Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Safety Bar Maleware [CLOSED]


  • This topic is locked This topic is locked

#1
ichbinmic

ichbinmic

    New Member

  • Member
  • Pip
  • 4 posts
I have ran various antispy and antivirus programs, but nothing gets rid of it.

Attached Files


  • 0

Advertisements


#2
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
  • 0

#3
ichbinmic

ichbinmic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I ran the combofix and so far it seems to have helped...I will upload the report as well...thank you very much for your time and assistance. I appreciate it very much!

Attached Files


  • 0

#4
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi


Disable SpySweeper's realtime protection.
  • Open Spysweeper and click on Options
  • Choose Program Options and uncheck
    load at windows
    startup

    .
  • On the left click
    shields
    and then uncheck everything.
  • Uncheck
    home page shield
    .
  • Uncheck
    automatically restore default without notification
    .
  • Exit the program.


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\fmsxwqs.exe

Folder::
C:\Program Files\Video Add-on

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"=-


Save this as
CFScript


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file & a fresh hjt log in your next reply.

  • 0

#5
ichbinmic

ichbinmic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I had some difficulty dragging the CFScript into the Combofix file...hopfully, this is correct?
I will be performing the ATF Cleaner and Malewarebytes Anti Maleware soon...I plan to put the shields back up on my Spy Sweeper until further instructions.

Attached Files


  • 0

#6
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

Looks like format wasn't correct since everything appeared on same one line. I've uploaded correct file. Please try to drag 'n' drop it on ComboFix.exe file and try again. Then post ComboFix resultant log.

Please keep Spysweeper disabled until we've got your system cleaned.
  • 0

#7
ichbinmic

ichbinmic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I tried it again, but I am still not sure if it is correct...also, the Malwarebytes program really helped a lot!

Attached Files


  • 0

#8
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

To me it looks like you only run ComboFix and then pasted text of the file I uploaded into ComboFix results. That's not what I meant.

1. Download ComboFix.exe to your desktop. Last one was run straight from temporary files and that won't work.
2. Drag CFScript.txt file over ComboFix.exe file as shown in a screenshot of one of my previous posts. ComboFix will then start.
3. Post back the results ComboFix produces. Post also a fresh hjt log and Malwarebytes Anti-malware results.
  • 0

#9
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP