Jump to content

Malwarebytes Shuts Down, becomes disabled


wasser1

Recommended Posts

My XP Box is infected with a virus or malware. I am able run Malwarebytes in Safe Mode but Malwarebytes shuts down after 4 seconds using "Peforms quick scan" or "Perform Flash Scan". Then Malwarebytes (Mbam.exe) wont run and gives the error message 'Windows cannot access the specfic device, path or file. You may not have the appropriate permissioms to access them." No log is created. I can reinstall Malwarebytes but subsequent sessions kick out wont run again. Reenaming mbam.exe does not make any difference.

GMER also crashed and wont create a log.

Please help

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03

Run by Russ at 22:31:22 on 2011-09-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1564 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\1685201356:870223259.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.jsonline.com/

BHO: adfabonppr Object: {26d02f99-ae5b-4533-ad67-e23b4b20d60d} - c:\windows\$blstun$\qgnnv.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - :c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - :c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: brumabonpgrm Object: {795f4311-02c9-4b7b-a9bb-78d4fe68a98d} - c:\windows\$blstun$\lmatn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - :c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - :c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - :c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - :c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - :c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - :c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] :c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [MSMSGS] :"c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\russ\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [speedUpMyPC] :"c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000

uRun: [Hgobadajakucura] :rundll32.exe "c:\windows\dmodbd4.dll",Startup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] :c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] :RTHDCPL.EXE

mRun: [skyTel] :SkyTel.EXE

mRun: [Alcmtr] :ALCMTR.EXE

mRun: [Windows Defender] :"c:\program files\windows defender\MSASCui.exe" -hide

mRun: [CoolSwitch] :c:\windows\system32\taskswitch.exe

mRun: [FastUser] c:\windows\system32\fast.exe

mRun: [DUControl] :"c:\program files\directupdate v4\DUControl.exe"

mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe

mRun: [ANIWZCS2Service] :c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] :c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] :"c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [ZoneAlarm Client] :"c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [brStsWnd] :c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [bSDAppUpdater] :c:\program files\common files\bsd\appupdater\BSDChecker.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Mobile Connectivity Suite] :"c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [Cbiqotudo] :rundll32.exe "c:\windows\acubusax.dll",Startup

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [lqbkkvy] c:\windows\system32\config\systemprofile\application data\ubmg.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [smad] "c:\documents and settings\russ\local settings\application data\sanctionedmedia\smad\Smad.exe"

mExplorerRun: [application] c:\program files\akprog\AKProg.exe hs

StartupFolder: c:\docume~1\russ\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office97\office\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - :c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.14/uploader2.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{298712DF-6AC1-4A89-8035-19854580A189} : DhcpNameServer = 192.168.0.1

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\russ\application data\mozilla\firefox\profiles\q7ftiz9e.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff30\gears.dll

FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll

FF - plugin: c:\documents and settings\russ\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\russ\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAWREM.DLL

FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: ZoneAlarm Spy Blocker Toolbar: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: MSN Toolbar: msntoolbar@msn.com - c:\program files\msn toolbar\platform\4.0.0379.0\Firefox

FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension

.

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: browser.search.order.1 - Search

FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101179100&s=

============= SERVICES / DRIVERS ===============

.

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-26 243152]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-6-25 353680]

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-12-19 37376]

S0 nhkxcl;nhkxcl;c:\windows\system32\drivers\xjdctffe.sys --> c:\windows\system32\drivers\xjdctffe.sys [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-26 216400]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-5 29712]

S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-2-27 33824]

S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-25 464264]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

S2 gupdate1c90e4caaec528c;Google Update Service (gupdate1c90e4caaec528c);c:\program files\google\update\GoogleUpdate.exe [2008-9-4 133104]

S2 MouseDriver;MouseDriver;c:\windows\system32\config\systemprofile\application data\MouseDriver.bat [2011-9-21 113]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2004-3-12 547744]

S3 DirectUpdate;DirectUpdate engine;c:\program files\directupdate v4\DUEngine.exe [2008-2-27 184832]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-13 24576]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-6-13 30336]

.

=============== Created Last 30 ================

.

2011-09-25 03:17:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 03:16:06 -------- d-----w- C:\m1

2011-09-25 02:44:07 9852544 ----a-w- C:\mbam.exe

2011-09-24 15:04:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-24 15:04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-21 21:08:42 103 ---h--w- c:\documents and settings\russ\application data\MouseDriver.bat

2011-09-21 21:08:38 -------- d-----w- c:\documents and settings\russ\local settings\application data\SanctionedMedia

2011-09-21 21:08:36 55808 ----a-w- c:\documents and settings\russ\application data\ubmg.exe

2011-09-21 20:55:19 -------- d-----w- c:\windows\$BLSTUN$

2011-09-21 20:55:13 -------- d-----w- c:\documents and settings\all users\application data\WSTB

2011-09-02 04:43:51 -------- d-----w- c:\documents and settings\russ\local settings\application data\EapHelpvga

.

==================== Find3M ====================

.

2004-03-01 20:58:18 561424 ----a-w- c:\program files\dao360.dll

2004-03-01 20:58:18 561424 ----a-w- c:\program files\common files\dao360.dll

1999-10-13 19:05:00 570128 ----a-w- c:\program files\Dao350.dll

1999-10-13 19:05:00 570128 ----a-w- c:\program files\common files\Dao350.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST380815AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A1F4CA0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A30BAB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A284668]

\Driver\00000277[0x8A283580] -> IRP_MJ_CREATE -> 0x8A1F4CA0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A32A31B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:33:07.87 ===============

Link to post
Share on other sites

Hello and :welcome:

I see evidence of two serious rootkits here. Before cleaning this, please read the following.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.