Tech Support Forum - View Single Post - ntoskrnl-hook trojan

CatByte · 06-30-2009, 01:42 PM

Hi and Welcome,

NOTE:

Malware removal is NOT instantaneous, most infections require more than one round to properly eradicate.
Absence of symptoms does not always mean the job is complete, you can be certain that I will advise you when the computer is clean.
Kindly follow my instructions in the order posted.
Please DO NOT run any scans or fix items without my direction.

Please do the following:

Please download ComboFix from Here or Here to your Desktop.
**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab
Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------

Close any open browsers.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Press the windows key + R to open a run box
Copy/paste this command (with quotation marks) "%userprofile%/Desktop/Combo-Fix.exe" /killall into the run box
Press OK to start ComboFix
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

06-30-2009, 01:42 PM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,181 OS: XP sp3	Re: ntoskrnl-hook trojan Hi and Welcome, NOTE: Malware removal is NOT instantaneous, most infections require more than one round to properly eradicate. Absence of symptoms does not always mean the job is complete, you can be certain that I will advise you when the computer is clean. Kindly follow my instructions in the order posted. Please DO NOT run any scans or fix items without my direction. Please do the following: Please download ComboFix from Here or Here to your Desktop. Note:In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". During the download, rename Combofix to Combo-Fix as follows: It is important you rename Combofix during the download, but not after. Please do not rename Combofix to other names, but only to the one indicated. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before** performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Close any open browsers. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Press the windows key + R to open a run box Copy/paste this command (with quotation marks) *"%userprofile%/Desktop/Combo-Fix.exe" /killall* into the run box Press OK to start ComboFix When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" for further review. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall __________________ ASAP & UNITE Member