Jump to content

rootkit and spambot


jlphoto

Recommended Posts

Yesterday around 10 am the command prompt popped up and netsh was initiated. My computer froze instantly for about 30 seconds.

Within a couple minutes Avast started popping up with suspicious message warnings. Based upon the the email scanner, service.exe is initating the emails - something about Viagra 80% off. As I don't feel that it is my responsibility to single handedly end erectile dysfunction one email at a time, I have tried desperately to stop this for the past two days now.

Avast! picks up a file: windows\system32\drivers\dpzhpzub.sys via a heuristic method. Options here are either to delete and ignore. Regardless of choice, once an option is chosen the emails and corresponding warnings begin in mass.

After detection of this file Avast! asked to reboot and begin a memory scan which does not find anything.

Malwarebytes first picked up this file and several others- 14 of which were removed, but 3 remained. Below I will attach this log.

I have attempted to manually remove the .sys file through several methods: killing explorer.exe, safe mode, command prompt, removal upon reboot, etc. . . all come with their own error messages.

I posted this message and plea for help over in the general section of the forum and was directed to "start here" post on removing malware. I attempted to complete each step however GMER locks the computer. It will finish running after several hours but then any attempt to save a .log file of the results or do absolutely anything on the computer just locks the system up.

Defogger has been initiated.

Here a the list of logs I have. The first is the DDS log, the second the Malwarebytes log from yesterday.

thank you for your help.

DDS (Ver_09-12-01.01) - NTFSx86

Run by BTXP4 at 8:51:31.23 on Sun 12/20/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1343 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091220-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\SRNMIC~1\SOLOSENT.EXE

C:\SRNMIC~1\SOLOCFG.EXE

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\FreeFixer\freefixer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\BTXP4\Desktop\Defogger.exe

C:\Documents and Settings\BTXP4\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [AdobeBridge]

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [soloSentry] c:\srnmic~1\SOLOSENT.EXE

mRun: [soloSchedule] c:\srnmic~1\SOLOCFG.EXE

mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"

mRun: [soloSysCheck] c:\srnmic~1\SYSCHECK.COM

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier\norton cleanup\WCQuick.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab

DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Notify: igfxcui - igfxdev.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\byXqnklM

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\btxp4\applic~1\mozilla\firefox\profiles\oc6o4qg2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-29 114768]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-12-19 223312]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-12-19 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-12-19 29776]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-29 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-10-7 138680]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-30 66048]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-12-19 1282248]

R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-12-19 3291336]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-10-7 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-10-7 352920]

S2 gupdate1c9facb86cc0a16;Google Update Service (gupdate1c9facb86cc0a16);c:\program files\google\update\GoogleUpdate.exe [2009-7-1 133104]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\btxp4\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\btxp4\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-6-30 167808]

S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-6-30 13532]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-12-20 13:49:00 0 ----a-w- c:\documents and settings\btxp4\defogger_reenable

2009-12-20 08:14:25 0 d-----w- c:\program files\DrWeb

2009-12-20 07:51:08 9216 ----a-w- c:\windows\system32\ffnd.exe

2009-12-20 07:23:29 0 d-----w- c:\docume~1\btxp4\applic~1\FreeFixer

2009-12-20 07:22:02 0 d-----w- c:\program files\FreeFixer

2009-12-20 06:56:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2009-12-20 06:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit

2009-12-20 02:40:47 0 d-----w- c:\program files\GiPo@Utilities

2009-12-20 02:40:47 0 d-----w- c:\program files\common files\Gibinsoft Shared

2009-12-20 02:35:00 0 d-----w- c:\program files\FileDeleter

2009-12-19 22:15:26 0 d-----w- c:\docume~1\btxp4\applic~1\OnlineArmor

2009-12-19 22:15:26 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor

2009-12-19 22:14:40 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-12-19 22:14:39 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-12-19 22:14:39 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-12-19 22:14:37 0 d-----w- c:\program files\Tall Emu

2009-12-19 21:03:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-19 21:03:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-19 21:03:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-19 20:10:00 38 ----a-w- c:\windows\SOLOSCAN.BAT

2009-12-19 20:09:51 0 d-----w- C:\SRN Micro

2009-12-19 19:29:55 0 d-----w- c:\program files\Trend Micro

2009-12-19 16:11:03 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-19 15:50:59 0 d--h--w- c:\windows\system32\GroupPolicy

2009-12-19 15:14:36 0 ----a-w- c:\windows\Pqazuleb.bin

2009-12-19 15:14:35 120 ----a-w- c:\windows\Wquralosacevezuy.dat

2009-12-19 15:08:54 734208 ----a-w- c:\windows\system32\drivers\dpzhpzub.sys

2009-12-14 13:47:51 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-30 14:14:42 27784 ----a-w- c:\windows\system32\drivers\point32.sys

2009-11-30 14:14:15 0 d-----w- c:\program files\Microsoft IntelliPoint

2009-11-30 14:12:10 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2009-11-30 14:12:10 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-11-30 14:12:06 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2009-11-30 14:12:06 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-11-30 14:12:03 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2009-11-30 14:12:03 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

==================== Find3M ====================

2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-26 21:34:03 0 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT

2009-10-26 21:33:26 0 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT

2009-10-26 21:31:54 20 -c-h--w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-08 19:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2009-10-08 19:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 19:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2008-12-29 22:11:51 704273 --sha-w- c:\windows\system32\MlknqXyb.ini2

2008-09-26 00:10:44 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 8:56:59.65 ===============

here is the Malwarebytes:

Malwarebytes' Anti-Malware 1.42

Database version: 3393

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/19/2009 9:07:12 PM

mbam-log-2009-12-19 (21-07-12).txt

Scan type: Full Scan (C:\|)

Objects scanned: 359182

Time elapsed: 1 hour(s), 41 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 3

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\lxccgcur.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78cb660c-5d78-60ee-2172-7d2a2b2b4738} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{78cb660c-5d78-60ee-2172-7d2a2b2b4738} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78cb660c-5d78-60ee-2172-7d2a2b2b4738} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: ipkbotri.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\gayubowu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\warewabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lxccgcur.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\ipkbotri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\sr882388.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\dpzhpzub.sys (Rootkit.Agent) -> Delete on reboot.

C:\Documents and Settings\BTXP4\Start Menu\Programs\Startup\siszyd32.exe (Trojan.Agent) -> Delete on reboot.

C:\RECYCLER\4BB9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\BTXP4\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi there,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.