Tech Support Forum - View Single Post

tetonbob · 12-13-2006, 08:33 PM

Delete the contents of this folder, but not the folder itself:

C:\Documents and Settings\todd smallcombe\.housecall6.6\Quarantine

------------------------------------------------------------------------------------------

Launch KillBox.exe & select the following options:

delete on Reboot

All files (if available)

Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy

C:\WINDOWS\Downloaded Program Files\cssweb.dll

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* KillBox will alert you the files will be deleted on next reboot, click Yes
* When asked to Reboot, select Yes

Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message.

Also, if the computer does not restart automatically, please restart it manually.

------------------------------------------------------------------------------------------

This part is important, as you have rootkit in your System Restore points. They need to be flushed out, and then you need to create a new one again.

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

------------------------------------------------------------------------------------------

Before we press on, I'd like to know the condition of your system.

Are you still being notified about rdriv.sys? Are you still getting access violation error?

12-13-2006, 08:33 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,203 OS: 2000 Pro; XP Pro; XP Home	Delete the contents of this folder, but not the folder itself: C:\Documents and Settings\todd smallcombe\.housecall6.6\Quarantine ------------------------------------------------------------------------------------------ Launch KillBox.exe & select the following options: delete on Reboot All files (if available) Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy C:\WINDOWS\Downloaded Program Files\cssweb.dll * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * KillBox will alert you the files will be deleted on next reboot, click Yes * When asked to Reboot, select Yes Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message. Also, if the computer does not restart automatically, please restart it manually. ------------------------------------------------------------------------------------------ This part is important, as you have rootkit in your System Restore points. They need to be flushed out, and then you need to create a new one again. CLEAR & RESET SYSTEM RESTORE'S CACHE Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter * Tick on the checkbox - Turn off System Restore on all drives * Click Apply Turn it back 'On' by unticking the same checkbox & click Apply, and then OK ------------------------------------------------------------------------------------------ Before we press on, I'd like to know the condition of your system. Are you still being notified about rdriv.sys? Are you still getting access violation error? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009