Tech Support Forum - View Single Post

**amateur** · 04-26-2007, 05:18 AM

Hi Sinan,

Well done.

It's looking very good. You can go ahead and delete Combofix from your desktop now. I don't know if you've removed Bit Comet or not. If you did, there is a couple of related entries that can be fixed with HijackThis.
Please continue with the following instructions to fix them, if you had removed it, otherwise skip this step. You'll need to disable AVG Anti-Spyware realtime shileld first so that it will not interfere with the fix.

Open AVG Anti Spyware. Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it.
Next, scan with HijackThis and put a checkmark against the following entries:

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

Close all browsers including this one and click on "fix checked".

Then, using Windows Explorer (right click on Start, click on Explore), locate and deletethe following folders folders:

C:\Program Files\BitComet <========if you fixed it.
C:\QooBox
C:\Combofix
====================================

Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan.

Ccleaner is also a useful tool to keep for cleaning your cookies and temp files on a regular basis.

=============================

Create a new System Restore point to prevent reinfection from old restore points.

Go to Start>Run and type sysdm.cpl. Press Enter

Select the System Restore Tab
Place a check in "Turn off System Restore on all drives"
Click Apply
next, uncheck the same checkbox.
Click Apply
Click OK

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here

=============================

Please come back and let me know if everything is OK, so that we can close the thread.

Happy surfing!

04-26-2007, 05:18 AM	#6 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,463 OS: XP SP3	Re: winantivirus infection Hi Sinan, Well done. It's looking very good. You can go ahead and delete Combofix from your desktop now. I don't know if you've removed Bit Comet or not. If you did, there is a couple of related entries that can be fixed with HijackThis. Please continue with the following instructions to fix them, if you had removed it, otherwise skip this step. You'll need to disable AVG Anti-Spyware realtime shileld first so that it will not interfere with the fix. Open AVG Anti Spyware. Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it. Next, scan with HijackThis and put a checkmark against the following entries: O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm Close all browsers including this one and click on "fix checked". Then, using Windows Explorer (right click on Start, click on Explore), locate and deletethe following folders folders: C:\Program Files\BitComet <========if you fixed it. C:\QooBox C:\Combofix ==================================== Since AVG Anti Spyware is a trial version, the realtime guard and automatic update will stop functioning after the trial period. That is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use AVG-AS as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. Ccleaner is also a useful tool to keep for cleaning your cookies and temp files on a regular basis. ============================= Create a new System Restore point to prevent reinfection from old restore points. Go to Start>Run and type sysdm.cpl. Press Enter Select the System Restore Tab Place a check in "Turn off System Restore on all drives" Click Apply next, uncheck the same checkbox. Click Apply Click OK You can also find instructions on how to disable and re enable system restore here: Windows XP System Restore Guide A colleague of ours has excellent information and tips on the prevention of malware *here* and more on improving speed/system performance after malware removal *here* ============================= Please come back and let me know if everything is OK, so that we can close the thread. Happy surfing! __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006