Do you still have the log from Kaspersky? Did it mention names like these:
* ntos.exe
* oembios.exe
* twext.exe
If so, something else must have taken it out. If they were present, ComboFix should find them.
-----------
There are a few files that I like a closer look at.
* C:\WINDOWS\system32\FF802AC291.dll
* C:\WINDOWS\system32\rsetup.exe
Please do this ....
Open
notepad and copy/paste the text in the quotebox below into it:
Code:
@ECHO OFF
CD /D "%~DP0"
FOR %%G IN (
C:\WINDOWS\SYSTEM32\FF802AC291.DLL
C:\WINDOWS\SYSTEM32\RSETUP.EXE
) DO ZIP UPLOADTHIS %%G
DEL C:\PROGRA~1\temp01
DEL %0
Save this as
Submit.bat Choose to "Save type as - All Files"
It should look like this:
Double click on Submit.bat & allow it to run
This will generate a archive on your desktop,
UploadThis.zip
Kindly upload the file to this website >
http://www.bleepingcomputer.com/subm....php?channel=4
------------
Quote:
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
|
Are these your doing? They will cause script files to default to opening with Notepad.