chearn Posted July 11, 2013 Author ID:701728 Share Posted July 11, 2013 I just got an email which I think could be the email that gave me the virus in the first place. It was a priority mail tracking email, which I thought was from one of the companies that I do business with. Now I am afraid to open it. Especially since I was not expecting it, like I wasn't expecting it then either. Charlie Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 12, 2013 Root Admin ID:701803 Share Posted July 12, 2013 Yes, emails out of the blue like that are SPAM and one should never open them or click on any content in them. Please copy that file to the root of the C: drive so it will be something like this: c:\srsvc.dll Once you've saved that file to the root of C: then go ahead and save the attached file CFScript.txt to the same location as Combofix. Then drag and drop it onto combofix and let it run. If it asks to update please go ahead and allow it. When done it will create a new log file. Please attach that log file on your next reply. ThanksCFScript.txt Link to post Share on other sites More sharing options...
chearn Posted July 13, 2013 Author ID:702323 Share Posted July 13, 2013 Ok, Thanks you for all of your help. This has been a pain, but it has also been interesting. Attached is the log file from the Combofix run. I kept getting a Firefox message that a suspious program was running and that it was confined to the sandbox. I kept getting a popup asking me if I wanted to terminate the program, I continued it. I did get 2 messages that said a virus had been found and was stopped before it was executed. The file was c:combofix/catchme.tmp. Thanks so much,ComboFix.txtCharlie Link to post Share on other sites More sharing options...
chearn Posted July 13, 2013 Author ID:702326 Share Posted July 13, 2013 One more thing, I can't get rid of that Windows File Protection message. Everytime I click cancel, it tells me to insert the Windows XP Pro Service Pack 3 CD - which I don't have. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2013 Root Admin ID:702459 Share Posted July 13, 2013 Please run the following and I'll check back with you when I can. Thanks Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link. Shutdown your antivirus to avoid any conflicts while scanning. Once the scans have completed please re-enable your antivirus. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules If needed you can also temporarily disable it from starting with Windows Temporarily turn off any other security add-ons or applications you may also have. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature. If it does not have a Digital Signature then do not run it. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer. Click on the Yes button to start the installer. Click OK to scan your computer in the Enhanced Protection Mode Click on the check box to agree to participate in their software improvement program. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them. Then click on the Start scanning button. If a threat is found you can click on the Action column in the program. Your options will be Cure or Ignore If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure. Then click on the Neutralize button. Once completed click on the green Open Report link. It will open the report in NOTEPAD Save the report to your desktop. The report will be called Cureit.log Close Dr.Web Cureit! Reboot your computer to allow files that were in use to be moved/deleted during reboot. After reboot, attach the log Cureit.log you saved previously in your next reply. Re-Enable your antivirus and other security programs when all done. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703414 Share Posted July 16, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts