Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Malware Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Malware Removal

Unread postby loadmaster43 » January 10th, 2008, 5:53 pm

So does the clean scan mean that I am 'safe' now? I should have probably waited for your responses, but after my frustration with Kaspersky, I went into 'Hijack This' and 'fixed' a couple of things. I probably should not have done it? How much trouble did I get myself in? I thought I only took care of things like 'unknown owner", etc. In any case the latest log is as follows, have a nice holiday if I do not hear from you for a few days.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:14 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
H:\WINDOWS\Explorer.EXE
h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
H:\Program Files\palmOne\Hotsync.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Greetings Workshop\GWREMIND.EXE
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\PROGRA~1\McAfee\MPS\mps.exe
H:\WINDOWS\system32\PSIService.exe
h:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
h:\PROGRA~1\mcafee.com\agent\mcagent.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\McAfee\MPS\mpsevh.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: COMCASTTOOLBAR - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = H:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Open with WordPerfect - H:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9819406623
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg

--
End of file - 5368 bytes
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm
Top
Advertisement
Register to Remove

Re: Malware Removal

Unread postby beynac » January 10th, 2008, 6:06 pm

So does the clean scan mean that I am 'safe' now?

Yes, it looks as if the computer is clean. However, we must reinstate the HijackThis entries you 'fixed'. You can restore them from the backup:
  • Open HijackThis and click on the Open the Misc Tools section button
  • Click on the Backups button
  • Select all of the lines which you 'fixed' (you should be able to identify them from the date)
  • Click the Restore button (top right)

-------------------------------------------------

Please reboot the computer and then run HijackThis and post the new log. As I said, it may be a few days before I can get back to you.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Top

Re: Malware Removal

Unread postby beynac » January 15th, 2008, 5:25 am

Good morning.

I checked on Sunday, and again today, to see if you had replied. Are you having problems with my instructions?

I will not be able to check this again until Saturday. Please post by then if you still want my help.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Top

Re: Malware Removal

Unread postby loadmaster43 » January 15th, 2008, 7:15 pm

The instructions were easy enough to follow, however the ones I 'fixed' are on the ignore list and I do not know how to move them to the back up file to restore them?
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm
Top

Re: Malware Removal

Unread postby beynac » January 19th, 2008, 8:31 am

From what you say, it would appear that you didn't 'fix' the items in HijackThis - you put them on the 'Ignore' list. This would explain why programs appeared to be running but didn't appear in the relevant section of the HijackThis log.

--------------------------------------------

Please confirm that there are no items in the backup:
  • Open HijackThis and click on the Open the Misc Tools section button
  • Click on the Backups button
Are there any items showing?

---------------------------------------------

Please do the following to restore the items on the 'Ignore' list:
  • Open HijackThis and click on the Open the Misc Tools section button
  • Click on the IgnoreList button
  • Click the Delete all button
  • Click OK if prompted

---------------------------------------------

Please run HijackThis again and post a new log.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Top

Re: Malware Removal

Unread postby loadmaster43 » January 19th, 2008, 4:56 pm

Hope this helps, and I do appreciate your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:53 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
H:\Program Files\palmOne\Hotsync.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Greetings Workshop\GWREMIND.EXE
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\PROGRA~1\McAfee\MPS\mps.exe
H:\WINDOWS\system32\PSIService.exe
h:\PROGRA~1\mcafee.com\agent\mcagent.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\McAfee\MPS\mpsevh.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\internet explorer\iexplore.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: COMCASTTOOLBAR - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "H:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = H:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Open with WordPerfect - H:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9819406623
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - H:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - H:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg

--
End of file - 7551 bytes
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm
Top

Re: Malware Removal

Unread postby beynac » January 20th, 2008, 7:59 am

Good morning.

Well done, your HijackThis log is now showing all of the services. It is possible that malware altered the power settings. Let's try re-instating the default settings:

  • Click Start then Run...
  • Copy the following and paste it into the Run Open: textbox: cmd /k powercfg /RestoreDefaultPolicies
  • Click OK
  • Type exit and then press the Return key
  • Restart Windows and see if you're able to save new Power schemes now

Please let me know if this sorts out the problem.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Top

Re: Malware Removal

Unread postby loadmaster43 » January 20th, 2008, 1:58 pm

Before I perform the requested action I wanted to let you know that MS e-mailed me a patch or fix for my power settings. That seems to have fixed the power setting options. Would I still have to perform your requested task? The other thing is if or when should I delete or 'fix' anything listed on the Hijack This Log?
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm
Top

Re: Malware Removal

Unread postby beynac » January 20th, 2008, 2:33 pm

I'm glad that your power settings problem is sorted out. Don't carry out my instructions to restore the default settings. You don't need to delete or fix anything in HijackThis.

--------------------------------

We need to uninstall ComboFix. This will remove its quarantine folder and flush any infected system restore points.

  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Image

---------------------------------

If you do not already use it, I suggest that you install SpywareBlaster. This program will:
  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
This program blocks these items but does not run in the background. It therefore does not use any resources.

I would also recommend that you have a look at Firetrust SiteHound. This gives warnings when you are about to enter a website that is on their 'block' list. An alternative is McAfee SiteAdvisor. I use SiteHound, but both have a good reputation (N.B. use only one of them, not both).

This article, How to prevent Malware by miekiemoes, gives some very good advice.

Please let me know whether you have any questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Top

Re: Malware Removal

Unread postby loadmaster43 » January 20th, 2008, 9:00 pm

I tried running Combofix /u however the response came back cannot find 'source document'? Ran a search that found six files but I could not delete those either. So I have no answer for those. I met someone the other day in my place of work who also recommended SpywareBlaster. He is a Forensic Computer specialist with our State Police. I did save to my desktop the two sites you listed, I am not sure which one I will use. Although some McAfee services are provided by my ISP, just not SiteAdvisor. So probably I will use the McAfee product to keep it in the family. I also put to my favorites the article you mentioned for future reference. I cannot say this enough, but you have been a tremendous help and extremely patient. Thank You!
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm
Top

Re: Malware Removal

Unread postby beynac » January 21st, 2008, 7:56 am

Good morning.

I'm not sure why ComboFix won't uninstall. Please delete ComboFix from your desktop, together with any CFScript files and also the following folder (highlighted in red): H:\qoobox\.

I suggest that you flush system restore, to remove any infected restore points:

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK

Please let me know if you have any further questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Top

Re: Malware Removal

Unread postby NonSuch » January 27th, 2008, 3:26 am

As this issue appears to be resolved, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 159 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index