-
Vundo appears gone from your log , are you still getting popups??
Heres the scoop on Paltalk, its your option to remove it or not.
http://www.superadblocker.com/definition/palstart/
C:\Program Files\Paltalk Messenger <-- you can uninstall it via the Add Remove Programs in the Control Panel.
Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - .DEFAULT User Startup: TA_Start.lnk = ? (User 'Default user')
O4 - Startup: TA_Start.lnk = ?
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
- Your Java is out of date and leaving your system vulnerable.
- Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
- It should have an icon next to it:
Select it and click Remove. - Reboot your system.
- Then go to the Sun Microsystems and install the update
- Java Runtime Environment Version 6 Update 2 <--This is what you need to download and install.
- If you chose the online installation, it will prompt you to run the program.
- If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
- Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future
Were you able to run Combofix?? The rest of your log looks fine.
-
Thanks so much for all your help, no popups so far
just ran combo fix, while running norton said it found a virus something windows/154.exe then 157 etc but said deleted them
heres combo log, will post new hjt log next
ComboFix 07-09-21.2 - "Owner" 2007-09-23 22:59:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.183 [GMT -7:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1.exe
C:\check_LSA7.txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\DEFAUL~1\err.log
C:\DOCUME~1\Owner\APPLIC~1\STEM~1
C:\DOCUME~1\Owner\APPLIC~1\WinTouch
C:\DOCUME~1\Owner\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Owner\err.log
C:\DOCUME~1\Owner\MYDOCU~1\ECURIT~1
C:\DOCUME~1\Owner\MYDOCU~1\ECURIT~1\n?pdb.exe
C:\Program Files\icroso~1
C:\Program Files\icroso~1\?icrosoft\
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\srvupd.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.3\wbuninst.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\UnInstall.exe
C:\sstray.exe
C:\svhost.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\tskmgr.exe
C:\WINDOWS\1.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
D:\Autorun.inf
f:\autorun.inf . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.
2007-09-23 17:54 <DIR> d-------- C:\Program Files\SymNetDrv
2007-09-23 17:36 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-09-23 17:36 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-09-23 17:34 32,256 --a--c--- C:\WINDOWS\system32\dllcache\msgsvc.dll
2007-09-23 17:34 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2007-09-23 17:20 <DIR> d---s---- C:\DOCUME~1\DEFAUL~1\UserData
2007-09-23 17:20 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Shared
2007-09-23 17:20 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Incomplete
2007-09-23 17:20 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Contacts
2007-09-23 15:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-22 20:49 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-22 20:49 <DIR> d-------- C:\WINDOWS\peernet
2007-09-22 20:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-22 20:35 <DIR> d-------- C:\WINDOWS\EHome
2007-09-22 14:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-21 22:52 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-21 22:51 <DIR> d-------- C:\Program Files\CCleaner
2007-09-21 22:37 <DIR> d-------- C:\VundoFix Backups
2007-09-20 09:13 425,480 --a------ C:\sysowyo.exe
2007-09-20 09:13 425,480 --a------ C:\sysnkqy.exe
2007-09-20 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-20 01:07 425,480 --a------ C:\sysydta.exe
2007-09-19 19:15 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-19 19:14 <DIR> d-------- C:\Program Files\McAfee
2007-09-19 19:14 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-19 18:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-19 18:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-19 18:10 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-19 18:10 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-09-19 16:46 425,480 --a------ C:\sysysnk.exe
2007-09-19 16:46 425,480 --a------ C:\sysgqfg.exe
2007-09-19 15:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-19 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-18 06:20 281 --a------ C:\ernmwr3w.exe
2007-09-15 18:23 <DIR> d-------- C:\WINDOWS\uzzf
2007-09-15 18:23 <DIR> d-------- C:\Program Files\Common Files\uzzf
2007-09-13 10:33 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 17:54 --------- d-------- C:\Program Files\Symantec
2007-09-23 17:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-23 17:36 3994 -rahs---- C:\WINDOWS\system32\drivers\HP_DT158A-ABA A445C_YC_Pavi_QMXR419_E41NAheBLU4_4_IKamet2_SASUSTek Computer INC._V2.01_B3.07_T040119_WXH1_L409_M448_J160_7AMD_8Athlon XP 3000+_92.16_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205_O_DILO5611.MRK
