I tried running combofix as per instructions given to others on this trojan but it keeps telling me that I am running CA-Antivirus.
You should not be following specific instructions provided to someone else
. Those instructions were most likely given under the guidance of a trained staff helper to fix that particular member's problems, NOT YOURS after careful evaluation of the malware involved. Before taking any action, the helper must investigate the nature of the infection and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware which means the degree of infection can vary.
ComboFix will not run
if either AVG or CA anti-virus is installed as a protective measure against the actions of the scanning engine. This is because each of these anti-virus programs "falsely
" detect ComboFix (or its embedded files) as a threat and may remove them. If some of these files are removed, ComboFix will not perform its routines properly and the developer has determined this can cause damaging or "unpredictable results"
. Normally this is avoided by temporarily disabling the anti-virus until ComboFix has been run but AVG and CA cannot be effectively disabled. As such, the developer has chosen not to allow his tool to run until the anti-virus is uninstalled first in order to avoid any potential problems. Please understand that this is an issue with the anti-virus and not with ComboFix.
Further, no one should be using ComboFix
unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator
to be "used under the guidance and supervision of an expert
. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
When issues arise due to complex malware infections, false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here
. IMPORTANT NOTE
: Since you say this a work computer, have you contacted and advised your IT Department
? In most work environments, the IT staff implement specific policies
for the use of computer equipment and related resources. In fact, many companies will require you to read those policies and sign a statement of understanding
. These official procedures are designed and implemented to provide security and certain restrictions to protect the network. This allows all users to safely use business resources with minimum risk of malware infection, illegal software, and exposure to inappropriate Internet sites or other prohibited activity. We will not assist with attempts to circumvent those policies or security measures
Our forums are set up to help the home computer user
deal with issues and questions relating to personal computers. At most community security sites like this, we do not have the staff or resources to deal with numerous client machines or the complexities of network disinfection. A lot of helpers are not familiar with Servers and many of the tools we use are restricted to non-commercial use by their creators. Further, we are not equipped
to involve ourselves in any legal issues that may arise due to loss of business data and loss of revenue as a result of malware infection or the disinfection process which in some instances require reformatting and reinstallation of the operating system.
A business IT staff generally has established procedures in place to deal with issues and infections on client machines on the network. As such, they may not approve of employees seeking help at an online forum or outside the business office as doing so could interfere or cause problems with their removal methods. The malware you are dealing with may have infected the network. If that's the case, the IT Department needs to be advised right away so they can take the appropriate disinfection measures.
If you're reluctant or embarrassed to inform the IT Team, keep in mind that they can easily trace the source of the infection. It is much better to bring this to their attention than to deal with the consequences of violating security policy.