MrCharlie Posted May 31, 2013 ID:685544 Share Posted May 31, 2013 Are the files in there, should be renamed with the extension .virMrC Link to post Share on other sites More sharing options...
gooseonator Posted May 31, 2013 Author ID:685545 Share Posted May 31, 2013 They are not. i see other files from 4/18 when i had gotten the initial virus but nothing new with the .vir extension Link to post Share on other sites More sharing options...
gooseonator Posted May 31, 2013 Author ID:685546 Share Posted May 31, 2013 thats the qoobox quarantinei am referring to. there is nothing in rk quarantine folder with .vir Link to post Share on other sites More sharing options...
MrCharlie Posted May 31, 2013 ID:685547 Share Posted May 31, 2013 It's possible that the file are gone, all we did was to delete the registry entries:[RUN][sUSP PATH] HKCU\[...]\Run : {5D016516-C8AA-AD40-B7E0-95FCB2F8B6E1} (C:\Users\Backup\AppData\Roaming\Yjitwu\xauwp.exe) [x] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-516662134-4216643879-2606995567-1000[...]\Run : {5D016516-C8AA-AD40-B7E0-95FCB2F8B6E1} (C:\Users\Backup\AppData\Roaming\Yjitwu\xauwp.exe) [x] -> FOUNDThen I asked you to delete the folder which you couldn't find.MrC Link to post Share on other sites More sharing options...
gooseonator Posted May 31, 2013 Author ID:685548 Share Posted May 31, 2013 anyways... whats next or are we free and clear? Link to post Share on other sites More sharing options...
MrCharlie Posted May 31, 2013 ID:685550 Share Posted May 31, 2013 It looks OK, How is it??We can run a free online scanner and check the computer security if you want.MrC Link to post Share on other sites More sharing options...
gooseonator Posted May 31, 2013 Author ID:685551 Share Posted May 31, 2013 some of my programs still aren't working but its some stupid industry software for appraisers. Im gonna troubleshoot this some more and ill report back if neccessary. If things run smooth for couple days ill send ya some cash. Im good on my word Link to post Share on other sites More sharing options...
gooseonator Posted May 31, 2013 Author ID:685552 Share Posted May 31, 2013 ohh and thanks again! Link to post Share on other sites More sharing options...
MrCharlie Posted May 31, 2013 ID:685556 Share Posted May 31, 2013 OK....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted June 2, 2013 ID:686382 Share Posted June 2, 2013 A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted June 2, 2013 ID:686396 Share Posted June 2, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts