Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Billybobjoebob

Billybobjoebob

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 04 September 2010 - 01:17 PM

About every 5-10 minutes a message from norton comes up "A recent attempt to attack your computer was blocked." It has notably slowed down the computer. It used to be much worse, but I used an adware remover and it got rid of some of them.


DDS (Ver_10-03-17.01) - NTFSx86
Run by nakvo family at 12:06:12.82 on Sat 09/04/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.108 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\nakvo family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aol.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"
mRun: [lcymegxx] c:\documents and settings\networkservice\local settings\application data\qlmvhdqor\wjridoqtssd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/html - {9f1b8109-a1e0-4293-a3c6-9db7da993807} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-25 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-25 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100903.003\IDSXpx86.sys [2010-9-3 331640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-25 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-9 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100903.050\NAVENG.SYS [2010-9-4 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100903.050\NAVEX15.SYS [2010-9-4 1362608]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2010-09-04 17:04:23 0 ----a-w- c:\documents and settings\nakvo family\defogger_reenable
2010-09-01 01:00:10 0 d-----w- c:\docume~1\nakvof~1\applic~1\abgx360
2010-08-22 22:53:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-22 22:53:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-22 22:50:19 0 d-----w- c:\program files\JDownloader
2010-08-22 22:36:47 0 d-----w- c:\program files\abgx360
2010-08-07 17:31:16 0 d-----w- c:\docume~1\nakvof~1\applic~1\InfraRecorder
2010-08-07 16:37:58 0 d-----w- c:\program files\InfraRecorder
2010-08-07 07:01:36 0 d-----w- C:\Xp_home
2010-08-07 04:34:46 0 d-----w- c:\program files\uTorrent
2010-08-07 04:34:13 0 d-----w- c:\docume~1\nakvof~1\applic~1\uTorrent
2010-08-05 20:24:49 0 d-----w- c:\windows\pss

==================== Find3M ====================


============= FINISH: 12:07:29.89 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-04 13:09:18
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\NAKVOF~1\LOCALS~1\Temp\uwrdauod.sys


---- System - GMER 1.0.15 ----

SSDT 81D48050 ZwAlertResumeThread
SSDT 81D49050 ZwAlertThread
SSDT FF7388D8 ZwAllocateVirtualMemory
SSDT FF7EC050 ZwAssignProcessToJobObject
SSDT 81EA5C40 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA808130]
SSDT FF7380D0 ZwCreateMutant
SSDT FF737B78 ZwCreateSymbolicLinkObject
SSDT 81E4F580 ZwCreateThread
SSDT FF7EE050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA8083B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA808910]
SSDT FF738A30 ZwDuplicateObject
SSDT FF738738 ZwFreeVirtualMemory
SSDT 81D46050 ZwImpersonateAnonymousToken
SSDT 81D47050 ZwImpersonateThread
SSDT 82ACB198 ZwLoadDriver
SSDT 81E1B840 ZwMapViewOfSection
SSDT 81D43050 ZwOpenEvent
SSDT FF738BD0 ZwOpenProcess
SSDT 81E170B8 ZwOpenProcessToken
SSDT 81E43050 ZwOpenSection
SSDT FF738B00 ZwOpenThread
SSDT FF737C48 ZwProtectVirtualMemory
SSDT 81E1E400 ZwResumeThread
SSDT 81D4A050 ZwSetContextThread
SSDT FF738558 ZwSetInformationProcess
SSDT FF7F0050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA808B60]
SSDT 81E45050 ZwSuspendProcess
SSDT 81E5C050 ZwSuspendThread
SSDT 81D4C0B8 ZwTerminateProcess
SSDT 81E5F050 ZwTerminateThread
SSDT 81E15070 ZwUnmapViewOfSection
SSDT FF738808 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 1 Byte [D0]
.rsrc C:\WINDOWS\system32\drivers\dmload.sys entry point in ".rsrc" section [0xF8A88114]
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7F7BEBF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\System32\svchost.exe[1848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008B000A
.text C:\WINDOWS\System32\svchost.exe[1848] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0089000C
.text C:\WINDOWS\System32\svchost.exe[1848] USER32.dll!GetCursorPos 77D4BD76 5 Bytes JMP 0121000A
.text C:\WINDOWS\System32\svchost.exe[1848] ole32.dll!CoCreateInstance 7750058E 5 Bytes JMP 009F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AA000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0 829EBEC5

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WNT7NEUL\secure-us.imrworldwide.com\_ggMCvar_2.sol 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@scorecardresearch[3].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJCVWTCB\31.1[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJCVWTCB\59.3[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJCVWTCB\72.2[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJCVWTCB\77.2[1].gif 0 bytes
File C:\WINDOWS\system32\drivers\dmload.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Billybobjoebob, 04 September 2010 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:12 PM

Posted 05 September 2010 - 01:49 PM

Good evening. smile.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:12 PM

Posted 10 September 2010 - 02:03 PM

As there has been no response for five days, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users