No problem on the help. I took an interest in malware removal and this has been a good challenge. So we are actually helping each other.
Lets do some cleanup right now. Any logs or programs left on the desktop can be deleted after this step (if they are still there)
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
Download OTMoveIt2 by OldTimer
OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)
1. Double click
OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator2. Click on the
CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click
YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2
Set a New Restore Point to prevent possible reinfection from an old oneSetting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
.
Use the
Secunia Software Inspector to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Now to start over with CF. It's been long enough that we would need to download an updated copy anyway so it's removal was necessary.
Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)
Important! Combofix.exe
MUST be saved to and ran from the
Desktop.
- Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.[
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
Next post
Combofix log