system
March 7, 2014, 3:08pm
1
I tried opening Windows Explorer and got this error:
C:\Windows\explorer.exe
Operation did not complete successfully because the file contains a virus
So I did a scan with Avast and the results showed:
File name:C:\Windows\explorer.exe Severity: High Status: Threat:Win64:Dropper-Gen[Drp]
The recommmended action was move to chest but i got an error: specified file is read only (6009)
No idea what to do at this point, so looking for help. Thanks.
Hi there, I will go right in with the big boy first
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications , usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
system
March 7, 2014, 3:35pm
3
My computer seems to be running fine; I am now able to open Windows Explorer.
ComboFix 14-03-05.01 - Jason 03/07/2014 10:16:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2193 [GMT -5:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus Disabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20130724.txt
C:\END
c:\users\Jason\AppData\Local\assembly\tmp
c:\users\Jason\videos\Start Button.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-07 to 2014-03-07 )))))))))))))))))))))))))))))))
.
.
2014-03-07 15:27 . 2014-03-07 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 14:41 . 2014-03-07 14:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{ACA96C98-71CD-4C1A-A292-844AFC899BF2}\offreg.dll
2014-03-07 07:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{ACA96C98-71CD-4C1A-A292-844AFC899BF2}\mpengine.dll
2014-03-02 19:06 . 2014-03-02 19:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 19:06 . 2014-03-02 19:06 -------- d-----w- c:\program files\iTunes
2014-03-02 19:06 . 2014-03-02 19:06 -------- d-----w- c:\program files (x86)\iTunes
2014-03-02 19:06 . 2014-03-02 19:06 -------- d-----w- c:\program files\iPod
2014-02-26 06:34 . 2014-02-26 06:34 -------- d-----w- c:\windows\Migration
2014-02-14 18:02 . 2014-02-14 18:02 -------- d-----w- c:\program files (x86)\Pokemon Showdown
2014-02-12 20:43 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 20:43 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 17:53 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 17:52 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 17:52 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 17:52 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 17:52 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 04:19 . 2012-03-29 05:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 04:19 . 2011-05-17 11:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-15 22:55 . 2011-01-03 22:13 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 11:13 . 2010-12-26 19:38 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Akamai NetSession Interface”=“c:\users\Jason\AppData\Local\Akamai\netsession_win.exe” [2013-06-05 4489472]
“F.lux”=“c:\users\Jason\AppData\Local\FluxSoftware\Flux\flux.exe” [2013-10-15 1013128]
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe” [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” [2010-03-04 284696]
“avast5”=“c:\program files\Alwil Software\Avast5\avastUI.exe” [2013-02-28 4767304]
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2014-02-13 43848]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2013-11-21 959904]
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe” [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
“aux1”=wdmaud.drv
system
March 7, 2014, 3:35pm
4
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
R3 aswVmm;aswVmm;
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys
R3 dump_wmimmc;dump_wmimmc;c:\ignitedgames\WindSlayer2\GameGuard\dump_wmimmc.sys;c:\ignitedgames\WindSlayer2\GameGuard\dump_wmimmc.sys
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys
R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys;c:\windows\SYSNATIVE\Drivers\pssdklbf.sys
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 uqk;uqk;c:\koramgame\STOnline\avital\wyqku64.sys;c:\koramgame\STOnline\avital\wyqku64.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys;c:\aeriagames\EdenEternal\avital\ussjcs64.sys
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys;c:\windows\SYSNATIVE\Drivers\VMUVC.sys
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys;c:\windows\SYSNATIVE\drivers\vvftUVC.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
R3 X6va003;X6va003;c:\users\Jason\AppData\Local\Temp\003FCB6.tmp;c:\users\Jason\AppData\Local\Temp\003FCB6.tmp
R3 X6va005;X6va005;c:\users\Jason\AppData\Local\Temp\00530FF.tmp;c:\users\Jason\AppData\Local\Temp\00530FF.tmp
R3 X6va006;X6va006;c:\users\Jason\AppData\Local\Temp\006C49D.tmp;c:\users\Jason\AppData\Local\Temp\006C49D.tmp
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 aswRvrt;aswRvrt;
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys
S0 sptd;sptd;c:\windows\SystemRoot\System32\Drivers\sptd.sys;c:\windows\SystemRoot\System32\Drivers\sptd.sys
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe;c:\program files\Broadcom\BPowMon\BPowMon.exe
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys
.
