Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Virus, Not Sure Where :-(  (Read 11519 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Virus, Not Sure Where :-(
« Reply #15 on: March 26, 2011, 11:42:20 AM »
Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::

    File::
    c:\documents and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe
    C:\fgujfsee.exe

    Folder::
    C:\Program Files\wadwupun

    RegNULL::
    [HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62,
       63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\
    "bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d,
       64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a
    .
    [HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66,
       69,6a,00,00
    "halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65,
       61,69,63,6e,00,00
    "iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

paulwilko10

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Re: Virus, Not Sure Where :-(
    « Reply #16 on: March 27, 2011, 05:17:25 AM »
    Hiya Dave

    Just to let you know that I decided to rebuild my pc.

    I have wanted to do that for a while now and the way we were struggling to solve this issue, thought now was as good a time as any.

    Just like to say thx for all your help and if i have any such issues again, would not hesitate to ask for your help

    Once again

    Thanks

    Paul
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Virus, Not Sure Where :-(
    « Reply #17 on: March 27, 2011, 12:41:27 PM »
    Ok Paul. If that is your wish. I will lock this thread. If you need it re-opened, please send me a pm.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's
    Pages: 1 [2]  All   Go Up
    « previous next »