Go ahead and exit out of it and try something else. If it doesn't work like this we will move to something else.
- Make sure combofix is located on your desktop.
- Now STOP all your monitoring programs
- Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
- Click on your START button and choose Run. Then copy/paste the entire content of the following Codebox (Including the "" marks and the Symbols) into the run box.
"%userprofile%\desktop\ComboFix.exe" /KillAll
[/B]
(http://i154.photobucket.com/albums/s258/evilfantasy69/cfcmd.png)
- Click OK and this will start combofix in a special way.
- When finished, it will produce a log.
- Please save that log to a Notepad File and include it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* ComboFix will automatically Restart your machine when the KillAll switch is used.
Combofix (CF) disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
No problem on the help. I took an interest in malware removal and this has been a good challenge. So we are actually helping each other.
Lets do some cleanup right now. Any logs or programs left on the desktop can be deleted after this step (if they are still there)
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)
.
The above procedure will:- Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
Download OTMoveIt2 by OldTimer OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it installed)
1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2
Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Now to start over with CF. It's been long enough that we would need to download an updated copy anyway so it's removal was necessary.
Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)- Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
- Link #2 (http://subs.geekstogo.com/ComboFix.exe)
- Link #3 (http://www.forospyware.com/sUBs/ComboFix.exe)
Important! Combofix.exe MUST be saved to and ran from the Desktop.- Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.[
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
Next post
Combofix log