Tech Support Forum - View Single Post - IE7 screwed up by malware? virus obfustat.ADXW?

Ried · 01-09-2008, 12:33 PM

Hello lowellc, and thank you for the information. That's the first that I've heard of Windows Firewall throwing up a 'block'. Do you happen to recall what file, or process it was attempting to block?

As before, disable AV and Windows Firewall. Open notepad and copy/paste the text in the code box below into it:

Code:

FolderLook::
C:\WINDOWS\system32\AppCert

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log. (No need for another dss.exe main.txt. A simple scan with just HijackThis.exe will do.)

---------------------------------------------------------------

Please include the following in your next reply:

(Please do not use quote marks as it makes it more difficult to read. Also. please copy/paste the reports directly into the reply box unless requested for it to be attached or if you receive an error that you're post is exceeding the character limit.) Thanks.

C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior

01-09-2008, 12:33 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,578 OS: WinXP and Vista	Re: IE7 screwed up by malware? virus obfustat.ADXW? Hello lowellc, and thank you for the information. That's the first that I've heard of Windows Firewall throwing up a 'block'. Do you happen to recall what file, or process it was attempting to block? As before, disable AV and Windows Firewall. Open notepad and copy/paste the text in the code box below into it: Code: FolderLook:: C:\WINDOWS\system32\AppCert Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FE366D6-9974-4307-9CB5-7DACDDA3A061}] Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------- Run a new scan with HijackThis and save the log. (No need for another dss.exe main.txt. A simple scan with just HijackThis.exe will do.) --------------------------------------------------------------- Please include the following in your next reply: (Please do not use quote marks as it makes it more difficult to read. Also. please copy/paste the reports directly into the reply box unless requested for it to be attached or if you receive an error that you're post is exceeding the character limit.) Thanks. C:\ComboFix.txt Kaspersky results New HijackThis log Update on system behavior __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."