You are on 7 aren’t you
Yup, Windows 7 Pro x64.
OK we will do it manually ;D
Go start > All Programs > Accessories
Right click the command prompt and select Run as Administrator
In the command window copy/paste the following commands hitting enter after each :
[b]netsh winsock reset catalog
netsh int ip reset reset.log hit [/b]
Once done reboot
Done and rebooting, continue with the CFScript on startup?
Yes please
Once complete can you let me know of any outstanding problems
Restarted after ComboFix and no issues to report. Please find the log attached. I’m going to run a Quick Scan with MSE and see if it picks up anything. Thank you very much for everything!
Quick question: I’ve been using a flash drive to swap the logs and scripts back and forth, should I been at all concerned about the infection transferring to it? I’ve been scanning it from a clean computer and nothing has cropped up, and the clean computer has no issues, so I’m not too concerned.
MSE reports Sirefef.AB and Sirefef.P, both in C:\Qoobox\Quarantine.… . I believe that’s ComboFix’s quarantine location - should I do anything to them or will trying to delete the files bring them back to life? Thanks!
Apparently MSE had its own ideas and while I was watching it automatically removed both items. Damnit Microsoft!
EDIT: looks like uninstalling ComboFix using Run “ComboFix /u” will get rid of them. I’d like to uninstall ComboFix before returning the computer just in case the user tries to run it. I’m thinking it should be safe to do so now, but I’ll hold off in case. Thanks!
EDIT2: “ComboFix /Uninstall” did the trick. No issues to report!
Yep it is uninstall using u will just run it again ;D
How is the computer running ? Any further problems before I remove the tools and tidy up behind me