Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Some advice need please,
Options
-
11-07-2009 11:09pmOk i have another post about this that was moved here but i wanted to tidy it up before i posted here asking for help so here it is,
Over the past few weeks i've had this popup keep popping up every 29 seconds,
http://img14.imageshack.us/img14/30/screenshotofpopup.png
My computer lagged which gave me time to screen capture it but havint been able to before and today is really the first day i've seen what is actually wrote on it.
After using that Malwarebytes Anti-Malware on step 2 of this post I restarted me pc and it lagged again starting up,
The popup appeared as usual but there was a little extra lag starting which gave me time to click the "Proxy settings" on it when this appeared
http://img17.imageshack.us/img17/7090/screenshotofpopup2.png
I had clicked the "No Proxy" option but had not clicked ok yet as i wanted to post it to ask advice about it cause i've never gotten that far with it before, but then as i was posting I minimized the boards window and it was gone.
So now i've here again and so is the pop up, i've noticed that i mainly only pops up when my pc is not connected to the internet but now and again it does when i am,
So now i'm gonig to go through the virus removal post again and follow the steps over and post results to see if anyone can help,
Step 1: Almost complete except when i click on the TFC link it doesnt finish, when i hit run i get one of those boxes at the bottom of the screen titled TFC but it does nothing, thoght it might take time so left it for 20 minutes but still nothing.
Step 2: Preformed scan with the Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.38
Database version: 2411
Windows 5.1.2600 Service Pack 3
11/07/2009 22:59:24
mbam-log-2009-07-11 (22-59-24).txt
Scan type: Quick Scan
Objects scanned: 107135
Time elapsed: 6 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
It didnt find anything this time but when i first ran it it found 4 infected items and removed them but they mustnt be connected to this pop up as it still appears,
I'm going into the second part of step 2 now downloading
Not finshed yet just have to close for the scan,
Ok have just finshed the scan which took forever
there were 39 tracking cookies found and 3 other adware items from casino's, (It removed my boylepoker and other ipoker downlaods)
So step 2 is now complete
Step 3: I'm going to skit this because i have updates turned on and i know it only updated last night.
Step 4: I'm gonig to also skip this as I know the pop up is still here,
Step 5:
here is the log,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:09:37, on 12/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\microsoft\updates\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system\microsoft\services.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iqon.ie/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [windows] C:\windows\system\microsoft\updates\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P4 /q C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\9GW2Q37H\ZPU_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ALLYI6AC\IFRAME~2.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\9GW2Q37H\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\B6X8Q0G2\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\9GW2Q37H\CONTRO~3.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ALLYI6AC\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ZGIR5JPK\FF2_1_~1.SH! C:\DOCUME~1\Home\LOCALS~1\TEMPOR~1\Content.IE5\ZGIR5JPK\ABVQS5~1.SH!
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9c7dce8088181) (gupdate1c9c7dce8088181) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9697 bytes
And this is the log from Rooter.exe
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:227 Go - Free:207 Go )
\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 00:11.44
Path : C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\H1Z3I7VT\Rooter[1].exe
User : Home ( Administrator -> YES )
.
\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (568)
______ \??\C:\WINDOWS\system32\csrss.exe (616)
______ \??\C:\WINDOWS\system32\winlogon.exe (656)
______ C:\WINDOWS\system32\services.exe (700)
______ C:\WINDOWS\system32\lsass.exe (712)
______ C:\WINDOWS\system32\svchost.exe (888)
______ C:\WINDOWS\system32\svchost.exe (956)
______ C:\WINDOWS\System32\svchost.exe (1052)
______ C:\WINDOWS\system32\svchost.exe (1168)
______ C:\WINDOWS\system32\svchost.exe (1248)
______ C:\WINDOWS\system32\spoolsv.exe (1376)
______ C:\WINDOWS\system32\svchost.exe (1552)
______ C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe (1608)
______ C:\WINDOWS\eHome\ehRecvr.exe (1620)
______ C:\WINDOWS\eHome\ehSched.exe (1632)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1840)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1908)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1980)
______ c:\program files\common files\mcafee\mna\mcnasvc.exe (280)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (408)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (484)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (604)
______ C:\WINDOWS\system32\nvsvc32.exe (1072)
______ C:\WINDOWS\system32\svchost.exe (1136)
______ C:\WINDOWS\system32\svchost.exe (1216)
______ C:\WINDOWS\ehome\mcrdsvc.exe (2152)
______ C:\WINDOWS\Explorer.EXE (2692)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (3120)
______ C:\WINDOWS\ehome\ehtray.exe (3216)
______ C:\WINDOWS\sm56hlpr.exe (3224)
______ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (3296)
______ C:\Program Files\iTunes\iTunesHelper.exe (3304)
______ C:\WINDOWS\system32\VTTimer.exe (3316)
______ C:\Program Files\VIAudioi\HDADeck\HDeck.exe (3360)
______ C:\WINDOWS\system32\RunDLL32.exe (3384)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (3408)
______ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (3432)
______ C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (3520)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3528)
______ C:\windows\system\microsoft\updates\services.exe (3536)
______ C:\WINDOWS\system32\ctfmon.exe (3552)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3600)
______ C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (3712)
______ C:\WINDOWS\system32\dllhost.exe (3944)
______ C:\WINDOWS\eHome\ehmsas.exe (1192)
______ C:\Program Files\iPod\bin\iPodService.exe (2312)
______ C:\WINDOWS\System32\alg.exe (2464)
______ C:\windows\system\microsoft\services.exe (2860)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (1964)
______ C:\WINDOWS\System32\svchost.exe (3416)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3476)
______ C:\Program Files\Internet Explorer\iexplore.exe (1720)
______ C:\Program Files\Internet Explorer\iexplore.exe (3336)
______ C:\Program Files\Internet Explorer\iexplore.exe (2184)
______ C:\Program Files\Internet Explorer\iexplore.exe (3004)
______ C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\H1Z3I7VT\Rooter[1].exe (3864)
.
\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5881042944)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5881075200 | Length:244175662080)
.
\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
.
\\ Registry
.
.
\\ Files & Folders
.
\\ Scan completed at 00:11.50
.
C:\Rooter$\Rooter_1.txt - (12/07/2009 | 00:11.50)
So now I still havint gotten rid of it and i realy dont have a clue about computers so if someone has some advice its much appreciated,
I still dont know if the pop up is from a legitimate program trying to get access to the internet or a virus, how can i find that out?
Here is a screen shot of the processes in my task manager aslso just incase anyone here can seen anything there that shouldnt be or something
http://img26.imageshack.us/img26/3770/screenshotoftaskmanager.png
Any help much appreciated. cheers0
Comments
-
hi
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.0 - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Advertisement