-
Use Internet Explorer and click on the download link, before it downloads, change the name to explorer.exe and then download it to your desktop.
-
Exactly the same problem, I'm afraid, says I need permission to do it.
-
Ok, lets try this.
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
-
Hi,
I can't find the C:\ComboFix.txt file. It may be in there somewhere but I'm not sure how to locate it (I have XP on my PC whereas my son's laptop has Vista) - I tried putting 'combofix.txt' in the search but it didn't find it. There may have been a problem because when ComboFix stopped and rebooted it came back up saying windows hadn't closed down properly then restarted again.
-
It can be found here
C:\ComboFix.txt
-
There's no file called C:ComboFix.txt on the laptop.
-
If it ran it should have removed the rootkit. See if you can run these programs
Please download Malwarebytes' Anti-Malware from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
-
-
Good Morning,
Like I said before, this computer is infected with a nasty rootkit, its one of the latest varients going around. It really does a number on your system blocking everything possible from running to get rid of it.
This is new to us also so just sit tight and I am going to ask around and see if anyone else came up with an answer.
Do you have the windows disks that came with the infected computer ?
Drag explorer.exe to the trash
This computer should be kept offline, unplug it from the internet. This infection is capable of downloading other garbage with it, stealing info from you as far as log on names and stealing credit card info and bank account numbers, Use a known clean computer and redownload this program but this time rename it to svchost.exe. Then burn it to a CD, do not use a USB flash or thumb drive as it may infect it and then you will infect the clean computer.
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
-
Good afternoon.
Do you have the windows disks that came with the infected computer ?
- Yes we have the Windows disks
Use a known clean computer and redownload this program but this time rename it to svchost.exe.
- Could I just clarify which program I need to download & rename to svchost.exe? Is it the exeHelper?
A little further information for you that may be important. I have been keeping the laptop offline other than the times I've needed to download programs and try to post logs. However, I noticed something strange happening last night when I tried to connect to the Spybot Forum - it let me get to the Spybot Home page, but when I clicked on the 'Forums' icon it redirected me to a Google search. (I could only get to the forum via the history). I don't know whether that info is relevant but I thought I'd better let you know.
Thanks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
