Malware removal problem

downloaded Online-Armor and....

After typing in Combofix /u, ONline Armor pops up telling me that "A program wants to run". I wasn't paying close attention and clicked allow several times, but am now am noticing that it is a different program each time. Now it is telling me that pev.exe wants to run. I googled that and it said it is part of Combofix, but I'm confused now because if I want to uninstall something, why would parts of it need to run.

Please advise....did I err in clicking on "allow" several times? If so, what should I do about it? What about pev.exe and any subsequent choices as part of uninstalling Combofix?
 
Choosing whether to Trust or not

Here are the programs Online-Armor is asking me about - in no particular order:
pev.exe
swreg.exe
SWXCACLS.cfxxe
MSDOS (parent program is Combofix....the program name appears in the form of an icon)
PREP.inf

One needs to both "Trust" and "Allow", so even though I clicked on "Allow" before, looks like nothing happened and I can still moderate these.

I'm guessing that there will be more of these programs to trust or not.

please advise. :thanks:
 
removing combofix

That was way more complicated than I expected and I'm not sure whether I've actually removed Combofix or not.

Online Armor continually kept popping up with messages with the names of the programs above, and a few others, asking if I wished to allow it to run...and messages saying the program wants to run again, etc.

There were multiple boxes to choose from below and whenever possible I checked "Run in Safer Mode" (can't remember exactly the wording), but sometimes, that option was no longer available (not on the menu of choices), so I just clicked on Trust this program.

No bombs have gone off, so I am going to continue with your instructions and download OTCleanIt
 
OT Clean It completed

I downloaded and ran this program. Upon rebooting, I got a message:

C:/windows/system32/grpconv.exe

"Windows cannot access the specified device path or file, You may not have the ppropriate permissions to access the item." [okay]

So I clicked okay, and Online Armor popped up and told me the above program was blocked and gave me options to Run Safer, Trust, Allow, Delete, Block.

I think I may have blocked it when attempting to uninstall combofix (which I'm still not sure if I was successful at doing).
 
Windows XP system restore

Will proceed with this later, need to rest from a molecular virus (as opposed to a computer virus).:cleaning:
 
Windows XP system restore completed

I disabled and re-enabled System Restore as advised. Seems like the OT CleanIT tool did not work perfectly as I had to manually remove Hijack This, WIN32kdiag (something like that), and maybe one other...but I seem to have been able to do that.

Thanks for all your help Shaba...restores my faith and hope that the forces of good are out there working for us all.:wav:
 
P.s.

I tried to uninstall Lavasoft's "Adaware" by going to Control Panel/Add-Remove Programs, but even though that program does show up as installed, there is no option to remove it. I went to the folder in my C-Drive and manually deleted most of the files inside the Lavasoft folder, but some of them wouldn't allow themselves to be deleted. Any suggestions?
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
 
You must log in or register to reply here.
Back
Top