Tech Support Forum - View Single Post - Programs Restricted/no desktop/Virtumonde

Ried · 11-16-2008, 01:50 PM

Good work.

From the Steph account...

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

File::
c:\windows\SYSTEM32\__c00387E4.dat
c:\windows\SYSTEM32\__c0024348.dat

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt.

--------------------------------------------------------------------

Please run a new scan with gmer.exe. Remeber to save the log, but change the extension from .log to .txt so you can attach it to your next reply.

So, include the following in your next reply:

C:\ComboFix.txt
gmer.txt <--attached to post
Update on system behavior

One more question, is your friend intentionally utilizing OpenDNS for internet access?

11-16-2008, 01:50 PM	#45 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,043 OS: WinXP and Vista	Re: Programs Restricted/no desktop/Virtumonde Good work. From the Steph account... Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code: File:: c:\windows\SYSTEM32\__c00387E4.dat c:\windows\SYSTEM32\__c0024348.dat Save this as "CFScript.txt", and as Type: All Files (.) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt. -------------------------------------------------------------------- Please run a new scan with gmer.exe. Remeber to save the log, but change the extension from .log to .txt so you can attach it to your next reply. So, include the following in your next reply: C:\ComboFix.txt gmer.txt <--attached to post Update on system behavior One more question, is your friend intentionally utilizing OpenDNS for internet access? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."