|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-12-2009, 07:58 AM
|
#41 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello! Here is the text from check.bat below, then after that text I will put ----- and start the junction.bat log text! Thanks!
Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.166\X86_MI~1.166" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.166\X86_MI~1.166 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.208\X86_MI~1.208" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.208\X86_MI~1.208 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.180\X86_MI~1.180" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.180\X86_MI~1.180 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.221\X86_MI~1.221" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~1.221\X86_MI~1.221 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~2.166\X86_MI~1.166" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~2.166\X86_MI~1.166 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~2.208\X86_MI~1.208" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~2.208\X86_MI~1.208 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X88773~1.166\X86_MI~1.166" C:\Windows\SOFTWA~1\Download\B1B964~1\X88773~1.166\X86_MI~1.166 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X8E47A~1.208\X86_MI~1.208" C:\Windows\SOFTWA~1\Download\B1B964~1\X8E47A~1.208\X86_MI~1.208 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~3.180\X86_MI~1.180" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~3.180\X86_MI~1.180 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~3.221\X86_MI~1.221" C:\Windows\SOFTWA~1\Download\B1B964~1\X86_MI~3.221\X86_MI~1.221 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X8E87A~1.166\X86_MI~1.166" C:\Windows\SOFTWA~1\Download\B1B964~1\X8E87A~1.166\X86_MI~1.166 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X8F5CE~1.208\X86_MI~1.208" C:\Windows\SOFTWA~1\Download\B1B964~1\X8F5CE~1.208\X86_MI~1.208 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X82FBD~1.166\X86_MI~1.166" C:\Windows\SOFTWA~1\Download\B1B964~1\X82FBD~1.166\X86_MI~1.166 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X8BDBE~1.208\X86_MI~1.208" C:\Windows\SOFTWA~1\Download\B1B964~1\X8BDBE~1.208\X86_MI~1.208 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X8533B~1.180\X86_MI~1.180" C:\Windows\SOFTWA~1\Download\B1B964~1\X8533B~1.180\X86_MI~1.180 Deleted Successfully !! Prerun:"C:\Windows\SOFTWA~1\Download\B1B964~1\X851F4~1.221\X86_MI~1.221" C:\Windows\SOFTWA~1\Download\B1B964~1\X851F4~1.221\X86_MI~1.221 Deleted Successfully !! ------------------------------------------------------------------------------------ Junction v1.05 - Windows junction creator and reparse point viewer Copyright (C) 2000-2007 Mark Russinovich Systems Internals - http://www.sysinternals.com \\?\c:\\Documents and Settings: JUNCTION Print Name : c:\Users Substitute Name: c:\Users Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process. Failed to open \\?\c:\\System Volume Information: Access is denied. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... .\\?\c:\\ProgramData\Application Data: JUNCTION Print Name : c:\ProgramData Substitute Name: c:\ProgramData \\?\c:\\ProgramData\Desktop: JUNCTION Print Name : c:\Users\Public\Desktop Substitute Name: c:\Users\Public\Desktop \\?\c:\\ProgramData\Documents: JUNCTION Print Name : c:\Users\Public\Documents Substitute Name: c:\Users\Public\Documents \\?\c:\\ProgramData\Favorites: JUNCTION Print Name : c:\Users\Public\Favorites Substitute Name: c:\Users\Public\Favorites \\?\c:\\ProgramData\Start Menu: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu \\?\c:\\ProgramData\Templates: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Templates Substitute Name: c:\ProgramData\Microsoft\Windows\Templates . Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d01204a0294f878ccfc90f86a6d9550_b6f4ef62-bf5c-4674-87cc-43aa9fb14601: Access is denied. . ... ... ...\\?\c:\\Users\All Users: UNKNOWN MICROSOFT REPARSE POINT \\?\c:\\Users\Default User: JUNCTION Print Name : c:\Users\Default Substitute Name: c:\Users\Default \\?\c:\\Users\All Users\Application Data: JUNCTION Print Name : c:\ProgramData Substitute Name: c:\ProgramData \\?\c:\\Users\All Users\Desktop: JUNCTION Print Name : c:\Users\Public\Desktop Substitute Name: c:\Users\Public\Desktop \\?\c:\\Users\All Users\Documents: JUNCTION Print Name : c:\Users\Public\Documents Substitute Name: c:\Users\Public\Documents \\?\c:\\Users\All Users\Favorites: JUNCTION Print Name : c:\Users\Public\Favorites Substitute Name: c:\Users\Public\Favorites \\?\c:\\Users\All Users\Start Menu: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu \\?\c:\\Users\All Users\Templates: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Templates Substitute Name: c:\ProgramData\Microsoft\Windows\Templates . Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9d01204a0294f878ccfc90f86a6d9550_b6f4ef62-bf5c-4674-87cc-43aa9fb14601: Access is denied. .. \\?\c:\\Users\Default\Application Data: JUNCTION Print Name : c:\Users\Default\AppData\Roaming Substitute Name: c:\Users\Default\AppData\Roaming \\?\c:\\Users\Default\Local Settings: JUNCTION Print Name : c:\Users\Default\AppData\Local Substitute Name: c:\Users\Default\AppData\Local \\?\c:\\Users\Default\My Documents: JUNCTION Print Name : c:\Users\Default\Documents Substitute Name: c:\Users\Default\Documents \\?\c:\\Users\Default\NetHood: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Users\Default\PrintHood: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Users\Default\Recent: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Users\Default\SendTo: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Users\Default\Start Menu: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Users\Default\Templates: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION Print Name : c:\Users\Default\AppData\Local Substitute Name: c:\Users\Default\AppData\Local \\?\c:\\Users\Default\AppData\Local\History: JUNCTION Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\History Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\History \\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files \\?\c:\\Users\Default\Documents\My Music: JUNCTION Print Name : c:\Users\Default\Music Substitute Name: c:\Users\Default\Music \\?\c:\\Users\Default\Documents\My Pictures: JUNCTION Print Name : c:\Users\Default\Pictures Substitute Name: c:\Users\Default\Pictures \\?\c:\\Users\Default\Documents\My Videos: JUNCTION Print Name : c:\Users\Default\Videos Substitute Name: c:\Users\Default\Videos \\?\c:\\Users\Public\Documents\My Music: JUNCTION Print Name : c:\Users\Public\Music Substitute Name: c:\Users\Public\Music \\?\c:\\Users\Public\Documents\My Pictures: JUNCTION Print Name : c:\Users\Public\Pictures Substitute Name: c:\Users\Public\Pictures \\?\c:\\Users\Public\Documents\My Videos: JUNCTION Print Name : c:\Users\Public\Videos Substitute Name: c:\Users\Public\Videos \\?\c:\\Users\Trevor Bayless\Application Data: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming \\?\c:\\Users\Trevor Bayless\Cookies: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Cookies Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Cookies \\?\c:\\Users\Trevor Bayless\Local Settings: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local Substitute Name: C:\Users\Trevor Bayless\AppData\Local \\?\c:\\Users\Trevor Bayless\My Documents: JUNCTION Print Name : C:\Users\Trevor Bayless\Documents Substitute Name: C:\Users\Trevor Bayless\Documents \\?\c:\\Users\Trevor Bayless\NetHood: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Users\Trevor Bayless\PrintHood: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Users\Trevor Bayless\Recent: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Users\Trevor Bayless\SendTo: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Users\Trevor Bayless\Start Menu: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Users\Trevor Bayless\Templates: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Users\Trevor Bayless\AppData\Local\Application Data: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local Substitute Name: C:\Users\Trevor Bayless\AppData\Local \\?\c:\\Users\Trevor Bayless\AppData\Local\History: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\History .\\?\c:\\Users\Trevor Bayless\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\Temporary Internet Files .. ... ... ... ... ... ... .\\?\c:\\Users\Trevor Bayless\Documents\My Music: JUNCTION Print Name : C:\Users\Trevor Bayless\Music Substitute Name: C:\Users\Trevor Bayless\Music \\?\c:\\Users\Trevor Bayless\Documents\My Pictures: JUNCTION Print Name : C:\Users\Trevor Bayless\Pictures Substitute Name: C:\Users\Trevor Bayless\Pictures \\?\c:\\Users\Trevor Bayless\Documents\My Videos: JUNCTION Print Name : C:\Users\Trevor Bayless\Videos Substitute Name: C:\Users\Trevor Bayless\Videos .. ... ... ... ... ... ... .\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming \\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Documents Substitute Name: C:\Windows\system32\config\systemprofile\Documents \\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files .\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Music Substitute Name: C:\Windows\system32\config\systemprofile\Music \\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Pictures Substitute Name: C:\Windows\system32\config\systemprofile\Pictures \\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Videos Substitute Name: C:\Windows\system32\config\systemprofile\Videos . ... ... ... ... ... ... .. Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied. . ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-12-2009, 07:52 PM
|
#42 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
That finally did the trick. Thank you LonnyRJones.
