Many people don't understand about malware in restore points. In fact, there was one member here who thought every time the computer was booted that it booted from a system restore point! Not so!. If malware
only shows that it is 'System Volume' (restore points) it means it's no longer active in the system. But if an infected restore point happened to be chosen to do a System Restore, it
could reinfect the system.
We have you drop all the old restore points when the system is clean and set a new, clean restore point. But sometimes the only way to get back in to a system is through a restore point-infected or not-we keep them on hand til the cleaning is complete.
Run this script first:
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\documents and settings\Administrator\Application Data\BitComet
c:\windows\system32\ShellManager10E2D762.dll
Folder::
c:\documents and settings\All Users\Application Data\McAfee
Driver::
FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Please run DDS again. (You can delete the original 2 logs) If you followed the directions, you will have deleted it after running, so follow this:
- Download DDS by sUBs and save it to your desktop.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool. No input is needed, the scan is running.
- Notepad will open with the results, click no to the Optional_Scan
- Follow the instructions that pop up for posting the results.
- Close the program window, and delete the program from your desktop.
Please note:
You may have to disable any script protection running if the scan fails to run.
Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control
HERE
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Please attach both in your next reply.
=========================
Run Eset NOD32 Online AntiVirus Scanner HERE
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
I recommend that you uninstall Bit Torrent. In addition tot he program itself, there is data and the firewall has been set to allow Bit Torrent through several different ports. This is a vulnerability to the system.