Tech Support Forum - View Single Post

CatByte · 06-27-2009, 08:06 AM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

DelDomains::

FCopy::
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\proquota.exe | c:\windows\system32\proquota.exe

Folder::
c:\documents and settings\All Users\Application Data\97373586
c:\documents and settings\All Users\Application Data\17363594

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please navigate through windows explorer (windows key + E) to the following directory:

c:\windows\System Volume Information

(this is not the normal location for system volume information)

Take a look inside and tell me if it contains any data.

If the folder is empty - please delete it (right click > delete)

If it contains data please give me a brief sample of some of the files (anything .exe or .sys or .dll)

Note: this may be a hidden folder, so you will need to show hidden files and folders if you cannot locate that folder initially:

to show hidden files and folders:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

06-27-2009, 08:06 AM	#6 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,180 OS: XP sp3	Re: Laptop virus Free? Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: DelDomains:: FCopy:: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\proquota.exe \| c:\windows\system32\proquota.exe Folder:: c:\documents and settings\All Users\Application Data\97373586 c:\documents and settings\All Users\Application Data\17363594 Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT Please navigate through windows explorer (windows key + E) to the following directory: c:\windows\System Volume Information (this is not the normal location for system volume information) Take a look inside and tell me if it contains any data. If the folder is empty - please delete it (right click > delete) If it contains data please give me a brief sample of some of the files (anything .exe or .sys or .dll) Note: this may be a hidden folder, so you will need to show hidden files and folders if you cannot locate that folder initially: to show hidden files and folders: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. __________________ ASAP & UNITE Member