OK. I think it's a clean file but am not 100% sure. We will deal with it later if needed.
This is really testing my skills by the way. The Conficker worm is a pretty nasty piece of malware!
But I think I have found all of it. We will run a special tool after ComboFix just to be sure.
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your systemDelete these files/folders, as follows:
1. Go to
Start >
Run > type
Notepad.exe and click
OK to open Notepad.
It
must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing
Ctrl+C KillAll::
Driver::
sqdhuvyqs
File::
c:\windows\system32\sgnofqyb.dll
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sqdhuvyqs]
"ServiceDll"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7017:TCP"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs sqdhuvyqs]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
3. Go to the Notepad window and click
Edit >
Paste4. Then click
File >
Save5. Name the file
CFScript.txt - Save the file to your Desktop
6. Then drag the
CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below.
Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.Note:
Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze----------
After posting the ComboFix log please run the Win32/Conficker.A Removal Tool by Symantec. See
this page if needed.
Follow these steps to download and run the tool:
Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.
- Close all the running programs.
- If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
- If you are running Windows Me or XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
- Locate the file that you just downloaded.
- Double-click the FixDownadup.exe file to start the removal tool.
- Click Start to begin the process, and then allow the tool to run.
.
---
Let me know when that is done. And how the computer is acting now.
,