??? is combofix safe to use now i have downloaded but after downloaded i saw some web page that the combofix has roodkits or i dunno whats that ? can any one tell me is the combofix safe to use now?

If you download from the official site, it’s a security/cleaner tool. It’s safe, although it could be for advanced users (not simple).

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

Wow after i finish running the combofix it safe a lot of space in my computer and increase 30% faster than before!!! :o

But the most important is to post the logs here and get clean, otherwise, the viruses will come back.

The definitive guide for combofix can be found here http://www.bleepingcomputer.com/combofix/how-to-use-combofix And it is the only official guide

Tech you ask me to post the logs here but i cant find it i close it already so how to get it back ???

Look in c:\combofix

Ok here is the post

Please Download NoLop to your desktop from one of the links below…
Link 1
Link 2
Link 3
[*]First close any other programs you have running as this will require a reboot
[*]Double click NoLop.exe to run it
[*]Now click the button labelled “Search and Destroy”
<>
[*] When scanning is finished you will be prompted to reboot only if infected, Click OK
[*] Now click the “REBOOT” Button.
[*] A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, “mscomctl.ocx or one of its dependencies are not correctly registered,” please download mscomctl.ocx to your system32 folder then rerun the program. –

Is this program safe to use :o? Will it delete some of the files that i need ? Im afraid that it will deleted some of my computer program that i need to use ;D

No you have a LOP infection that needs to be removed. The programme is safe

Well ok i trust you i will try to use it now

Erm essexboy i wanna say that i dont really know what the mean of (Please Post the contents of C:\NoLop.log along with a fresh HijackThis log) please give some idea

OK nolop will generate a log at this location C:\NoLop.log

Download & Run HijackThis.exe

[*]Download HJTInstall.exe to your Desktop.
[*]Doubleclick HJTInstall.exe to install it.
[*]By default it will install to C:\Program Files\Trend Micro\HijackThis .
[*]Click on Install.
[*]It will create a HijackThis icon on the desktop.
[*]Once installed, it will launch Hijackthis.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Copy/Paste the log to your next reply please.

Don’t use the Analyse This button, its findings are dangerous if misinterpreted.
Don’t have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Hey i cant post it. It is too long for me to post here it says that not more than 100000 word. So how can i do make a Additional Options? or what?

You can save the log into a .txt file and attach it to your next post, under additional options click attach select browse and select your log file.

Or you can split the log into multiple posts.

Sry i cant post the log on here so i did this an this the log you want…

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O4 - HKCU..\Run: [waitdead] C:\DOCUME~1\ADMINI~1\APPLIC~1\GREATO~1\Joybeep.exe
O4 - HKLM..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\two plan.exe
O8 - Extra context menu item: ·¢ËÍͼƬµ½ÊÖ»ú - C:\Program Files\P4P\cx.htm

[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as all files CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new HijackThis log.

OK thanks and here is the post but im not sure weather i did it correctly or not. ;D
Oh ya and you said that about CFScript.txt is from where i have no idea so what i did is go to the folder that you give me (C:\Documents and Settings\All Users\Application Data\Bind Army Eggs Jo) and (C:\Documents and Settings\Administrator\Application Data\Greatonline) and i extract the files into the notepad.txt. Is that correct?

No what you needed to do was copy the text in the quote box to a notepad file and then save it as cfscript, then drag and drop that on the combofix icon

Then it would have deleted these two folders and any associated files

C:\Documents and Settings\All Users\Application Data\Bind army eggs joy
C:\Documents and Settings\Administrator\Application Data\GreatOnline

They are both LOP folders which are not good

Also you do not appear to have removed these lines from Hijackthis

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O4 - HKCU..\Run: [waitdead] C:\DOCUME~1\ADMINI~1\APPLIC~1\GREATO~1\Joybeep.exe
O4 - HKLM..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Type Scr.exe
O8 - Extra context menu item: ·¢ËÍͼƬµ½ÊÖ»ú - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: ʹÓÃËѹ·Ö±Í¨³µÏÂÔØ - C:\Program Files\P4P\dl.htm

Until you remove them you are still infected