2007-09-22 23:28 --------- d-------- C:\Program Files\MSN Messenger
2007-09-22 13:54 --------- d-------- C:\Program Files\Kasamba
2007-09-19 15:32 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 20:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-09-14 11:10 10 --a------ C:\Program Files\.autoreg
2007-08-07 19:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-26 20:53 --------- d-------- C:\Program Files\Common Files\SWF Studio
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 07:07]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 07:23]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 02:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 21:58]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 19:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42]
"VTTimer"="VTTimer.exe" [2003-05-07 23:32 C:\WINDOWS\system32\VTTimer.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"LTMSG"="LTMSG.exe" [2003-07-14 17:52 C:\WINDOWS\ltmsg.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 18:13]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-23 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 21:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll,nViewLoadHook" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 21:25]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 08:20:40]
C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
Connect Kasamba.lnk - C:\Program Files\Kasamba\Kasamba.exe [2007-08-23 13:43:45]
PowerReg Scheduler V3.exe [2007-02-02 01:50:24]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 02:16:44 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-20 02:16:43 C:\WINDOWS\Tasks\McQcTask.job"
"2007-09-24 00:51:31 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\Navw32.exe
"2007-09-24 00:51:33 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 23:03:16
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-23 23:06:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 23:05
.
--- E O F ---
-
heres HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:13 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kasamba\Kasamba.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: Connect Kasamba.lnk = C:\Program Files\Kasamba\Kasamba.exe (User 'Default user')
O4 - .DEFAULT User Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - .DEFAULT User Startup: TA_Start.lnk = ? (User 'Default user')
O4 - Startup: Connect Kasamba.lnk = C:\Program Files\Kasamba\Kasamba.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 6166 bytes
-
Good Morning,
.
Remove this with HJT.
O4 - .DEFAULT User Startup: TA_Start.lnk = ? (User 'Default user')
C:\Program Files\Kasamba Is this a program that you use??
We need to make sure all hidden files are showing :
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.
Combofix picked up a few files that I am unsure of, what I would like you to do is upload them to this site for analysis and post the reports
Go to Jotti Upload and under the browse feature,
browse to these files
C:\sysowyo.exe
C:\sysgqfg.exe
C:\sysysnk.exe
C:\sysgqfg.exe
C:\ernmwr3w.exe
Then click on upload and it will give you a report, post the report in your next reply.
-
ok I did everything, yes kasamba is a prog I use its safe but when trying the jotti upload i click on anyone of the sys****.exe and get a message from norton saying its a trojan and cannot be repaired, it wont let me upload it and I tried deleted them and says access denied :(
-
We can and will delete them once we know for sure that there bad, when they won't Google there almost 100% bad, but lets try this before we remove them.
Right click on Norton in the system tray ( by the clock ) and either shut it down or disable it, it will be enabled the next time you reboot. Then try the Jotti upload again.
-
ok, I tried with norton disabled and get this message from jotti
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
-
Ok, then lets do this.
First look for the files manually yourself, I may seem overcautious but we don't want to remove any files that may be needed by one of your programs. When you find the files, right click on them and go to properties and it will give you info on that file, let me know what they are related to. Just do the top 2 as they all seem related and where created on the same date.
C:\ernmwr3w.exe
C:\sysowyo.exe
C:\sysgqfg.exe
C:\sysysnk.exe
-
Under type of file it just says Application
-
Lets do this.
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad
File::
C:\ernmwr3w.exe
C:\sysowyo.exe
C:\sysgqfg.exe
C:\sysysnk.exe
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
together with a new HijackThis log.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules