Information
I wouldn't do any online banking at the moment.Can you clue me in to what is going on still or what i might still have left in the machine is it safe to use the computer for online banking?
There are three files that are proving harder to remove than they normally should, and they are related to a password stealer infection.
Do you know why all these are in your trusted zone ?
Trusted Zone: //about.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Update.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
----------------------------------------------------------------------------------------
Step 1
Custom CFScript
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:Rootkit:: c:\documents and settings\Chris Diaz\meqsq.exe c:\documents and settings\Chris Diaz\nukqkt.exe c:\documents and settings\Chris Diaz\wafayoh.exe FileLook:: c:\documents and settings\Chris Diaz\meqsq.exe c:\documents and settings\Chris Diaz\nukqkt.exe c:\documents and settings\Chris Diaz\wafayoh.exe Folder:: c:\documents and settings\Chris Diaz\Application Data\LimeWire c:\documents and settings\Chris Diaz\Application Data\BitTorrent Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\Chris Diaz\\wafayoh.exe"=- "c:\\Documents and Settings\\Chris Diaz\\nukqkt.exe"=- "c:\\Documents and Settings\\Chris Diaz\\meqsq.exe"=- ADS::- Save this as CFScript.txt and place it on your desktop.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------------------------------------
Step 2
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
- Click the Scan Now button
- Follow the prompts to install the Active X if necessary
- Go and make a cup of tea/coffee/beverage of your choice and watch some TV
- When the scan is finished, a report will be generated
- Next to Scan Details click the small export to notepad button and save the report to your desktop.
- Please post the report in your reply.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
- Combofix Log
- Active Scan Log