[JSntgRvr]

[Advertisements]

Actually I may have spoke to soon. When i try to download combofix it shows up on the desktop but the logo isn't there. Instead it's a generic "window/screen" icon?

[bweeasel]

Actually I may have spoke to soon. When i try to download combofix it shows up on the desktop but the logo isn't there. Instead it's a generic "window/screen" icon?

[bweeasel]

OK. Used Firefox instead of IE and it wouldn't let me download Combofix. McAfee keeps popping up (every few minutes or so) saying it's removed a Trojan and no further action needs to be taken. I turned it off and was able to download Combofix. Running it with the CFScript.exe now.

[bweeasel]

Here's the Combofix log. I had to upload it as an attachment. The forum keeps telling me "Your post was too long. Please go back and shorten it a little."

The computer won't let me run the Security Check. I get "Illegal operation attempted on a registry key that has been marked for deletion"

Attached Files

•  combofix.txt   436.95KB   205 downloads

[bweeasel]

In fact, every program I try to open or run tells me that!

[bweeasel]

OK. Rebooted the computer and it stopped doing that. Running Security Check now.

[bweeasel]

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Wise Disk Cleaner 6.32
Java™ 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 10.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

[JSntgRvr]

Have these applications updated. Older versions will compromise your computer.

Java version out of date!
Adobe Reader out of date!
Firefox out of Date!

Once done, you should be clear. If there are no more issues with your computer, all is left is to do some howsekeeping.

Rename Combofix to Uninstall and click on it. That should remove the application and quarantine.

Delete the C:\FRST folder as it guards its own quarantine. Manually remove any other tool left.

The following is a list of tools and utilities that I like to suggest to people.

• Always keep your JAVA updated. Older versions will make your computer vulnerable.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

[bweeasel]

Thanks a million!

[JSntgRvr]

Since the issue is resolved, we have proceeded to close this topic.