Tech Support Forum - View Single Post

**Deckard** · 12-02-2006, 12:39 PM

Okay, that file was the culprit. explorer.exe normally doesn't live in system32. Did you replace it before you ran ComboFix?

I'm a little disappointed that the VirusTotal scan didn't tell me what it was, but it may be relatively new. Did you keep a copy of it? If so, I'll give you instructions on how to safely submit it to me. Also, is there anything in this directory: C:\ijji

Let's run one more online scan to see we missed anything. I'm pretty sure it'll come up clean, but better safe than sorry.

Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Post that report for me.

12-02-2006, 12:39 PM	#10 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Okay, that file was the culprit. explorer.exe normally doesn't live in system32. Did you replace it before you ran ComboFix? I'm a little disappointed that the VirusTotal scan didn't tell me what it was, but it may be relatively new. Did you keep a copy of it? If so, I'll give you instructions on how to safely submit it to me. Also, is there anything in this directory: C:\ijji Let's run one more online scan to see we missed anything. I'm pretty sure it'll come up clean, but better safe than sorry. Perform an online scan with Internet Explorer with Panda ActiveScan. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker. Enter your e-mail address, country, and state and click Scan Now. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control. Begin the scan by selecting My Computer. Note: Please turn off the real time scanner of any existing antivirus program while performing the online scan. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report. It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report. Post that report for me. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006