I do not think Combofix will find much, but better safe than sorry
thanks essexboy,
i can not get a text file after running, combobox. i have run it a number of times --disabled comodo, and avast.
i looked in c:/ could it b esomewhere else??
craig
Run a quick OTL scan selecting all users and I will have a shufti
hello essexboy,
here is the quick OTL.exe.
craig
Could you disable Comodo please and then retry Combofix, or alternatively run from safe mode
hello essexboy, i will try your last post i ran anther bootime scan:
04/06/2012 11:11
Scan of all local drives
File C:\TDSSKiller_Quarantine\05.04.2012_16.43.31\mbr0000\mbr0000\tsk0000.dta is infected by MBR:Alureon-M [Rtk]
File C:\TDSSKiller_Quarantine\05.04.2012_16.43.31\mbr0000\mbr0000\tsk0001.dta is infected by MBR:Alureon-M [Rtk]
File C:\TDSSKiller_Quarantine\05.04.2012_16.43.31\mbr0000\tdlfs0000\tsk0004.dta is infected by MBR:Alureon-B [Rtk]
File C:\TDSSKiller_Quarantine\06.04.2012_08.39.27\tdlfs0000\tsk0004.dta is infected by MBR:Alureon-B [Rtk]
File C:\Users\nelson\AppData\Local\Microsoft\Windows Live Mail\Hotmail (cn60)\Junk email\477B4BC2-00000994.eml|>bnwpanmr#2856905570 is infected by JS:Redirector-SQ [Trj]
File C:\Users\nelson\Desktop\MBR.dat is infected by MBR:Alureon-M [Rtk]
File D:\Azureus\torrents\GUTAR\GUITAR.PRO.6.part1.rar|>Guitar Pro 6 Setup + NEW Crack\NEW Crack by DRSpollonia\keygen_thanks_to_Lz0.exe is infected by Win32:PUP-gen [PUP]
File D:\Azureus\torrents\RemoveWAT.2.1 - Hazar\RemoveWAT.2.1-Hazar.rar|>RemoveWAT.2.1-Hazar\RemoveWAT.exe is infected by Win32:PUP-gen [PUP]
File D:\Azureus\torrents\Windows XP Professional SP3\Windows XP Activation Crack.rar|>AMD64\antiwpa.dll is infected by Win32:PUP-gen [PUP]
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish I.zip|>Lesson 25.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish II.zip|>Unit 18.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish II.zip|>Unit 22.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish II.zip|>Unit 24.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish III.zip|>Lesson 14.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish III.zip|>Lesson 27.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Documents and Settings\craig\Desktop\Pimsleur - Spanish Plus.zip|>Pimsleur - Spanish Plus - Lesson 04.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\Inetpub\wwwroot\t1directusa\share\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug\Corel Paintshop pro X2\Data1.cab|>igcad15d.dll Error 42127 {CAB archive is corrupted.}
File D:\Inetpub\wwwroot\t1directusa\share\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug\Corel Paintshop pro X2\psppx2.msi|>01CreateFolder Error 42144 {OLE archive is corrupted.}
File D:\Inetpub\wwwroot\t1directusa\share\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug\Corel Paintshop pro X2\psppx2.msi|>Binary.CorelPreInstall Error 42144 {OLE archive is corrupted.}
File D:\Inetpub\wwwroot\t1directusa\share\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug\Corel Paintshop pro X2\psppx2.msi|>Binary.PreInstallCodeDLL Error 42144 {OLE archive is corrupted.}
File D:\Inetpub\wwwroot\t1directusa\share\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug\Corel Paintshop pro X2\psppx2.msi|>01_Columns Error 42144 {OLE archive is corrupted.}
Number of searched folders: 80336
Number of tested files: 3277277
Number of infected files: 9
thanks,
craig
hello essexboy,
i see how combofix.exe runs now.
see attached.
craig
OK that killed the Tarma rubbish
Big question now… How is the computer behaving ?
well,
the computer seems to always been ok thru this, except that i got awarning about the Alureon-M.
am i clean now?
i have a lot of concerns about post infection cleanup.
such as --well i use Lastpass for my password manager have been comprimised?
and what about that file on my desktop MBR.dat still infected with the Alureon-M.
do oyu need any more info from the apps you had me download??
craig
Delete the MBR dat and aswMBR now
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg
[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
[] Go to this site and click Do I have Java
[] It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
[*]Go to Control Panel and select System
[*]Select System
[*]On the left select System Protection and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create
Now we can purge the infected ones
[*]GoStart > All programs > Accessories > system tools
[*]Right click Disc cleanup and select run as administrator
[*]Select Your main drive and accept the warning if you get one
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[]Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
thank you - thank you - thank you,
essexboy,
followed your post infection directions.
i had one question:
the Alureon-M still exists is the TDSSKiller_Quarantine folder and you had no instructions how to deal with
this. could you comment on those files in that folder.
thanks again,
craig
Delete the folder please, I will ask OT if he has placed the new location in the OTL cleanup routine