Thread: Firefox browser hijack and flash drive folders becoming .exe
View Single Post
Old 07-10-2009, 07:30 PM   #9 (permalink)
Ried
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,043
OS: WinXP and Vista


Re: Firefox browser hijack and flash drive folders becoming .exe
Hi niksgt,

Make sure your external drive is connected for this next step.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

File::
C:\Documents and Settings\NICKATTACK\Desktop\back from celia's comp\nd\disk.exe
C:\Documents and Settings\NICKATTACK\Desktop\back from celia's comp\nd\nick's folder.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ATMQQ2.DLL.del
C:\Program Files\Common Files\Microsoft Shared\MSInfo\QQGS1.DLL.del
C:\Program Files\DAEMON Tools\SetupDTSB.exe
C:\Program Files\Internet Explorer\IEXPLORE32.DAT.del
C:\Program Files\Internet Explorer\IEXPLORE32.SYS.del
C:\Program Files\Internet Explorer\IEXPLORE32.WIN.del
C:\WINDOWS\system32\2CDCF0.EXE
C:\WINDOWS\system32\83FCCE7.EXE
C:\WINDOWS\system32\8AC8571.EXE
C:\WINDOWS\system32\AN7B22C.EXE
C:\WINDOWS\system32\AP7B22C.EXE
C:\WINDOWS\system32\BP7B22C.EXE
C:\WINDOWS\system32\GWTHTIS.EXE.del
C:\WINDOWS\system32\SYBQNUB.EXE.del
G:\bck-up\New Folder\A0068642.exe
G:\wmv\System Volume Information.exe
G:\Recycled.exe
G:\.Trashes.exe
G:\RECYCLER.exe
G:\bck-up.exe
G:\wmv.exe
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline