Jump to content

Trojan.Agent, Trojan:DOS/Alureon.A, Virus Win64/Sirefef.A, Rootkit.0Access, Trojan.0Access


Recommended Posts

Yep...and it appears I'm again running into the ZA issues that I found here with the firewall being "broken", etc., so with your blessing, I'll proceed with those steps to resolve the issue and report when completed? Obviously, I welcome any other suggestions, etc...

Link to post
Share on other sites

We can do it like this..............

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

I like that much better than manually fixing registry issues that ZA caused. Tools=muy bueno.

Farbar Service Scanner Version: 07-10-2012

Ran by Gator (administrator) on 09-10-2012 at 13:15:02

Running from "C:\Users\Gator\Downloads"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.

Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-16 20:08] - [2011-12-27 21:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-09-24 17:33] - [2012-03-30 05:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2012-09-24 17:33] - [2012-04-23 23:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Download all of these reg files to your desktop

Then double click on each one and allow it to merge into the registry

Reboot and rescan with FSS and post the new log, MrC

http://download.blee...es/7/MpsSvc.reg

http://download.blee...vices/7/BFE.reg

http://download.blee...es/7/wscsvc.reg

http://download.blee.../7/wuauserv.reg

http://download.blee...ices/7/BITS.reg

Link to post
Share on other sites

Getting warmer. Right after the reboot from merging those into the registry, Windows Update started instantly and brougt in 35 updates (including SP1).

Looks like Windows Defender is still having difficulty:

New Farbar scan:

Farbar Service Scanner Version: 07-10-2012

Ran by Gator (administrator) on 09-10-2012 at 14:50:34

Running from "C:\Users\Gator\Downloads"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-16 20:08] - [2011-12-27 21:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-09-24 17:33] - [2012-03-30 05:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2012-10-09 14:02] - [2012-06-01 23:25] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

WinDefend Service > leave this disabled

Check to see that these services are enabled:

Windows Security Center(WSCSVC)

1. Click Start, type Services.msc in Start Search bar, and then press Enter.

2. In the right pane, double-click Security Center.

3. In the Startup type list, click Automatic, click Apply, click Start, and then click OK.

4. Restart the computer.

Same for:

Windows Update (wuauserv Service)

Make sure system restore is enabled also:

System Restore Disabled Policy:

MrC

Link to post
Share on other sites

Done.

Showing new security log and FSS log to confirm nothing else needs attention from your POV.

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 7 Update 7

Adobe Flash Player 11.4.402.287

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 07-10-2012

Ran by Gator (administrator) on 10-10-2012 at 11:44:28

Running from "C:\Users\Gator\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.

Unable to retrieve ServiceDll of WinDefend. The value does not exist.

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2012-10-09 14:02] - [2012-06-01 23:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Almost perfect. The only thing I'm seeing now is something still possibly hiding in IE and causing it to run at a dinosaur's pace. I've confirmed it's not a connection lag issue, nor does the issue occur in Firefox, so I suspected the earlier removal of the IE controlling Babylon left some bits and pieces that were still trying (unsuccessfully) to control IE's behavior. I tried uninstalling IE9 and reinstalling it thinking it would connect all the dots again, but now IE 9 will not reinstall at all. Using the Microsoft Fixit tool showed a few problems with Windows Update that it thought may be causing the install to fail, but after resolving those issues, the install still fails. I've noticed IE8 also lags considerably when going from page to page (using links, etc.), so it's an overall IE issue - not just for IE9.

Link to post
Share on other sites

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Gator [Admin rights]

Mode : Scan -- Date : 10/10/2012 18:12:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 83873ddecb8ada92393ead1bd6461c40

[bSP] 29c6e6ea19b9e653a532ba7f0f537374 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[8].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

ListParts by Farbar Version: 02-10-2012

Ran by Gator (administrator) on 10-10-2012 at 18:12:01

Windows 7 (X64)

Running From: C:\Users\Gator\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%

Total physical RAM: 3894.68 MB

Available physical RAM: 2602.1 MB

Total Pagefile: 7787.56 MB

Available Pagefile: 6306.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:384.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 100 MB 1024 KB

Partition 2 Primary 14 GB 101 MB

Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Recovery NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 451 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

It looks OK, no sign of an infection > run the scan.....

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

The log didn't seem to have anything useful (to me).

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

I also exported the scan results (which were surprising to me considering the tools we've run thus far found no issues):

C:\Program Files (x86)\Common Files\ZugoInstaller.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\08.10.2012_07.34.32\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\08.10.2012_07.34.32\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\08.10.2012_07.34.32\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\08.10.2012_08.56.22\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\08.10.2012_08.56.22\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\08.10.2012_08.56.22\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

C:\Users\Gator\.frostwire5\updates\frostwire-5.3.8.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Gator\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Gator\Desktop\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined

Link to post
Share on other sites

OK..............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 7 Update 7

Adobe Flash Player 11.4.402.287

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Looks OK............

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.