Jump to content

VirusRemover2008, Trojan.Zlob, Downloader, Trojan.Adclicker


Recommended Posts

Any assistance would be greatly appreciated.

OS: Windows XP

Domain: Yes

Standard Applications: Symantec AntiVirus 10.0.1.1, LANDesk 8.70.5.26, IE Privacy Keeper, Cisco Clean Access 4.1.7

Scans: Performed in Normal Mode (not Safe Mode)

System Restore: Disabled

Thanks,

Jim

-----Symantec Virus Notices-----

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:25:38 AM

Risk: Downloader

Path: C:\DOCUME~1\jcryan\APPLIC~1\Sun\Java\DEPLOY~1\cache\javapi\v1.0\jar\JVMIMP~1.ZIP

AAction: Delete

CAction: 0

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:25:38 AM

Risk: Downloader

Path: C:\DOCUME~1\jcryan\APPLIC~1\Sun\Java\DEPLOY~1\cache\javapi\v1.0\jar\JVMIMP~1.ZIP

AAction: Delete

CAction: 1

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:25:43 AM

Risk: VirusRemover2008

Path: Unavailable

AAction: Clean

CAction: 2

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:25:43 AM

Risk: VirusRemover2008

Path: Unavailable

AAction: Leave Alone

CAction: 103

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:25:59 AM

Risk: Trojan.Zlob

Path: c:\windows\system32\ljjyrjdb.dll

AAction: Leave Alone

CAction: 1463

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:26:04 AM

Risk: Trojan.Zlob

Path: c:\windows\system32\ljjyrjdb.dll

AAction: Partial

CAction: 7

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:26:04 AM

Risk: Downloader

Path: C:\DOCUME~1\jcryan\APPLIC~1\gadcom\gadcom.exe

AAction: Delete

CAction: 0

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:26:09 AM

Risk: Downloader

Path: C:\System Volume Information\_restore{1D32FAED-B9ED-40D2-AC66-A0F6412FB165}\RP316\A0061961.exe

AAction: Delete

CAction: 0

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:26:09 AM

Risk: Downloader

Path: C:\DOCUME~1\jcryan\APPLIC~1\gadcom\gadcom.exe

AAction: Delete

CAction: 1

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: SYSTEM

Date: 1/12/20097:26:09 AM

Risk: Trojan.Zlob

Path: C:\WINDOWS\SYSTEM32\LJJYRJDB.DLL

AAction: Delete

CAction: 6

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: SYSTEM

Date: 1/12/20097:26:09 AM

Risk: Trojan.Zlob

Path: C:\WINDOWS\SYSTEM32\LJJYRJDB.DLL

AAction: Delete

CAction: 1463

RAction: Clean

Alert Name: Risk Repaired

PC: MISLAP04

Name: jcryan

Date: 1/12/20097:26:14 AM

Risk: Downloader

Path: C:\System Volume Information\_restore{1D32FAED-B9ED-40D2-AC66-A0F6412FB165}\RP316\A0061961.exe

AAction: Delete

CAction: 1

RAction: Clean

Alert Name: Risk Repaired

Alert: Virus Found

User:

Virus: Trojan.Adclicker

Computer: MISLAP04

Date: 1/12/20097:26:14 AM

Severity: Critical

Source: Symantec AntiVirus Corporate Edition Actual Action: Clean Requested Action: Clean

Path:

Logger: Forward from server:Auto-Protect

Alert: Virus Found

User:

Virus: Trojan.Zlob

Computer: MISLAP04

Date: 1/12/20097:26:14 AM

Severity: Critical

Source: Symantec AntiVirus Corporate Edition Actual Action: Clean Requested Action: Clean

Path:

Logger: Forward from server:Auto-Protect

Alert: Virus Found

User:

Virus: Downloader

Computer: MISLAP04

Date: 1/12/20097:26:41 AM

Severity: Critical

Source: Symantec AntiVirus Corporate Edition Actual Action: Clean Requested Action: Clean

Path:

Logger: Forward from server:Auto-Protect

Alert: Virus Found

User:

Virus: Trojan.Adclicker

Computer: MISLAP04

Date: 1/12/20097:26:41 AM

Severity: Critical

Source: Symantec AntiVirus Corporate Edition Actual Action: Clean Requested Action: Clean

Path:

Logger: Forward from server:Auto-Protect

--------------------------------------------------

-----Malwarebytes' Anti-Malware Scan Log-----

Malwarebytes' Anti-Malware 1.32

Database version: 1645

Windows 5.1.2600 Service Pack 2

01/12/2009 9:23:29 AM

mbam-log-2009-01-12 (09-23-29).txt

Scan type: Full Scan (C:\|)

Objects scanned: 124174

Time elapsed: 40 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------

-----Hijackthis Scan Log-----

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:24:46 AM, on 01/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\CCAAgentStub.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\cba\pds.exe

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\LANDesk\LDClient\softmon.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\LANDesk\LDClient\rcgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint\Apntex.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\My Downloads\EditPad Lite\EditPad Pro\EditPadPro.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.253:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

rmail.ecfmg.org;*.nbmecentral.org;172.*;192.168.*;ts*.ecfmg.org;*.local;kray.kra

y.org;<local>

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2

/Tspan=60 /Rstart

O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDIScn32.exe"

/NTT=PHLPAMS9:5007 /S=PHLPAMS9 /I=HTTP://PHLPAMS9/ldlogon/ldappl3.ldz /NOUI /rstart=60

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

/background

O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office

Communicator\Communicator.exe" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access

Agent\CCAAgentLauncher.exe

O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe

O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} -

C:\WINDOWS\system32\proxypal.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O16 - DPF: {1359DD49-0D00-4F6D-BE1A-56693B8B04BD} (CBootstrap Object) -

https://phlpams25/forecaster70/cabs/fcbootstrap.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) -

https://caserver2.ecfmg.org/auth/CCALogin.CAB

O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) -

http://phlpams9/common/ENUrcviewer.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECFMG.ORG

O17 - HKLM\Software\..\Telephony: DomainName = ECFMG.ORG

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECFMG.ORG

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECFMG.ORG

O20 - AppInit_DLLs: kqycqz.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program

Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program

Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: CCA Agent Stub (CCAAgentStub) - Cisco Systems, Inc. - C:\WINDOWS\system32\CCAAgentStub.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco

Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program

Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. -

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. -

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program

Files\LANDesk\LDClient\softmon.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major

Audio\WDM\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\Rtvscan.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 11631 bytes

Link to post
Share on other sites

Your Java application is out of date and causes a slight security risk as a result.

Please follow these steps to remove older version Java components:

  • Close any open programs you may have running, especially your web browser.
  • Click Start-->Control Panel-->Add or Remove Programs.
  • Click once on any item having Java Runtime Environment in it's name then click the "Remove" button.

Not every version of Java will begin with "Java" so be sure to read each entry in the list.

Repeat the third step above as many times as necessary to remove all versions of Java.

***NOTE***

If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

  • Navigate to and delete: C:\Program Files\Java<--the Java folder indicated in Bold Red Text (if found)
  • Then go to this page. Scroll down to the first download link, "Java SE Runtime Environment (JRE) 6 Update 11" and click the "Download" button to the right. Select the platform for "Windows".
  • Check the box that says: "I agree to the Java SE Runtime Environment # License Agreement", then click Continue...The page will refresh

Then, click on the link to download Windows Offline Installation. Save it to your desktop.

Now, from your desktop, double-click on the executable to install the newest version.

Next, please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

Link to post
Share on other sites

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.