TechSpot

Malware / warnings of infection

By DENNISEPT
Oct 31, 2010
  1. I have a vary poorly worded warning that persists on my dektop that says " Your computer is making unauthorized copies of youe system and Internet files. You should imideatly run a full scan your system to prevent any unauthorized access to your data.

    This is the exact text, spelling and gramatical errors are axact copies of the warning.

    Log file to follow.


    DAS: C:\Documents and Settings

    D: C:\Documents and Settings\All Users\Desktop
    D: C:\Documents and Settings\Default User\Desktop
    D: C:\Documents and Settings\Dennis\Desktop
    D: C:\WINDOWS\system32\config\systemprofile\Desktop

    SM: C:\Documents and Settings\All Users\Start Menu
    SM: C:\Documents and Settings\Default User\Start Menu
    SM: C:\Documents and Settings\Dennis\Start Menu
    SM: C:\Documents and Settings\LocalService\Start Menu
    SM: C:\WINDOWS\system32\config\systemprofile\Start Menu

    UR: C:\Documents and Settings\All Users
    UR: C:\Documents and Settings\Default User
    UR: C:\Documents and Settings\Dennis
    UR: C:\Documents and Settings\LocalService
    UR: C:\Documents and Settings\NetworkService
    UR: C:\WINDOWS\system32\config\systemprofile

    F: C:\Documents and Settings\All Users\Favorites
    F: C:\Documents and Settings\Default User\Favorites
    F: C:\Documents and Settings\Dennis\Favorites
    F: C:\Documents and Settings\LocalService\Favorites
    F: C:\WINDOWS\system32\config\systemprofile\Favorites

    AD: C:\Documents and Settings\All Users\Application Data
    AD: C:\Documents and Settings\Dennis\Application Data
    AD: C:\Documents and Settings\Default User\Application Data
    AD: C:\Documents and Settings\LocalService\Application Data
    AD: C:\Documents and Settings\NetworkService\Application Data
    AD: C:\WINDOWS\system32\config\systemprofile\Application Data

    QL: C:\Documents and Settings\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch

    TF: C:\Documents and Settings\Default User\Local Settings\Temp
    TF: C:\Documents and Settings\Dennis\Local Settings\Temp
    TF: C:\Documents and Settings\LocalService\Local Settings\Temp
    TF: C:\Documents and Settings\NetworkService\Local Settings\Temp
    TF: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp
    TF: C:\WINDOWS\Temp

    P: C:\Documents and Settings\All Users\Start Menu\Programs
    P: C:\Documents and Settings\Default User\Start Menu\Programs
    P: C:\Documents and Settings\Dennis\Start Menu\Programs
    P: C:\Documents and Settings\LocalService\Start Menu\Programs
    P: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs

    S: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    S: C:\Documents and Settings\Default User\Start Menu\Programs\Startup
    S: C:\Documents and Settings\Dennis\Start Menu\Programs\Startup
    S: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup

    D: C:\Documents and Settings\All Users\Documents
    D: C:\Documents and Settings\Default User\My Documents
    D: C:\Documents and Settings\Dennis\My Documents
    D: C:\WINDOWS\system32\config\systemprofile\My Documents


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Dennis at 21:49:09.20 on 30/10/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.174 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    "\\.\globalroot\Device\svchost.exe\svchost.exe"
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\lexmark\drivers\3500-4500\Lexmark 3500-4500 Series\lxdimon.exe
    "C:\WINDOWS\system32\svchost.exe"
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\lexmark\drivers\3500-4500\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nexus Radio\Nexus Radio.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Dennis\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Nexus Radio] c:\program files\nexus radio\Nexus Radio.exe -0
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [lxdimon.exe] "c:\lexmark\drivers\3500-4500\lexmark 3500-4500 series\lxdimon.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [lxdiamon] "c:\lexmark\drivers\3500-4500\lexmark 3500-4500 series\lxdiamon.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\office
    Trusted Zone: msn.ca\sympatico
    Trusted Zone: windowsupdate.com
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
    DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://secure.learning.gov.ab.ca/edarts.internet/includes/smsx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1287500169764
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://64.114.25.196/Vernon/cabfile/mgaxctrl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188480287067
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188480276792
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-9 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-9 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-31 243024]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-2-6 99248]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-3-21 114952]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-6-23 16512]
    S3 cpuz132;cpuz132;\??\c:\docume~1\dennis\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\dennis\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2008-6-23 42880]

