If ComboFix replaced it then rerun TDSSKiller like this:Please download the latest version of TDSSKiller from
here and save it to your
Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Put a checkmark beside loaded modules.
- A reboot will be needed to apply the changes. Do it.
- TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
- Then click on Change parameters in TDSSKiller.
- Check all boxes then click OK.
- Click the Start Scan button.
- The scan should take no longer than 2 minutes.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. - A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
If ComboFix did not replace the file then run this ComboFix script first and then run the TDSSKiller:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open
notepad and copy/paste the text in the quotebox below into it:
File::
Folder::
FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys | c:\windows\system32\drivers\afd.sys
Registry::
Driver::
Save this as
CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at
C:\ComboFix.txt which I will require in your next reply.
I am off to bed and will check back tomorrow am.
Regards,
CompCav