Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 Combofix


  • Please log in to reply
3 replies to this topic

#1 Nevada12

Nevada12

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 15 March 2012 - 02:55 PM

In process of attempting removal of malware/scareware SmartFortress 2012 from infected Win7 Pro system.

Using Malwarebytes (clean), SuperAntiSpyware (found after multiple update processes), Spybot (clean) and Combofix - both on Admin and user profile.

Latest round was use of combofix on user profile; ran through and rebooted - now a user login gives a continual (>30 minutes so far) stream of command prompt windows that open/ close. Computer is too fast to see what the window header is, and "focus" changes back to the command windows continually, so it makes it tough to do anything else (including task mgr).

Is this normal? For how long? How to stop? Any other recommendation?

BC AdBot (Login to Remove)

 


#2 Nevada12

Nevada12
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 15 March 2012 - 03:25 PM

Turns out Combofix requires admin rights to run, so I "Ran as" under the user profile, and after it autorebooted, I logged back into the user profile. Hard resetting the system then logging back into the admin profile let it finish.

Still not 100% certain that "SmartFortress" is gone...

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:29 PM

Posted 15 March 2012 - 03:46 PM

ComboFix should not to be run without proper supervision and at the request of an experienced, qualified helper. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use.

If you need help removing malware, please follow the steps at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

If you have a ComboFix log, please attach it or include it in the data you post.

Note that the forum for hanling malware logs...is linked to in the Prep Guide...and is not this forum.

Louis

#4 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 16 March 2012 - 01:44 PM

Malwarebytes lists screenshots and registry details on their site which you can check here: Smart Fortress removal instructions You need to look at these because the rogue blocks normal use of the removal tool which will then appear to give your system a clean bill of health, while in fact, the opposite is the case.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users