Tech Support Forum - View Single Post

Katana · 01-06-2008, 06:05 AM

Don't worry, one way or another we WILL get this sorted.

We will clean all the temp files, and then run the latest version of ComboFix.

CCleaner
Please download CCleaner from here to clean temp files from your computer.

Double click on the ccsetup.exe file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location.
Under Install Options, choose all the default settings
Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed its process, click Exit.

Download and Run ComboFix

Download Combofix from one of the links below :

ComboFix.exe 1
ComboFix.exe 2
ComboFix.exe 3
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

If possible, do not shut down or reboot your machine between fixes, as some malware can change names at reboot.
( if a tool we run reboots, that is fine )

01-06-2008, 06:05 AM	#47 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 962 OS: W2K SP4 + XP SP2 + Vista	Re: Computer infected, please help! Don't worry, one way or another we WILL get this sorted. We will clean all the temp files, and then run the latest version of ComboFix. CCleaner Please download CCleaner from here to clean temp files from your computer. Double click on the ccsetup.exe file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Under Install Options, choose all the default settings Click Install then finish to complete installation. Double click the CCleaner shortcut on the desktop to start the program. On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours." Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked! Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program. After CCleaner has completed its process, click Exit. Download and Run ComboFix Download Combofix from one of the links below : ComboFix.exe 1 ComboFix.exe 2 ComboFix.exe 3 You must download it to and run it from your Desktop Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. Double click combofix.exe & follow the prompts. When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log Re-enable all the programs that were disabled during the running of ComboFix.. Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. ComboFix SHOULD NOT be used unless requested by a forum helper If possible, do not shut down or reboot your machine between fixes, as some malware can change names at reboot. ( if a tool we run reboots, that is fine ) __________________