LonnyRJ

Experts
  • Content count

    353
  • Joined

  • Last visited

About LonnyRJ

  • Rank
    True Member
  • Birthday 02/14/1960

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    pugent sound
  1. Autorun was disabled by combofix, you can view your camera card or usb sticks via the my computer folder. Uninstall combofix, to do so go start run (provided it is still on the desktop) type in combofix /u and press enter, the space is needed between x and /, if you no longer have it re-download to your desktop and do that run command. Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month How did that go ?
  2. Hello wolfe90 How is that PC behaving now ?
  3. Welcome to the forum nwebbertn Are there any current problems or questions ? C:\Program Files\cibngd << delete that (leftover) folder if it still exists, any problems ?
  4. Welcome Barbara Put a feshly downloaded copy of combofix on a usb stick and run it on the infected PC while it is in safe mode. If combofix restarts the PC boot back to safe mode, when the log opens close it and restart to normal mode then post c:\combofix.txt please
  5. Welcome to the forum GeorgeH I am confused by that comment, explain in more detail please. a format and install of windows is not the same as using a system restore point
  6. Welcome to the forum Phil "Cannot Remove Backdoor.Bot" I assume by that you have attempted to fix those items with Mbam ? End this process with Taskmanager (if possible) C:\WINDOWS\shvhost.exe then do a quick scan and fix with Mbam, reboot when prompted Do another quickscan and post the log please
  7. Welcome Are you seeing this message ? "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." Download and run gmer (use the download exe button) from here > http://www.gmer.net/#files Double click GMER. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.. In the right panel, you will see several boxes that have been checked. Uncheck the following ... Uncheck[ ] files Then click the Scan button & wait for it to finish. save the log to a handy location close gmer and post that log.
  8. Welcome to the forum Jenzer Download (dont run yet) this tool http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe http://ad13.geekstogo.com/Win32kDiag.exe Place it on your desktop. Go start run copy then paste in the entire line below and press enter "%userprofile%\desktop\Win32kDiag.exe" -r -f A log should open when it is finished, post it please.
  9. Combofix disable's autorun so that this exploited method cannot be using in the future by malware You can open your various usb sticks, flash drive or camera cards manualy via your my computer window. Lets uninstall combofix, to do so go start run type combofix /u press enter, you should have seen a confirmation message ? Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month To help avoid reinfection see "So how did I get infected in the first place?" http://www.malwarebytes.org/forums/index.p...65&hl=place? Note: Make sure your programs are up to date - older versions may contain Security Leaks. To find out what programs need to be updated, run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
  10. I feel better now, it was just Hewlett-Packard related , No harm it was deleted, unless you realy want it back ?
  11. Can you submit it here ? Thanks
  12. Lets get a peak at the one that was in the system32 folder Go start run type (or copy paste) notepad "C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir" press enter Post the contents
  13. Get him a hosts file to if possible Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month To help avoid reinfection see "So how did I get infected in the first place?" http://www.malwarebytes.org/forums/index.p...65&hl=place? Note: Make sure your programs are up to date - older versions may contain Security Leaks. To find out what programs need to be updated, run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
  14. Looks fine blackdogg What antivirus and firewall programs do you use ? Why havent you updated to SP3 ?
  15. Go start run type Notepad.exe "C:\Qoobox\Quarantine\I\autorun.inf.vir" press enter Post the contents C:\i386\iaStor.sys << check if that file is present please ?