I read on another forum to use combofix so I downloaded it but I haven't used it
If you ran or want to run ComboFix on your own due to malware infection, please be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS
should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the pinned topic ComboFix usage, Questions, Help? - Look here
WIth that said, please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Step 7
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- When the program opens, click the Start Scan button.
- Any objects found, will show in the Scan results - Select action for found objects and offer three options.
- If an infected file is detected, the default action will be Cure...do not change it.
- Click Continue > Reboot now to finish the cleaning process.<- Important!!
- If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
- A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
instructs you to scan your computer using Malwarebytes Anti-Malware
. Don't forget to check for database definition updates
through the program's interface (preferable method
) before scanning.Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes' when done.
-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware
as you may need to rename it or use RKill