    =============== Created Last 30 ================

    2010-10-31 04:14:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-31 04:14:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-31 03:34:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-30 20:34:19 78040 ----a-w- c:\windows\system32\drivers\klmd.sys
    2010-10-30 19:43:46 -------- dc----w- C:\TDSSKiller_Quarantine
    2010-10-29 14:15:44 -------- d-----w- c:\program files\iPod
    2010-10-29 14:15:36 -------- d-----w- c:\program files\iTunes
    2010-10-29 14:14:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-10-29 14:14:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-10-29 14:14:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-10-29 14:14:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-10-29 14:14:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-10-29 14:14:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-10-29 14:14:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-10-26 13:21:43 -------- dc----w- c:\docume~1\alluse~1\applic~1\{C3243856-7746-4A05-8837-51A28C1CDD82}
    2010-10-17 17:55:31 -------- dc----w- c:\documents and settings\all users\Uniblue
    2010-10-17 16:45:53 -------- dc----w- c:\docume~1\alluse~1\applic~1\ReviverSoft
    2010-10-17 16:45:20 -------- d-----w- c:\docume~1\dennis\locals~1\applic~1\OpenCandy
    2010-10-17 16:45:12 -------- d-----w- c:\docume~1\dennis\applic~1\OpenCandy
    2010-10-17 16:13:37 -------- d-----w- c:\docume~1\dennis\applic~1\DriverCure
    2010-10-17 16:13:15 -------- dc----w- c:\docume~1\alluse~1\applic~1\DriverCure
    2010-10-17 16:05:40 -------- dc----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
    2010-10-17 15:51:13 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-10-17 15:51:12 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-10-17 15:47:39 -------- d-----w- c:\program files\Bonjour
    2010-10-16 01:41:36 -------- dc----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-10-06 20:38:54 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-10-06 19:06:54 -------- d-----w- c:\docume~1\dennis\applic~1\WindSolutions
    2010-10-06 19:06:43 -------- dc----w- c:\docume~1\alluse~1\applic~1\WindSolutions
    2010-10-05 13:14:25 -------- d-----w- c:\program files\YouTube Downloader

    ==================== Find3M ====================

    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 21:51:05.55 ===============


    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit quick scan 2010-10-30 21:46:55
    Windows 5.1.2600 Service Pack 3
    Running: 8yf0d7gz.exe; Driver: C:\DOCUME~1\Dennis\LOCALS~1\Temp\pgpyypog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHDS728040PLAT20_________________________PF1OA2AA#5&1e66e99f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:564] F8939730
    Thread System [4:576] F873A078
    Thread System [4:584] F86CBE8A

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [MANUAL] vbma1edb <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  3. DENNISEPT

    DENNISEPT TS Rookie Topic Starter

    I down loaded Combofix, disabled antispyware and firewall but when I tried to run Combofix I didn't see any prompts. The center portion of my screen is covered by a large black box with a warning that says "YOUR SYSTEM IS INFECTED". This may well be covering any Combofix prompts.
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    Is there any way to move that black box? If not, try running combofix in safe mode please.
     
  5. DENNISEPT

    DENNISEPT TS Rookie Topic Starter

    The black box doesn't move. How do I run cpombofix in safe mode?
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    When you first start your PC, immediately after pressing the power button, start tapping the F8 key on the keyboard until you get a menu with safe mode on it :).
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...