TechSpot

Autorun of outlook mail

By jessa_jr
Jun 11, 2008
  1. My outlook mail client is keep running whenever I open any application, it keeps poping-up. I know there's a malware autorun virus on my pc kindly help me.

    Kindly help me attached is all the logs u needed I already finished all the instruction.

    No rootkit found in the panda rootkit scan.
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Interesting. Looks like an infection that could have been picked up from a removable drive. I would recommend scanning any removable drives that you have with Virus Scanners/ Anti spyware. Let's get this off your system though.

    Go to Microsoft's website => http://support.microsoft.com/kb/310994
    Select the download that's appropriate for your Operating System.


    [​IMG]


    Download the file & save it as it's originally named, next to ComboFix.exe.



    [​IMG]


    Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

    Please do not reboot your machine until we have reviewed the log.
     
  3. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    combo fix log

    Here's the log you've needed I hope you can reply to me asap thanks, I just want to ask is what is for the sp2 software boot disk that I've dowload.
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Most likely you will never use it, but it is a good precaution to install it on machines that don't already have it.

    How come you have already run Combofix 5 times Please attach here:
    C:\ComboFix-quarantined-files.txt

    I also noticed you started working on this problem the 26th of last month. Are you receiving help on another forum? If so we need to know so that our instructions don't conflict with each other.
    ----------------------------------------------------------------

    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
     
  5. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    re run combo fix

    This is the fresh hjt and combo fix log.

    I already run combo fix 5 times just because to get ease of the virus, I solve it on my own first and if the virus is still there I only ask in this forum.

    Thanks for the reply... More power
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    We need to disable Teatimer function of Spybot or this won't work.

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    -------------------------------------------------------

    Only after you have disabled Tea timer can you proceed

    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
     
  7. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    combo fix log

    attached is the cflog
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Backup your regsitry
    First, we need to backup your registry:
    Please go to Start > Run
    Paste in the following line:
    • regedit /e c:\registrybackup.reg
    Click OK.
    It won't appear to be doing anything, that's normal.
    Your mouse pointer may turn to an hour glass for a minute.
    Please continue when it no longer has the hour glass.


    Making a .reg file
    Open notepad and copy and paste the text in the quotebox below in it: Remove the space in the word mountpoints before saving

    Name the file as Fix.reg

    Change the "Save As" type to "All Files" and save it on the desktop.

    It should look like this: [​IMG]

    Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
     
  9. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    what will i do next

    What will I do next I just finished your instructions.
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Run me another log with combofix, so that I can check if we successfully moved those entries
     
  11. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    cflog

    attached is the log
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Looking much better, are you still having issues with outlook?

    Please follow up with kaspersky

    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...