Not “another” as in I’ve gotten it before, but because I’m noticing that this forums and other places are having a lot of request for help with this. Was pretty stupid in getting this one. Not going to go into how because it’s embarrassing to my ego. lol
Very sure I have this one. PING.EXE was running before I started a boot scan. avast!'s boot scan found desktop.ini and Consrv.dll to be infected. Being as stupid as I am, I let the boot scan delete the two desktop.ini files it found. Not sure if that was a bad thing or not just yet. Haven’t restarted my computer. Planning on stopping the boot scan and letting you guys help me from here on out.
Sorry, I don’t know where to start on this one as far as logs go. I’m fairly stumped here. Sorry. Could someone please help me out?
Edit: Should explain that I’m on a different laptop and I can boot into Safe Mode on the infected desktop. Would it be safe to try and boot into Safe Mode with Networking?
Running: Windows 7 Professional 64-Bit, AMD Athlon II X2 250 3.01 GHz, 8GB RAM
Scanners: Spybot, avast! free, CCleaner
Sorry to cut this short, but I must sleep now. It’s 6AM where I am and I must rest. Way past my bed time. Please post all information that I must know for the next step and I will do it ASAP when I wake up. Thank you all so much.
you would have to wait for essexboy to analyze these logs and help you through… im not a malware removal expert so yeah can’t help you… all i can help is to inform you what to do then let the malware removing to another guy
That’s fine. I meant that anyone who could help to leave the next step here on the forums. I’m awake now, so I’m ready to start killing this thing whenever someone else (essexboy, lol) is ready to help me.
Edit: Oh yes, I’m running in Safe Mode with Networking at this moment. I’m a bit too afraid to run my computer normally right now. When all of this started, the Trojan started screwing with Windows Firewall and tried to open Internet Explorer. Thankfully, I don’t use IE so it wasn’t set up correctly. Before it could open IE, IE was asking me to set up something. Forgot what it was.
Sorry for bumping and seeming impatient, but I didn’t get help all day. I just want to make sure I’m not forgotten because I want to get my computer fixed up. Very bored without it. I won’t bump after this unless it’s been two days of not receiving help.
I know someone will help when they can, but as I said, just don’t want to be forgotten.
i’m sorry bro im sure some experts will come to help soon… i can’t help you cause im not qualified and if i do i’ll get another warning which is embarassing… furthermore if i prescribe the wrong tools your computer may end up unbootable
Ah, nah it’s all good. I really do understand. Just miss my computer. It looks like you’re all doing awesome of this forum.
akama1, if it makes you feel any better, I’m glad you told me to get those logs ready. I can’t stand not being ready and holding certain things back. I rather be ready now and get things over with ASAP.
OK lets get the show on the road - we may require two or three runs with combofix to kill it fully
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Everything seems fine… though my primary HDD might be crapping out one me. I’m not too sure right now. All S.M.A.R.T. tests came back OK and my Write/Read tests are normal. I’m not going to worry about it too much at this time though.
Thank you so much for your help, essexboy. Before we end this thread, I would like your opinion on something. I use both Spybot and avast! for scanning. I don’t use TeaTimer all that much because it uses too many resources, but there are times when it’s useful.
In your personal opinion, would Spybot or MWB be a better Malware/Spyware remover?