Hello and welcome to
TSF.
Quote:
|
I had a virus on my computer and was told to run ComboFix and post the log on this site
|
Told by whom?
Nowhere in our
sticky, there's a request for Combofix to be run.
ComboFix is an extremely powerful tool and should only be used when instructed by someone who has been properly trained. ComboFix is intended by its creator to be "
used under the guidance and supervision of an expert",
NOT for private use. Please read
Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Combofix has removed the major part of the infection with some remnants only to clean up.
- Open notepad (Start>All programs>accessories>notepad )
- Copy the entire contents of the Quote Box below to Notepad.
- Name the file as CFScript.txt
- Change the Save as Type to All Files
- and Save it on the desktop
(It must be notepad, not wordpad, or it won't work):
Code:
File::
C:\WINDOWS\system32\rrt_is.wav
C:\WINDOWS\system32\rrt_vf.wav
C:\WINDOWS\system32\rrt_tv.wav
C:\WINDOWS\system32\rrt_tn.wav
C:\WINDOWS\BM5bb4bcf2.xml
C:\WINDOWS\system32\kdkcmstg.dll
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\13.tmp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"BM5bb4bcf2"=-
Save this as
CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
==============================
It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:
Using Internet Explorer, visit
http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html
Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Click View scan report at the bottom.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
**Note**
To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan
======================
Expected logs:
Combofix.txt
HijackThis log
Kaspersky report