 And thank you for your patience shyguy while we worked out deleting the folders in those obscenely long file paths. All that remains is to delete these 2 files, named exactly as you see them below. Be careful not to delete the legit C:\Windows\System32\LogonUI.exe C:\Windows\System32\LogonUI(386).exe C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6001.18000_none_6593128e7338aab2\LogonUI(652).exe Let me know if you were able to locate and delete both of those files, then we can finally wrap this up. |
|
|
|
|
10-12-2009, 10:22 PM
|
#43 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello,
I was successfully able to delete the two files! However, ever since these viruses started, they created so many folders when I click my the C: drive. Such as QooBox (which has quarantined files) can I delete this? and System.Sav, and MSOCache and $AVG8.VAULT$ and found.000 and finally a folder called boot. I know this is very random and my system is clean, but why did they all of a sudden pop up?? Thank you so much for your help Ried and LonnyRJones! |
|
|
|
|
10-12-2009, 10:43 PM
|
#44 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
You're welcome, shyguy. No, do not delete the Qoobox folder, it shall be taken care of when we uninstall ComboFix.
The remaining folders you mentioned are all legit and normally hidden from view. Again, these shall be set back to hidden when we uninstall ComboFix, which we will do now. Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer - Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. - Most importantly, Think Prevention ----------------------------------------------------- **Kindly respond one more time and let me know if we may consider this thread resolved. |
|
|
|
|
10-12-2009, 11:24 PM
|
#45 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hi,
When I go to Start>Run and then enter ComboFix /u I get an error saying.... "Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again." I still have the combofix icon located on my desktop. thanks! |
|
|
|
|
10-13-2009, 06:45 AM
|
#46 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hi shyguy,
Bring up the Run command again by pressing the Windows logo key and the letter R. Click the 'Browse' button and browse to the location on the desktop. Double click to get the path in the run box. At the end of the path, press the spacebar then type in /u and click OK. Let me know if that worked for you. |
|
|
|
|
10-13-2009, 11:03 AM
|
#47 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello!
Yes, that worked! However, all of the files and folders are still in the C: location. It's not a big deal what-so-ever I just saw that they were all created when the virus started, and scared me a little.. Haha. |
|
|
|
|
10-13-2009, 03:57 PM
|
#48 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Good.
 For the folders that are still showing, have a look at the instructions here. While those instructions are how to make hidden files and folders viewable, I think you'll get the idea of how to re-hide them. Just place a tick mark next to Hide system files and folders. Let me know if that did the trick. :) |
|
|
|
|
10-13-2009, 07:56 PM
|
#49 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello,
I looked at those instructions, and the radio selection is on the "hide folders". I put it to show system files and folders, then ticked it back to hide, and still nothing. I will add a screen shot of my (C:) Drive when I open it, also two folders in it that contain a lot of files that were not there before. Originally, my (C:) drive only had Program Files, Users, and Windows folders. Where could all of these other ones come from? Like I said, i'm perfectly fine with leaving them there, I'm just curious! Thanks Ried! Last edited by shyguy; 10-13-2009 at 07:59 PM. |
|
|
|
|
10-14-2009, 06:27 PM
|
#50 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Apparently on your machine, those folders are not hidden. As I mentioned, they are all legit folders, please do not take any action on them.
System.Sav <--HP Recovery MSOCache <-- Microsoft Office $AVG8.VAULT$ <-- Exactly as it's named. Any infections it takes action on, are placed in the Vault. found.000 <-- created by chkdsk utility. Inside you'll see files sequentially numbered. Thes file are creatd to save any lost data during the chkdsk fix. boot folder <-- Vista OS related. On mine they are hidden by default. Files/folders that are hidden by default will have a transparent look to them. 
Last edited by Ried; 10-14-2009 at 06:28 PM. |
|
|
|
|
10-14-2009, 07:39 PM
|
#51 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Alright, thanks!
I guess the files will just have to be there from now on, and I'm perfectly fine with that. We can consider this thread resolved =) thank you VERY VERY VERY much Ried. Your time and expertise is much appreciated! |
|
|
|
| Thread Tools | |
|
|