.
— Other Services/Drivers In Memory —
.
NewlyCreated - 38054838
NewlyCreated - 49052150
Deregistered - 38054838
Deregistered - 49052150
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the ‘Scheduled Tasks’ folder
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 04:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOT\CLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=ce917bfa-2d26-d2b1-b4f3-bd2e4720613a&searchtype=hp&installDate=19/10/2013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.. ;;*.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=ce917bfa-2d26-d2b1-b4f3-bd2e4720613a&searchtype=ds&q={searchTerms}&installDate=19/10/2013
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces{1A760F14-656D-40EA-B5DC-06D0D10AB9E0}: NameServer = 192.168.0.1,192.168.2.1
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\z2o2e9yv.default
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.ca/
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=ce917bfa-2d26-d2b1-b4f3-bd2e4720613a&searchtype=ds&installDate=19/10/2013&q=
.
You can attach the log, it will make it easier
OK looking at that I will need to run OTL and AdwCleaner to clear some ad ware
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
THEN
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[]Select LOP and Purity
[ ]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt . These are saved in the same location as OTL.
[*]Attach both logs
system
March 7, 2014, 4:28pm
8
After the reboot following the AdwCleaner scan I have had trouble connecting to the internet; not sure if this is related.
I am replying from another computer using a wireless connection but am unable to connect using my computer directly connected to the router.
The log is attached, should i go ahead and run the OTL scan as well?
Reboot the computer and if you are still unable to connect then run this small OTL fix
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
netsh advfirewall reset /c
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
system
March 7, 2014, 5:06pm
10
Unfortunately, I am still unable to connect even after the fix.
Attached are the logs of the fix and the quick scan, respectively.
system
March 7, 2014, 5:57pm
11
I am also having this problem, and this only started occurring today. I have a feeling it’s a false positive from Avast’s latest virus definition update. Here is the file on virustotal https://www.virustotal.com/en/file/c1a580448bc33d89399370c506661a46416ed983a3e5a5433affb1db5e28940f/analysis/1394214390/
When you try to get online what error does windows give you
Download and run the trendmicro uninstaller from here http://esupport.trendmicro.com/solution/en-us/1037161.aspx
If it is a false positive, then I am not getting it
system
March 7, 2014, 6:10pm
14
I’m running a 64bit version of Windows 7 Ultimate. Virus definition 140307-0
EDIT: well it (the explorer.exe I have) probably doesn’t actually depend on what version of windows 7 (other than 32/64bit) I’m running does it? Hmm…
system
March 7, 2014, 6:42pm
15
When I open my browser I get: Server not found
The network and sharing centre says: Unidentified network, no internet access
I ran the trendmicro uninstaller but that did not fix the problem.
system
March 7, 2014, 7:48pm
16
Also got alert from Avast about this, ran all the suggested fixes and checked with Virustotal.
Seems like false positive. https://www.virustotal.com/fi/file/868efdba6e8e51bbdc99a45bbdfd2fccfa16b5e4851d86e905cf3cd0e89b602d/analysis/1394221096/
EDIT: definitions are 140307-1 (on wife’s laptop 140307-0 and no virus detected)
system
March 7, 2014, 8:08pm
17
Interesting to see it affect some of us and not others. I bet if you checked your wife’s explorer.exe, it would be different from the one on your computer. I have whitelisted explorer.exe for myself for now.
system
March 7, 2014, 8:13pm
18
Looking at the replies, should i system restore to before the scans I’ve done?
The computer I’m using atm is very old and slow, so I kinda need to get back to my usual computer.
system
March 7, 2014, 8:20pm
19
Looking at the replies, should i system restore to before the scans I’ve done?
The computer I’m using atm is very old and slow, so I kinda need to get back to my usual computer.
well unfortunately for you I think you have other issues other than the false positive so…
Yes system restore to the point prior to the AdwCleaner run and we will do a manual removal instead
Combofix should have created a restore point after it finished