Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should I Run Combo Fix?


  • Please log in to reply
2 replies to this topic

#1 StarsOnly

StarsOnly

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 25 November 2010 - 05:40 PM

Hello, I'm new here. A user from reddit suggested I use ComboFix and I thought I should get some knowledgeable help before I started blowing things away on my PC.

System Info:

Dell Inspiron 1720
Windows Vista Home Premium, updated to Service Pack 2, today: 11/25/2010
Security layers run: PC Tools (free version,) Malwarebytes' Zemana AntiLogger.

Today I ran GMER and it returned these results:

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 32340

---- EOF - GMER 1.0.15 ----

And this from the Processes window:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-25 13:28:05
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0
Running: bg93klio.exe; Driver: C:\Users\STARSO~1\AppData\Local\Temp\pflyaaob.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 39616
Process hidden process (*** hidden *** ) 41172
Process hidden process (*** hidden *** ) 42052
Process hidden process (*** hidden *** ) 42552
Process hidden process (*** hidden *** ) 52632

---- EOF - GMER 1.0.15 ----


I don't want to proceed any further without some expert help, e.g., should I just kill these files, should I run ComboFix, and what I should do after whatever steps I take?

If I missed any pertinent info. please let me know and I'll get it up here right away.

Thank you for any help you can give me. (A clean machine is at best: a temperamental machine).

Edited by hamluis, 25 November 2010 - 06:31 PM.
Moved from Vista to Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:28 AM

Posted 25 November 2010 - 06:35 PM

You shouod not run ComboFix...unless properly supervised/requested to do so by one trained in malware removal/neutralization.

See ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/topic273628.html.

I am moving your topic to our Am I Infected forum, where someone will assist you with regard to your situation.

Louis

#3 StarsOnly

StarsOnly
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 25 November 2010 - 06:56 PM

Thank you. I apologize for posting in the wrong forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users