Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bagle.IX and Download Bagle Trojan [RESOLVED]


  • This topic is locked This topic is locked

#16
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
We are in the process of revising these reports. Will get back to you shortly.
  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Did you upload the latest zip file to Bleeping?
  • 0

#18
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Are you talking about combofix.txt, this isn't a zip? I think I just attached it as a document to one of my e-mails. I have now posted it to the bleeping site.

Maybe I missed a step somewhere?

If this isn't it, I'm not sure what zip file you are talking about...let me know and will get to you ASAP.

Linda
  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets try that again.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

File::
C:\WINDOWS\system32\drivers\srosa.sys
C:\Windows\System32\WINTEMS.EXE
C:\Windows\System32\MDELK.EXE
C:\Windows\System32\13219648.EXE
C:\Windows\System32\13213389.EXE
C:\Windows\System32\13204887.EXE
C:\Windows\System32\HLDRRR.EXE
C:\Windows\System32\ban_list.txt
C:\Windows\System32\Drivers\WINTEMS.EXE
C:\Windows\System32\Drivers\MDELK.EXE
C:\Windows\System32\Drivers\13219648.EXE
C:\Windows\System32\Drivers\13213389.EXE
C:\Windows\System32\Drivers\13204887.EXE
C:\Windows\System32\Drivers\HLDRRR.EXE
C:\Windows\System32\Drivers\ban_list.txt
C:\Windows\13219648.EXE
C:\Windows\13213389.EXE
C:\Windows\13204887.EXE
C:\RegCure 1.5.exe
C:\MGtools.exe

Driver::
srosa

Folder::
C:\WINDOWS\system32\drivers\downld

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SROSA]

Suspect::
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir


Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log..

Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingc...e.php?channel=4

Please include a link to this topic in the message.
  • 0

#20
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
...the latest log file
The zip file is also posted!!

Thanks!

Attached Files

  • Attached File  log.txt   13.72KB   267 downloads

  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Better reading. Will check those files in a minute.

