EMTI Posted August 28, 2009 ID:116370 Share Posted August 28, 2009 Hi,I Got the same problem with one of my customer computer. What i found, is when we try to open mbam.exe or combofix, or any other program that can help to clean spyware, when you start the scan, the program close automatically, and the spyware / virus reset the security settings on the files used to Everyone. (security tabs on files properties)If you reset back the security on your files (like mbam.exe) to your account name with full rights (Occurs only on NTFS partition), you are now able to re-execute the software (like mbam.exe). When you restart the scan, oupss, it's not working again and the security reset again to Everyone.after many hours of triyng everything possible, I try this:Remove the hard disk from the infected computer.install the hard drive on a clean computer.scan the attached hard disk with malware bytes. (dind't found anything)scan the attached hard disk with kaspersky (dind't found anything)scan the attached hard disk with SuperAntispyware (didn't found anything)scan the attached hard disk with nod32 - didn't find anythingfor combofix - not try because can't specify a drive letters other than c: to scanSo i will wait until next monday if can find a solution. If can't i will reformat the pc and re-install all the stuff... Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 31, 2009 Staff ID:117871 Share Posted August 31, 2009 Hi,Download and run Win32kDiag:1. Download Win32kDiag from any of the following locations and save it to your Desktop.Download Win32kDiag (Win32kDiag.exe) - #1Download Win32kDiag (Win32kDiag.exe) - #2Download Win32kDiag (Win32kDiag.exe) - #3 2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish. 3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. 4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted September 8, 2009 Staff ID:122748 Share Posted September 8, 2009 Due to the lack of feedback, this Topic is closed.If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.Everyone else please begin a New Topic. Link to post Share on other sites More sharing options...
Recommended Posts