[bishoptf]

Run without the update - could you have a look in that area to see what it contains - Ta

%systemdrive%
ESET online scanner, i loaded several up when I first started down this path....

[Advertisements]

Ah OK - I can't delete that with any of my tools in case they take out the C drive in error

[Essexboy]

Ah OK - I can't delete that with any of my tools in case they take out the C drive in error

[bishoptf]

Here are the files.....  virusinfo_syscure.zip   30.86KB   78 downloads  virusinfo_syscheck.zip   31.35KB   72 downloads



FYI...I put in on the net and updated the databases..I'm re running my scans...

Edited by bishoptf, 13 March 2010 - 11:20 AM.

[Essexboy]

Nothing visible there, I would like you to try Combofix now in safe mode and let me know the result please

[bishoptf]

Here is the output after I updated the databases...  virusinfo_syscheck.zip   19.07KB   79 downloads
 virusinfo_syscure.zip   19KB   77 downloads

Edited by bishoptf, 13 March 2010 - 12:15 PM.

[Essexboy]

Could you now run Combofix please in safe mode as even with the update AVZ showed no rootkits

[bishoptf]

Could you now run Combofix please in safe mode as even with the update AVZ showed no rootkits

Combofix in safe mode.....lockup at stage 4

[Essexboy]

I must admit I am moving away from a malware problem at the moment but I could be wrong

One way to be sure would be to run an AV outside windows

OK then two programmes to download

FIRST

ISOBurner this will allow you to burn Dr Web ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

SECOND

Dr Web Live CD Download this and using ISOBurner burn to CD. Usage instructions are here

Having made the bootable CD set your system to boot from CD - Do you know how to do this ?
Or you could follow the steps on this page and continue through to step 7

Once Dr Web starts select Dr.Web LiveCD (Default)

When the system is loaded, check disks or folders you want to scan and press Start

If the operating system failed to configure access to your network, you can do it manually using Networks Configure Manager. Start->Settings->Networks Configure manager. This will enable you to get online if needed

[bishoptf]

I already have that CD and have run it, so here is what it found, when it loaded up in graphical mode it did not find much at all, but when it ran from command line it did find a rootkit and 2 other items but running from commandline it doesnt correct anything just reports them.....I'll try again and update dr. web database and try another scan.....it's a root kit or something very similar, it logs on to her email on yahoo and starts sending email....

[Essexboy]

If you could get me the name and location of the file that Dr web finds I should be able to kill it

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.