Also on that forum there was a suggestion for using combofix, but the warning is not to do this without a helper.
This ComboFix program is a DOS-looking window that works like magic -- it looks for "rootkit" activity that apparently the others don't even consider. In about 20 minutes, it deleted a "MoneyBooster" malware toolbar that had snuck onto my machine, detected/repaired my corrupted atapi.sys file, and deleted a bunch of other mutated files in my Windows folder that were viruses.
Sounds like you did not heed the warning and went ahead with using ComboFix. Please be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS
should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the pinned topic ComboFix usage, Questions, Help? - Look here
With that said, you were fortunate in this instance that no unforeseen consequences or serious problems occurred.
Rescan again with Malwarebytes Anti-Malware (Quick Scan
) in normal mode and check all items found for removal
. Don't forgot to check for database definition updates
through the program's interface (preferable method
) before scanning and to reboot afterwards. Failure to reboot normally
will prevent Malwarebytes' from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.
Please download SUPERAntiSpyware Free
and follow these instructions
for performing a scan.
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
- Be sure to update the definitions before scanning by selecting "Check for Updates".
If you encounter any problems while downloading the updates, manually download them from here.
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Click Close to exit the program.
- Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions
for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
-- Alternatively, you can download and use the SUPERAntiSpyware Portable Scanner
or perform a SUPERAntiSpyware Online Safe Scan
(both listed under Popular Links
) instead. If you cannot download from the infected computer, save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer it. Then double-click on the file to launch the portable version and scan. The file is randomly named to help keep malware from blocking the scanner.