Thread: Computer has been hijacked - IE/Firefox inoperable
View Single Post
Old 08-09-2008, 05:13 PM   #7 (permalink)
Ried
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Re: Computer has been hijacked - IE/Firefox inoperable
Hello rath,

It's the author of ComboFix who is the lifesaver, not me.

We're not out of the woods yet. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

We really need to get the Recovery Console installed. Did you download the package from Microsoft?

Please try again. Let me know if you had any difficulties, and what they were.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.



  • At the next prompt, click 'NO' we want to exit ComboFix.


--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add/Remove Programs)

Enhancement Browser Tools Mxlivemedia


Ignore any prompts to reboot.

**If you receive an error while uninstalling, move on to the next step and advise me of any troubles you had in your next reply.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:


http://www.techsupportforum.com/secu...ml#post1639991

Collect::
C:\WINDOWS\system32\olcdfuyknfsw.exe
C:\WINDOWS\system32\qihdhapgap.dll
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
---------------------------------------------------------------------

**edit**

Open Notepad and copy/paste the contents in the code box below, into Notepad.

Code:
@echo off
VFind -tf %systemdrive%\deckard\* >DSS-Folder.txt
Start Notepad DSS-Folder.txt
Del %0
Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run.

Then post the log which it produces, along with the C:\ComboFix.txt.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 08-09-2008 at 06:11 PM.
Ried is offline