Request for Help with Trojan Virus Removal

[abluewhale07]

Hi Super Dave, I've followed and completed the first two steps you wrote. ComboFix doesn't seem to be working though, I've downloaded it fine. But whether I run it as an administrator or not all that happens on opening it is a small box opens titled 'combofix' and the green (installation?) bar fills up and the program doesn't get any further...

[SuperDave]

Could you please delete ComboFix, download again and try running again. This is a very stable program and shouldn't be causing problems.

[abluewhale07]

ok sorry if i'm being insanely stupid here, but downloaded combofix fine. Opened it and it went straight into scan mode. No log was produced and several things (such as half my desktop shortcuts) were deleted by combofix at the end of it's scan... the system restore function being one of them...

i've attached a HJT log but cannot find a combofix log anywhere on my computer.



[Saving space, attachment deleted by admin]

[evilfantasy]

Hello abluewhale07.

Let's see what we can do here. Please bear with me. You are one of the few who ran ComboFix with this bug.

Please get the C:\QooBox\ComboFix-quarantined-files.txt and attach it here so we can attempt to work up a fix to restore everything.

[abluewhale07]

ah right. everything that got deleted has gone into Qoobox - there's a folder called 'C' with all my stuff in. I think I've got the log you need although it's not got the same title. It's the only log I can find in the folder.

Thanks

Lj

[Saving space, attachment deleted by admin]

[evilfantasy]

No that's not it.

Try this please.

Look for the quarantined files text file located in C:\QooBox\ComboFix-quarantined-files.txt <- There may be some numbers mixed in representing the date and other data.

[abluewhale07]

hmmm I honestly cannot find it. I've tried searching for just 'combofix' 'quarantined' 'files' and '.txt' as well as the whole thing in the QooBox folder.

The '.txt' came back with a list of '.txt.vir' files, but not a single '.txt' file. Interestingly I keep getting messages saying that my Recycling Bin is corrupt and would I like to empty it. I haven't emptied it yet but is it possible the combofix-quarantine file is on there?

I've tried changing my search settings to include hidden folders and those critical to windows running. But still no luck.

When I go into the QooBox folder I'm met with 5 folders: BackEnv, Last Run, Quarantine, Test & CTest.

Last Run, Test & CTest are all empty. Quarantine holds the lost folders and BackEnv holds '.dat' files. There is also a file called 'SetPath.bat'

No 'ComboFix-quarantined-files.txt' though...

No crucial files from my OS drive have been quarantined, just from my hard drive on C.

Is there anyway to manually restore the quarantined files??

Lj

[evilfantasy]

Work the instructions in this link. http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/455388-combofix-issue-resolution.html

[abluewhale07]

thanks evilfantasy, CFDQ-UsrPrf.exe seems to be working as desktop icons and folders are reappearing. It's got about 50gig to do so looks like it's gonna take a while. will let you know when it's done.

thanks for being so patient

[evilfantasy]

Sounds good. I'll be away for a while but will be back to continue later.

[abluewhale07]

ok restore worked great everything's back that went when combofix went crazy. The Qoobox folder still has the 50gigs in that was quarantined (even though this has all been restored) is it safe to delete this?? Also my recycling bin is still strangely corrupt...

[abluewhale07]

ok recycling bin is no longer being strange

[evilfantasy]

Did you download and run combofix as described in the instructions?

I need the new log.

[evilfantasy]

Sorry the instructions changed and they removed the ComboFix links.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[abluewhale07]

many thanks evilfantasy

Lj

[Saving space, attachment deleted by admin]