Tech Support Forum - View Single Post

**amateur** · 05-29-2008, 10:32 AM

Hi,

Please remove the following program via Add or Remove Programs, if present:

C:\Program Files\AliveComputing\Internet Eraser

More info on the program: http://www.siteadvisor.com/sites/5st...oads/11941646/
================================

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.

Under Temporary Internet Files, click the Settings button.
Click the Delete Files... button below. Make sure next are checked:
Applications and Applets
Trace and Log Files
Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

==================================

Open notepad (Start>All programs>accessories>notepad )
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop

(It must be notepad, not wordpad, or it won't work):

Code:

File::
C:\Documents and Settings\All Users\Documents\Old Docs\misc\Rct2.exe
C:\Documents and Settings\Janette & David\My Documents\My Documents\treeawpfree.exe
C:\WINDOWS\system32\dllcache\user32.dll 
C:\WINDOWS\system32\ho.ln
C:\WINDOWS\index.exe
C:\WINDOWS\system32\REN18.tmp
C:\WINDOWS\system32\REN17.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbsmon32]

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

05-29-2008, 10:32 AM	#9 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,318 OS: XP SP3	Re: Infected with a nice trojan Hi, Please remove the following program via Add or Remove Programs, if present: C:\Program Files\AliveComputing\Internet Eraser More info on the program: http://www.siteadvisor.com/sites/5st...oads/11941646/ ================================ Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. Under Temporary Internet Files, click the Settings button. Click the Delete Files... button below. Make sure next are checked: Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window. Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. ================================== Open notepad (Start>All programs>accessories>notepad ) Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktop (It must be notepad, not wordpad, or it won't work): Code: File:: C:\Documents and Settings\All Users\Documents\Old Docs\misc\Rct2.exe C:\Documents and Settings\Janette & David\My Documents\My Documents\treeawpfree.exe C:\WINDOWS\system32\dllcache\user32.dll C:\WINDOWS\system32\ho.ln C:\WINDOWS\index.exe C:\WINDOWS\system32\REN18.tmp C:\WINDOWS\system32\REN17.tmp Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbsmon32] Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006