2 replies to this topic

[cocobo]

Removed Trojan.cw according to Thread 13753 but need a second opinion to make sure I've done it right.

This trojan looks like it rode in on the PDF javascript exploit. (Reader 7)
User had up to date AVG free and MS updates.

Ran ComboFix with a different CFscript than post 13753.
Ran Malwarebytes to clean up.
Ran HJT.

Uploading all logs here.

Your feedback is greatly appreciated!

Attached Files

•  ComboFix2.txt   26.38K   26 downloads
•  mbam_log_2009_04_21__19_46_22_.txt   833bytes   34 downloads
•  hijackthis.txt   8.81K   23 downloads

[miekiemoes]

Quote

Ran ComboFix with a different CFscript than post 13753.

Did you create that CFScript? Or did someone else post it for you?

Anyway, the logs are a bit confusing since I don't know in what exact order the things were done.
That's why I suggest you scan again with MBAM first, then reboot, then run Combofix again (no CFScript, just normal run) and post the logs.
So, mbam log should be created before the combofix log since I asked you to run it first

[miekiemoes]

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.