948 ----a-w- c:\windows\fonts\ClarendonLTStd.otf
2010-03-05 21:35:42 32092 ----a-w- c:\windows\fonts\ClarendonLTStd-Light.otf
2010-03-05 21:27:50 33120 ----a-w- c:\windows\fonts\ClarendonLTStd-Bold.otf
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-22 20:56:15 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-22 20:56:15 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-28 20:32:32 86016 ----a-w- c:\windows\inf\infstor.dat
2008-10-19 21:02:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
1999-01-08 07:25:28 11079 ----a-w- c:\program files\folder.htt
2009-12-13 18:50:19 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-05 19:04:00 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-11 20:43:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 22:12:17.92 ===============



I have also attached the Attach and Ark files.

Thanks again.
Adam

Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:22 PM

Posted 19 March 2010 - 06:05 AM

Hi there smile.gif

If you already have a copy of ComboFix, please delete it.

Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3





IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 adama23

adama23
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 19 March 2010 - 08:49 AM

Thank you very much for getting back to me promptly. I disengaged Windows Defender, per instructions and ran ComboFix (saved as Combo-Fix), but it hasn't gotten past "Attempting to Create a New System Restore Point" in some time.

Is there something else I have running or any particular configuration that may be interfering with Combofix's performance?

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:22 PM

Posted 19 March 2010 - 09:43 AM

You mentioned Avast! earlier, which often interferes with ComboFix. Otherwise, any other security software should be disabled.

If you are still having problems, try clicking Start >> Run, then copy/pasting this command and hitting Enter:
"%userprofile%\Desktop\Combo-Fix.exe" /KillAll
(Make sure Combo-Fix.exe is on your Desktop before you do this.)

Let me know if you are still having problems.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users