[ken65]

Hi No I did the copy and past but when I click on move it my screen goes black then come back. but no file is found I did find a folder when I click on it theres another folder this folder is called window when I click on that folder there nothing in it.

[Advertisements]

Ok let's see if it is still present.

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINDOWS\dxdgns.dll /a h > files.txt
notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.

[kahdah]

Ok let's see if it is still present.

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINDOWS\dxdgns.dll /a h > files.txt
notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.

[ken65]

Volume in drive C has no label.
Volume Serial Number is 20DF-1C31

Directory of C:\WINDOWS

06/13/2007 05:23 AM 34,636 dxdgns.dll
1 File(s) 34,636 bytes

Directory of C:\Documents and Settings\Ken\Desktop

[kahdah]

Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as delete.bat on your Desktop.

@Echo off
attrib -s -r -h "C:\WINDOWS\dxdgns.dll"
del /q "C:\WINDOWS\dxdgns.dll"
quit

Don't do anything with this yet.
=====================
*Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.

Then please double click on delete.bat a window will open and close quickly.This is normal.


After that please reboot into normal windows and run the findfile.bat again and post the reults her in your next reply.

[ken65]

Volume in drive C has no label.
Volume Serial Number is 20DF-1C31

Directory of C:\WINDOWS


Directory of C:\Documents and Settings\Ken\Desktop

[kahdah]

Time for some housekeeping

• Click START then RUN
• Now type Combo-fix /u in the runbox and click OK
  
  
  
  • 
  
  The above procedure will:
  
• Delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Clean System Restore points.

Also delete anything that we used that is left over.
===================================
After that Your log is clean.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

[ken65]

It says windows canot find Combo-fix /u make sure you type name correctly

[kahdah]

Sorry about that try it without the dash mark between combo and fix.

Like this Combofix /u

[ken65]

Hi Thank you very much for the time and patients
Your help was greatly appriciated and my system is now clean. 1 last thing I would like to ask is when you say Clean System Restore points
can you please explain this to me thanks

Ken

[kahdah]

When you delete files they go to a place called system volume information.
If you were to do a system restore then you could re infect your self.
They are basically points that your computer uses to restore to.

You are welcome


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[ken65]

Can you please show me how to clean this restore point

[kahdah]

When you uninstalled Combofix it automatically cleans them.

[ken65]

Again thank you for taking the time to help me with this issue

[kahdah]

You are welcome


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[kahdah]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.