Tech Support Forum - View Single Post - Virus Suspected - Computer slow and programs closing unexpectedly

sUBs · 11-14-2008, 06:02 AM

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\system32\__c008D1F2.dat
c:\windows\system32\__c002224A.dat
C:\xcrashdump.dat
c:\windows\system32\~.exe
c:\windows\system32\ezsidmv.dat

DDS::
uRun: [A00F59DDC49.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F59DDC49.exe
uRun: [A00F5A5A803.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F5A5A803.exe
mRun: [<NO NAME>]
Notify: __c002224A - c:\windows\system32\__c002224A.dat
Notify: __c00280F1 - c:\windows\system32\__c00280F1.dat
Notify: __c0069664 - c:\windows\system32\__c0069664.dat
Notify: __c008D1F2 - c:\windows\system32\__c008D1F2.dat
Notify: __c009B5E0 - c:\windows\system32\__c009B5E0.dat
Notify: __c00CC610 - c:\windows\system32\__c00CC610.dat

Save this as "CFScript"

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.

------------

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------

In your next post, please include logs from:

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

11-14-2008, 06:02 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,324 OS: N/A	Re: Virus Suspected - Computer slow and programs closing unexpectedly Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Download & save ComboFix to your Desktop but don't run it yet Open notepad and copy/paste the text in the quotebox below into it: Code: File:: c:\windows\system32\__c008D1F2.dat c:\windows\system32\__c002224A.dat C:\xcrashdump.dat c:\windows\system32\~.exe c:\windows\system32\ezsidmv.dat DDS:: uRun: [A00F59DDC49.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F59DDC49.exe uRun: [A00F5A5A803.exe] c:\docume~1\hp_adm~1\locals~1\temp\_A00F5A5A803.exe mRun: [<NO NAME>] Notify: __c002224A - c:\windows\system32\__c002224A.dat Notify: __c00280F1 - c:\windows\system32\__c00280F1.dat Notify: __c0069664 - c:\windows\system32\__c0069664.dat Notify: __c008D1F2 - c:\windows\system32\__c008D1F2.dat Notify: __c009B5E0 - c:\windows\system32\__c009B5E0.dat Notify: __c00CC610 - c:\windows\system32\__c00CC610.dat Save this as "CFScript" Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. ------------ Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------- In your next post, please include logs from: Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now