ComboFix 08-04-10.7 - Linda Kristina 2008-04-11 20:43:38.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.106 [GMT -5:00]
Running from: C:\Documents and Settings\Linda Kristina\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Linda Kristina\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\MGtools.exe
C:\RegCure 1.5.exe
C:\Windows\13204887.EXE
C:\Windows\13213389.EXE
C:\Windows\13219648.EXE
C:\Windows\System32\13204887.EXE
C:\Windows\System32\13213389.EXE
C:\Windows\System32\13219648.EXE
C:\Windows\System32\ban_list.txt
C:\Windows\System32\Drivers\13204887.EXE
C:\Windows\System32\Drivers\13213389.EXE
C:\Windows\System32\Drivers\13219648.EXE
C:\Windows\System32\Drivers\ban_list.txt
C:\Windows\System32\Drivers\HLDRRR.EXE
C:\Windows\System32\Drivers\MDELK.EXE
C:\WINDOWS\system32\drivers\srosa.sys
C:\Windows\System32\Drivers\WINTEMS.EXE
C:\Windows\System32\HLDRRR.EXE
C:\Windows\System32\MDELK.EXE
C:\Windows\System32\WINTEMS.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MGtools.exe
C:\RegCure 1.5.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\13204887.exe
C:\WINDOWS\system32\drivers\downld\13219648.exe
C:\WINDOWS\system32\drivers\downld\2142560.exe
C:\WINDOWS\system32\drivers\downld\4203223.exe
C:\WINDOWS\system32\drivers\downld\4360239.exe
C:\WINDOWS\system32\drivers\downld\4414728.exe
C:\WINDOWS\system32\drivers\downld\4432483.exe
C:\WINDOWS\system32\drivers\downld\4574778.exe
C:\WINDOWS\system32\drivers\downld\4592744.exe
C:\WINDOWS\system32\drivers\downld\6237719.exe
C:\WINDOWS\system32\drivers\downld\6247032.exe
C:\WINDOWS\system32\drivers\downld\6385652.exe
C:\WINDOWS\system32\drivers\downld\6400433.exe
C:\WINDOWS\system32\drivers\downld\6489661.exe
C:\WINDOWS\system32\drivers\downld\6490623.exe
C:\WINDOWS\system32\drivers\downld\6498003.exe
C:\WINDOWS\system32\drivers\downld\6504823.exe
C:\WINDOWS\system32\drivers\downld\6724749.exe
C:\WINDOWS\system32\drivers\downld\8672580.exe
C:\Windows\System32\Drivers\HLDRRR.EXE
C:\Windows\System32\Drivers\MDELK.EXE
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 13:43 . 2008-04-11 13:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 13:43 . 2008-04-11 13:43 <DIR> d-------- C:\Documents and Settings\Linda Kristina\Application Data\Malwarebytes
2008-04-11 13:43 . 2008-04-11 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 10:20 . 2008-04-11 11:52 <DIR> d-------- C:\Geeks_New
2008-04-10 20:36 . 2008-04-10 20:36 <DIR> d-------- C:\Program Files\ParetoLogic
2008-04-10 20:36 . 2008-04-10 20:36 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-10 20:36 . 2008-04-10 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-04-10 20:31 . 2008-04-10 21:49 <DIR> d-------- C:\paretologic
2008-04-09 21:51 . 2008-04-09 21:51 <DIR> d-------- C:\Documents and Settings\Linda Kristina\Application Data\Thinstall
2008-04-09 20:11 . 2008-04-09 21:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 20:11 . 2008-04-09 21:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 19:54 . 2008-04-09 19:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 19:54 . 2008-04-09 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 19:53 . 2008-04-09 19:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 07:42 . 2008-04-09 19:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-09 07:42 . 2008-04-09 07:42 <DIR> d-------- C:\Documents and Settings\Linda Kristina\Application Data\SUPERAntiSpyware.com
2008-04-08 21:05 . 2008-03-29 12:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-08 21:05 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-08 21:05 . 2008-03-29 12:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-08 21:05 . 2008-03-29 12:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-08 21:05 . 2008-01-17 10:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-08 21:05 . 2008-03-29 12:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-08 21:05 . 2008-03-29 12:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-08 21:05 . 2008-03-29 12:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-08 21:05 . 2008-03-29 12:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-08 21:05 . 2008-03-29 12:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-05 17:10 . 2008-04-05 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U3
2008-04-05 17:04 . 2008-04-05 18:12 <DIR> d-------- C:\Documents and Settings\Linda Kristina\Application Data\U3
2008-04-05 17:03 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-05 10:10 . 2008-04-05 10:10 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-05 10:10 . 2008-04-05 10:10 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-05 10:10 . 2008-04-05 10:10 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-05 10:09 . 2008-04-05 15:21 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-04 22:40 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-04 22:36 . 2008-04-04 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-21 14:18 . 2008-03-21 14:18 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-21 14:17 . 2007-10-22 19:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-03-16 19:58 . 2008-03-16 19:58 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 01:28 --------- d-----w C:\Documents and Settings\Linda Kristina\Application Data\ComcastToolbar
2008-04-10 00:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:21 --------- d-----w C:\Documents and Settings\Linda Kristina\Application Data\Intuit
2008-03-21 19:17 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-20 12:03 --------- d-----w C:\Program Files\CrossTrainerII
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_23.07.47.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-04 01:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
- 2008-04-10 00:09:44 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-11 04:08:54 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 00:09:44 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-11 04:08:54 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-08-01 13:56 2643312]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-04-11 17:47 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus CX3800 Series (Copy 1) on LMK-XP]
--a------ 2005-02-07 22:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus CX3800 Series on LMK-XP]
--a------ 2005-02-07 22:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-04-10 22:21 79224 E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 15:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
--a------ 2004-03-10 16:16 204800 E:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-06 18:33 282624 E:\Program Files\QuickTime_4\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 E:\Program Files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-08-07 02:04 688128 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\dnloads\\eMule\\eMule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\EMule Extracts\\EMule.46c\\emule.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"D:\\dnloads\\eMule\\eMule_II\\eMule.exe"=
"D:\\Program Files\\EMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\drivers\hpt3xx.sys [2004-01-05 04:10]
R0 hptpro;hptpro;C:\WINDOWS\system32\drivers\hptpro.sys [2003-01-27 10:12]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 12:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 12:35]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 03:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17282e89-0346-11dd-a3b2-000103c623f3}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 01:37:31 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-04-11 12:03:04 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
"2008-04-11 05:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 20:48:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-04-11 20:52:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 01:52:34
ComboFix2.txt 2008-04-11 23:21:50
ComboFix3.txt 2008-04-11 18:40:35
ComboFix4.txt 2008-04-11 16:48:36
ComboFix5.txt 2008-04-11 15:36:42
Pre-Run: 981,520,384 bytes free
Post-Run: 942,456,832 bytes free
  • 0

#22
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
It isn't there. Can you run those programs and boot in Safe mode?
  • 0

#23
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Upload confirmed. Please test the computer.
  • 0

#24
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I sent the file again to the website, let me know if you have it. If not, should I try running the entire process again in safe mode?
I actually have a wireless laptop that is sending the files to you. I have a networked connection to my infected desktop and I am just browsing from my latop for the files that are created on the desktop.

Could I just attach it to this e-mail instead of sending it to the other website?

Linda
  • 0

#25
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I sent the file again to the website, let me know if you have it. If not, should I try running the entire process again in safe mode?
I actually have a wireless laptop that is sending the files to you. I have a networked connection to my infected desktop and I am just browsing from my latop for the files that are created on the desktop.

Could I just attach it to this e-mail instead of sending it to the other website?

Linda

Files were received, thank you. What I don't see is the Trojan in the log. I need you to test the computer by itself.
  • 0

Advertisements


#26
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I'll be back in the morning to check on this topic. Good night! :)
  • 0

#27
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Safe Mode with Networking...booted me out immediately after pressing the key
Safe Mode without Networking...loaded several system files in DOS and then rebooted the machine

In Normal mode, I didn't get the crack.exe upon opening IE, but it still takes several minutes for the screen to work

:)


Wow, wait a second!! Paretologic just popped up a message stating that is successfully prevented the Bagle virus from downloading ????
  • 0

#28
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi JSntgRvr :)
Thanks for your Herculean effort today. I am going to retire and study for another class I am taking. I'll be online bright and early tomorrow morning to continue!!

Thanks Much!!
  • 0

#29
Linda68

Linda68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Good Morning, :)
Is it best to remove paretologic? I can uninstall from Control Panel ...

Linda
  • 0

#30
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Linda68 :)

Lets remove Combofix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Then download the latest version as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP