Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wget]
[-HKEY_USERS\S-1-5-21-2057721471-746145580-1436430685-1003\Software\Wget]
This is how the reg file must look afterwards:
Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.
Then reboot your computer.
You are right about that.I read that the NirCmd infection is related to Combofix
The items should be gone after you've cleared the ARP cache:I am most woried about the IncrediFind infection
To flush/Delete the ARP cache in windows Vista/XP/2003/2000 follow this procedure
Click on Start—>Run—> type the following command click ok
netsh interface ip delete arpcache
After that everything should be fine.
Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
- Don't forget to re-hide all files and folders. To re-hide all files and folders:
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading deselect "Show hidden files and folders".
- Check the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
- Turn off System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check "Turn off System Restore".
- Click Apply, and then click OK.
- Reboot your computer.
- Turn ON System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check "Turn off System Restore".
- Click Apply, and then click OK.
- This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....
Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.
Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.
This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. If you are running Windows XP make sure you get updated to SP-2!!
Please post back if you are still having any problems....