Tech Support Forum - View Single Post

Ried · 10-15-2007, 07:56 AM

Hello tecoma,

You can disregard that error by ComboFix. If it happens again in this run, just click the Cancel in that no drive message box--it should only appear 3 times, then go away.

Let's disable TeaTimer now so you don't have to worry about it. We'll re-enable it when we're through.

-----------------------------------------------------------------

Close any open browsers.

-----------------------------------------------------------------

Open Spybot Search & Destroy.

In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

-----------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\WINDOWS\system32\awtusqq.dll
C:\WINDOWS\system32\urqrqpo.dll
C:\Program Files\Uninstall_CDS.exe
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFB6AECC-11E7-4278-8352-DFB3DCF6F713}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrqpo]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run another online scan at Panda, using Internet Explorer:

Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
New HijackThis log
Update on system behavior

10-15-2007, 07:56 AM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,884 OS: WinXP and Vista	Re: Avira showing a Vundo.Gen Hello tecoma, You can disregard that error by ComboFix. If it happens again in this run, just click the Cancel in that no drive message box--it should only appear 3 times, then go away. Let's disable TeaTimer now so you don't have to worry about it. We'll re-enable it when we're through. ----------------------------------------------------------------- Close any open browsers. ----------------------------------------------------------------- Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. ----------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code: File:: C:\WINDOWS\system32\awtusqq.dll C:\WINDOWS\system32\urqrqpo.dll C:\Program Files\Uninstall_CDS.exe C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFB6AECC-11E7-4278-8352-DFB3DCF6F713}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrqpo] Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Please run another online scan at Panda, using Internet Explorer: Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt Panda results New HijackThis log Update on system behavior __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."