I recently bought a "refurbished," 6-year-old laptop - a Dell Latitude E6410 - from a company that recycles second-hand (usually ex-business) computers to people on low incomes. It came with Windows 7 Pro installed, including Microsoft Security Essentials. Despite keeping Security Essentials up to date, just a few days ago, my Firefox browser was infected by the web-start.org shortcut-hijacker described here, and also by the two adwares SmartNew Tab virus and cpmofferconvert.com, (I suspect all three are related.)
When I realised how the web-start hijacker was operating, I immediately edited the shortcuts, but, concerned that the malwares were still lurking in my system, I started downloading and installing the anti-malware programs mentioned here, intending to follow that removal procedure. Initially, I just ran DDS.com and FRST64.exe.
But then I also downloaded ComboFix. I ran it, assuming that it was an installation file, not realising that it is a portable program, which would immediately do its thing with no further input from me (that was not mentioned anywhere). I was horrified, on reading the report it generated, to see how aggressive it had been, deleting many DLL files from ProgramData folders (which I imagine were there for a purpose) and doing I-know-not-what to the registry. It did however, make a system restore point first and, IIRC, its own backup of the registry.
I found and zipped up the Qoobox folders (3.1MB) (after some initial struggling with the folder permissions), and it is attached below together with the ComboFix report. I have also uploaded them to this webpage (tiny.cc/combofix-mg), which also contains the two DDS reports and the two FRST reports. (I hope these will be some help to responders)
I find it hard to believe that ALL of the files deleted by ComboFix were infected. It even deleted Teamviewer.exe, which had been pre-installed by the computer vendor (presumably for support purposes.)
I now know that I should not have run ComboFix without expert advice to do so. But I am now seeking that expert advice as to which of three things to do next:
a. Should I do nothing, and just accept that ComboFix did the right thing, and that the computer can do without the files it deleted?
b. Should I use Windows 7 system restore to revert back? (Will that also bring back the files from the quarantine box?)
c. or should I use the tool CFDQ-UsrPrf.exe mentioned here to restore things to the way they were? Is there any info on exactly what it does? (I am concerned that it was originally provided for a different purpose and may not work for me.)
Presumably, in all 3 cases (or at least b and c), I should then use other anti-malware programs to remove the malware.
(Edit: In addition to all this grief from using ComboFix, I now see that in spite of all its deletions, it did not kill the adware viruses - my browser is now again unexpectedly opening ads in new tabs, which also include the extremely annoying fake virus-alert warning (with audio), (falsely) claiming to be from Microsoft.)
I am an experienced computer user, but I feel a little out of my depth at this stage, and would welcome whatever help I can get.
ComboFix-Report-1.txt 32.14KB 4 downloads
Qoobox.zip 3.1MB 0 downloads
Edited by Moongazer, 24 October 2016 - 09:00 AM.