Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ViewpointService.exe lockup?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: ViewpointService.exe lockup?

Unread postby cwier60 » January 4th, 2010, 9:49 pm

muppy03 wrote:Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

The above procedure will implement some cleanup procedures as well as reset System Restore points
Unfortunately, I was unable to do this. I told you that I had renamed ComboFix.exe to garbage.exe because the rootkit was preventing it from running. Long after it had run, I renamed the file back to ComboFix and moved it to a directory along with some other malware removal programs we used. Before trying to uninstall it, I moved it back to its original location on the desktop and tried this command, but got a Windows error message stating that Windows cannot find 'ComboFix'. Make sure... I tried renaming the file to garbage.exe and typing garbage /Uninstall, but got the same error message.

I manually deleted Dial a fix and System look and then ran the OTM Cleanup. After the reboot, Combofix/garbage was gone as well, so I don't know if some cleanup functions did not get run. There are some directories and files remaining that were a part of this process. Can I re-install ComboFix and run the cleanup, or is there a way to finish up other than manually deleting things? The following directories and files remain and look like they could be deleted (and resulted from running ComboFix):

  • C:\Config.Msi\10a4c5.rbs
  • C:\garbage\NircmdB.exe
  • C:\garbage10669g\mbr.txt
  • C:\garbage10669g\CF17292.cfxxe
  • C:\garbage10669g\mbr.cfxxe

I expect that there may be others as well. I assume that the System Restore Point has not been reset either. Sorry for the complications.
cwier60
Active Member
 
Posts: 11
Joined: December 24th, 2009, 8:26 pm
Advertisement
Register to Remove

Re: ViewpointService.exe lockup?

Unread postby muppy03 » January 5th, 2010, 4:29 am

Sorry for the complications.

Not a problem at all :)

Probably the easiest way to sort this is to manually delete the files. Do this by Right clicking start, then select explore. Navigate and delete the following folders. I will add the normal named Combofix folders and if there delete them by right clicking and selecting delete. Deleting the folders will remove the files also.

    C:\combofix
    C:\Qoobox
    C:\garbage
    C:\garbage10669g


DO NOT DELETE this file:-

    C:\Config.Msi\10a4c5.rbs

Upload to Jotti or virus total, and lets see what it is, you don’t want to crash the computer after cleaning it.

Please go to Virus Total <http://www.virustotal.com/> or Jotti
and upload C:\Config.Msi\10a4c5.rbs for scanning.

For Virus Total
1. Please copy and paste C:\Config.Msi\10a4c5.rbs in the text box next to the Browse button.
2. Click on Send File.
For Jotti
1. Please copy and paste C:\Config.Msi\10a4c5.rbs in the text box next to the Browse button.
2. Click on Submit.

Please post back the results of the scan in your next post.

Manually flush restore points

Please create a new Restore Point
To to this
  • Click Start -> All Programs -> Accessories -> System Tools -> System Restore
  • Choose the Create a restore point option then click on next
  • You can name your restore point something like All clean then select create
  • Once the Restore Point has been created you can hit close

Since we have created a New and Clean Restore Point, I would like you to remove all the Old Restore Points as some of these are infected and if used would re-infect your computer.

To do this
  • Click Start then click on My Computer Right Click Local Disk c:then select Properties
  • Click on Disk Cleanup a box shall open scanning you files. This could take a few minutes.
  • Once the scan is complete another window will appear. Select the More Options Tab
  • Under System Restore select clean up this will remove all System Restore points except for the most recent one. The one we created earlier.

Let me know how it goes and what the results of that file are.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: ViewpointService.exe lockup?

Unread postby cwier60 » January 6th, 2010, 12:59 am

muppy03 wrote:I will add the normal named Combofix folders and if there delete them by right clicking and selecting delete. Deleting the folders will remove the files also.

    C:\combofix
    C:\Qoobox
    C:\garbage
    C:\garbage10669g

The first 2 didn't exist. I deleted the 2nd two.

muppy03 wrote:
    C:\Config.Msi\10a4c5.rbs
Upload to Jotti or virus total, and lets see what it is, you don’t want to crash the computer after cleaning it.

Please post back the results of the scan in your next post.

I uploaded it to both sites, and neither found anything. I may look a little further on Google, but will probably rename the directory. If everything seems OK, I'll just delete in a week or so.

muppy03 wrote:Please create a new Restore Point

Let me know how it goes and what the results of that file are.
Everything's done and it appears that the system is clean and ready to go. Thanks again for your excellent support.
cwier60
Active Member
 
Posts: 11
Joined: December 24th, 2009, 8:26 pm

Re: ViewpointService.exe lockup?

Unread postby muppy03 » January 6th, 2010, 4:03 am

Glad I was able to help :)

Just remember this bit C:\Config.Msi is legit.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: ViewpointService.exe lockup?

Unread postby Gary R » January 7th, 2010, 5:42 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware