Possible infection

[ken545]

When you run Combofix it will check to see if there is a recovery console installed and if there is not it will prompt you to install it, its a good idea to do so.

If your infected with Sality than there is no fix, but lets see what CF finds and removes

[_Lee_]

I tried to run combofix, but shut it down because several odd things occurred-
1) programms pev.exe, PEV.cfxxe, iexplore.exe crashed down several times (microsoft error report messages appeared)
2) this pc started beeping on combofix messages, i think it's called a bios signal or something like that
3) I was sure that I shout down avast and immunet, but combofix gave me warnings that they are both on...

tell me what to do- run combofix again and ignore everything or something else?

[_Lee_]

p.s. what do you think about this?
http://free.avg.com/us-en/win32-sality

is it worth scanning?

[ken545]

Sality and Virut are in the same family, they are unrepairable
http://miekiemoes.blogspot.com/2009/...-throwing.html

But running that AVG program may show if its present. Go ahead and run it and post the log and if no sality than we will work to get CF running



Kaspersky may show if its present also, run both scanners


Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply .

[_Lee_]

AVG found nothing...

I tried to scan with kaspersky, after it failed to start I had a look in the homepage as was written in the warning message and found the following info:
"Kaspersky Online Scanner
The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience."

[ken545]

The link worked for me, are you using Internet Explorer ?

Here is another link
http://www.kaspersky.com/kos/eng/par...=1292161006881

[_Lee_]

I'm using Firefox.

No, the link works- the program installs and seems to download the definitions, but the fails to start. Afterward gives a prompt to close the window and re-open the application from Kaspersky home page.

Have a look in the Kaspersky homepage:
http://www.kaspersky.com/virusscanner

[ken545]

Lee,

We're between a rock and hard place. Trying to determine if your issues are hardware, windows or malware related. So far i am not seeing any malware except what you posted in your original post. Its kind of hard to determine whats going on when you cant run any of the scans I ask for.

Just as a precaution, run this program.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Wait until the program has finished scanning, then please exit the program.

The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.




Then lets give Combofix another try

Use CTRL. ALT. DEL to get to task manager and end task on the following

findstr
sed
grep.
nircmd.exe
nircmd.cfexe
swsc.cfexe
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe

If ComboFix is still 'hung', then kill process on CFxxx.cfexe as well and then retry running it again

[_Lee_]

well... I did as you wrote and still no successful results.
I managed to get combofix to run till installing microsoft recovery console (got it installed), afer that the program started to continue (prompt said scan for malware) and got stuck after displaying in the program window:
"T was unexpected at this time."

And I had the same problem with immunet- I am sure It was both disabled and shut down, I didn't even find a immunet process in the task manager, but combofix still alarmed that it is running.

[ken545]

Try this Lee

• Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
• Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
  
  Go to -> Run -> copy/paste in the following single line command & click OK
  
  
  "%userprofile%\desktop\combofix.exe" /killall
  
  
  
• Click OK and this will start ComboFix in a special way.
• When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

• ComboFix.txt