Jump to content

malwerebytes shuts down before cleaning of malwere


Recommended Posts

i had to repost this here , as i still cant clean the hits this software found it closes as soon as i go to look at the hits but when i close it and go back into the software /quarinetine it shows the hist and it only lets me delete the hits. hi here is my highjack this log i ran it today aug.14,2009 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60282

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60282

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60282

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: Java

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hi rlk123go and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi rlk123go and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

hi and thanks for the reply still have problems i ran the combo fix and it get as far as the back up the a new restore point after that it just closes and it doesnt do anything no logs orno pop up about windows recovory console. i didnt touch it while scan was running im useind windows vista ultimate and on admin.user the one from admin tools now im stuck please reply back soon, thanks again for your time

Link to post
Share on other sites

  • Staff

Hi,

Please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

-screen317

Link to post
Share on other sites

Hi,

Please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

-screen317

hi here is the gmer.exe scan you asked for. thanks for the help!

rlk_scan.txt

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

hi here is what you asked for

hijackthis.log_sept4_2009.txt

sept4_2009_combofix.txt

Link to post
Share on other sites

  • Staff

Hi,

I see you have UAC disabled. This is not recommended, as this one feature is one of the reasons why Vista is far more secure than XP, and also why you became infected. Please enable it.

Also, you are running P2P programs such as Limewire and BitComet. It is no surprise that you became infected considering the incredible amounts of malware that travel through P2P servers. Not to mention downloading songs from Limewire is illegal. Please uninstall your P2P programs.

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

I see you have UAC disabled. This is not recommended, as this one feature is one of the reasons why Vista is far more secure than XP, and also why you became infected. Please enable it.

Also, you are running P2P programs such as Limewire and BitComet. It is no surprise that you became infected considering the incredible amounts of malware that travel through P2P servers. Not to mention downloading songs from Limewire is illegal. Please uninstall your P2P programs.

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

here you go !

Scanning Report

Friday, September 4, 2009 18:33:46 - 20:48:19

Computer name: MAINBRAIN

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

--------------------------------------------------------------------------------

11 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Adtech (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

TrackingCookie.Specificclick (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Xiti (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 106090

System: 5195

Not scanned: 51

Actions:

Disinfected: 11

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\057262A8FE74F335F476A1F69EA1E94E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2179ADF1D78521A81FDF4A732D0AFBB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B72A064F788A71E890F645D860B253_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E1283CE08B9C947214F95D21DD8CDB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\676A03FE0D6A5C65BAFF8F8A41BF781A_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4155673D1C813C9CE07E16348A71167_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8DCE889ABA0FD398B72D75434361E0E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B72A064F788A71E890F645D860B253_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\057262A8FE74F335F476A1F69EA1E94E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2179ADF1D78521A81FDF4A732D0AFBB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E1283CE08B9C947214F95D21DD8CDB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\676A03FE0D6A5C65BAFF8F8A41BF781A_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4155673D1C813C9CE07E16348A71167_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\PROGRAMDATA\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8DCE889ABA0FD398B72D75434361E0E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B72A064F788A71E890F645D860B253_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\057262A8FE74F335F476A1F69EA1E94E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2179ADF1D78521A81FDF4A732D0AFBB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E1283CE08B9C947214F95D21DD8CDB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\676A03FE0D6A5C65BAFF8F8A41BF781A_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4155673D1C813C9CE07E16348A71167_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8DCE889ABA0FD398B72D75434361E0E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B72A064F788A71E890F645D860B253_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\057262A8FE74F335F476A1F69EA1E94E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2179ADF1D78521A81FDF4A732D0AFBB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E1283CE08B9C947214F95D21DD8CDB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\676A03FE0D6A5C65BAFF8F8A41BF781A_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4155673D1C813C9CE07E16348A71167_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8DCE889ABA0FD398B72D75434361E0E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B72A064F788A71E890F645D860B253_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\057262A8FE74F335F476A1F69EA1E94E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2179ADF1D78521A81FDF4A732D0AFBB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E1283CE08B9C947214F95D21DD8CDB9_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\676A03FE0D6A5C65BAFF8F8A41BF781A_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4155673D1C813C9CE07E16348A71167_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8DCE889ABA0FD398B72D75434361E0E_3580ED8F-9483-4561-A3F5-DB569A614F1B

C:\BOOT\BCD

Link to post
Share on other sites

Hi,

I see you have UAC disabled. This is not recommended, as this one feature is one of the reasons why Vista is far more secure than XP, and also why you became infected. Please enable it.

Also, you are running P2P programs such as Limewire and BitComet. It is no surprise that you became infected considering the incredible amounts of malware that travel through P2P servers. Not to mention downloading songs from Limewire is illegal. Please uninstall your P2P programs.

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

here you go Results of screen317's Security Check version 0.98.9

Windows Vista Service Pack 2

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 8.5

AVG Online Backup

Windows Live OneCare safety scanner

Windows Live OneCare safety scanner

Windows Live OneCare safety scanner

Windows Live OneCare safety scanner

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

Malwarebytes' Anti-Malware

BOClean

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 13

Java 6 Update 3

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9.1.3

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Spybot Teatimer.exe is disabled!

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

AVG avgemc.exe

ADMINI~1 AppData Local Temp\OnlineScanner\Anti-Virus\fsgk32.exe

ADMINI~1 AppData Local Temp\OnlineScanner\Anti-Virus\fssm32.exe

ADMINI~1 AppData Local Temp\fsonlinescanner.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

hi heres what it says in the error popup windows cannot find combofix , make sure i have the name typed right, and i do , and is still on my system should i manually uninstall combo fix exe?

tried it again but got the same error message and combofix is on the desktop ;)

Link to post
Share on other sites

Okay try this instead:

Make sure ComboFix.exe is named ComboFix.exe and not some other name.

Navigate to Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\ComboFix.exe" /u

Press Enter and let me know if it was successful now.

ok that seemed to work nomore combofix

Link to post
Share on other sites

Great-- continue with the rest of the instructions from Post #14.

hi i did what you asked when i run the scan that works see details work but as soon as i click remove (quarintine that when it pops up the errors. at least it makes it one step closer ,i still have to restart program to view what has been found and for some reason when i fieally get to view quarintine files its always something about live tv which i dont have thanks for working on this with me-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.