Tech Support Forum - View Single Post

Billy O'Neal · 11-14-2008, 08:08 PM

Hello, Kitzhof.
Alright. Please try this one instead:

We need to re-run ComboFix with some additonal directives.

Please disable any running anti-virus programs.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
file::
I:\RECYCLER\Lcass.exe

Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

We need to run a scan using the F-Secure Online Scanner

Please follow the link to the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the instructions here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.

In your next reply, please include the following:
ComboFix.txt

F-Secure OnlineScan's Log

Billy3

11-14-2008, 08:08 PM	#13 (permalink)
Billy O'Neal Analyst, Security Team Join Date: Aug 2008 Location: Northfield, Ohio, United States Posts: 1,693 OS: XPSP3, Vista Ultimate SP1, Ubuntu Server	Re: HJT log+strange google search results Hello, Kitzhof. Alright. Please try this one instead: We need to re-run ComboFix with some additonal directives. Please disable any running anti-virus programs. If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Code: registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] file:: I:\RECYCLER\Lcass.exe Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. We need to run a scan using the F-Secure Online Scanner Please follow the link to the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Follow the instructions here for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. In your next reply, please include the following: ComboFix.txt F-Secure OnlineScan's Log Billy3 __________________ If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....