Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Persistent iexplore.exe annoyance [Solved]


  • This topic is locked This topic is locked

#61
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it does, OK we will use Combofix to install the recovery console. Naughty but easy

Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Once the recovery console is installed we will boot to that and run :

From the command prompt, enter: chkdsk /r (note the space between chkdsk and /r)
Allow it to complete undisturbed.
  • 0

Advertisements


#62
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ComboFix log:

Attached File  ComboFix.txt   18.79KB   25 downloads

Late here, so will try recovery chkdsk in morning.
  • 0

#63
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Night :)
  • 0

#64
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ran chkdsk from recovery module aok, took forever, fixed one or more errors on the volume.

ComboFix found ZeroAccess rootkit. Does the log suggest it's been cleaned?

Anything else we need to do?
  • 0

#65
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix cleared the remnants of the zero access

So the question now is what problems remain
  • 0

#66
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Other than not being able to run chkdsk from the Windows command prompt, all seems to be well.

Shall I just uninstall/delete the various programs used of late?
  • 0

#67
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Keep safe :wave:
  • 0

#68
pivan

pivan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I'll be monitoring things carefully over the next few days, but I think I'll be bold and say my problems seem to be fixed (albeit in a roundabouty kind of way!). I thank you greatly for your attention, essexboy, and may your dragons always be fiery.

Will let you know if anything else crops up.
  • 0

#69
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Definitely an unusual one, but I had some more exposure to the new MBR infection. Hopefully aswMBR will be able to detect this variant now

I will leave it open for a while just to be sure :cool:
  • 0

#70
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP