[Lovltn848]

I have not uninstalled ComboFix yet. If I go run>combofix /u now will it be okay? The virus is in the combofix quarantine right? uninstalling it won't let the virus out will it?

anyway here are the locatefiles results:

Wed 02/20/2008 18:19:09.57

"D:\WINDOWS\system32\drivers\sr.sys" 73472 08/03/2004 11:06 PM
"D:\WINDOWS\ServicePackFiles\i386\sr.sys" 73472 08/03/2004 11:06 PM

[Advertisements]

I have not uninstalled ComboFix yet. If I go run>combofix /u now will it be okay? The virus is in the combofix quarantine right? uninstalling it won't let the virus out will it?

Yes. Everything will be removed, including the qoobox folder.

Go to Start -> Run, copy and paste the following command and click OK.

rundll32.exe advpack.dll,LaunchINFSection D:\Windows\Inf\sr.inf

You will be asked for the sr.sys file. Insert the XP installation CD. If it autoruns, exit, then browse to the i386 folder in the CD and continue. That should reinstall System Restore.

Keep me posted.

Edited by JSntgRvr, 19 February 2008 - 07:44 PM.

[JSntgRvr]

I have not uninstalled ComboFix yet. If I go run>combofix /u now will it be okay? The virus is in the combofix quarantine right? uninstalling it won't let the virus out will it?

Yes. Everything will be removed, including the qoobox folder.

Go to Start -> Run, copy and paste the following command and click OK.

rundll32.exe advpack.dll,LaunchINFSection D:\Windows\Inf\sr.inf

You will be asked for the sr.sys file. Insert the XP installation CD. If it autoruns, exit, then browse to the i386 folder in the CD and continue. That should reinstall System Restore.

Keep me posted.

Edited by JSntgRvr, 19 February 2008 - 07:44 PM.

[Lovltn848]

I did combofix /u and I got some firewall notices. I allowed them all but Combofix still appears in my D:.

The XP cd worked. I got notices about overwriting newer files or something and I clicked "yes." I hope that was okay and that I did it right..

[JSntgRvr]

I did combofix /u and I got some firewall notices. I allowed them all but Combofix still appears in my D:.

The XP cd worked. I got notices about overwriting newer files or something and I clicked "yes." I hope that was okay and that I did it right..

After a restart. Is System Restore back in business? Manually remove any Combofix remnants.

[Lovltn848]

Yes. All is well now. I created a new restore point with no difficulty. Thanks. ^_^

[JSntgRvr]

Hi, Lovltn848

Congratulations.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Best wishes!

[Lovltn848]

Thank you so much! I have Trillian Pro and some other registry cleaners. I'll definitely download a few of these that you listed.

Thanks again for all of your help, you saved my computer from certain death! I really appreciate it!

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.