I had trouble finding the CNS files and I think those CNS files are all in "C" Documents and Settings, temporary int. files.

There is this 3721 folder which refused to be deleted, it just pops up everytime you reboot thinking you have deleted it.

Attached are the requested logfiles.

Please advice.

Damn this thing IS taking a LONG time. :hotouch:

Hi,

Apparently the cns.txt displays a blank file? Please check if its the right file attached.

It appears we do have a tricky infection on our hands. I've read through the previous posts in this thread, and realised that you have never once posted a ComboFix log and done your AVG anti-rootkit scan.

Please run AVG Anti Rootkit via Step 11 of the instructions HERE. Also download combofix from the link in my signature. Let me know the results of the scan.

It is highly likely that something else is running in the background and keeping the infection active.

Post the combofix log and the results of the anti-rootkit in your next reply.


Regards,
Your friendly momok =)

This thread is for the use of OKai only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

There were not rootkits according to the AVG rootkit scan.

I have attached a new copy of cns.txt files (there were many entires, I just listed them all)

However combofix does not work for my computer. My computer is in a chinese version which includes a wierd type format different from English. I had trouble entering commands in the command prompt.

I'm wondering should I give it one more try, or can you give me some other solution?

Hi,

Please download and run CCleaner via step 9 of the instructions HERE.

Some of your entries did not include file extensions. Could you edit that text file and include the full file path of the cns files?

Thanks. Also, please post a fresh HijackThis log in your next reply please.

Regards,
Your friendly momok =)

This thread is for the use of OKai only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

do you have a lot of stuff on your pc that you need, if so can you back it up, and if you can why not just clean install windows

\

When you mean file extensions, do they show what type of file it is or what? Please advice.

Hi,

For example, your log shows "cns.dll___C:\WINDOWS\system32" which really means C:\WINDOWS\system32\cns.dll. The extension in this case is '.dll'.

Some of your entries show
cns___C:\WINDOWS\system32
CNSMIN___C:\Program Files\3721
CnsMinCgM___C:\Documents and Settings\max\Local Settings\Temporary Internet Files
CnsMinM___C:\Documents and Settings\max\Local Settings\Temporary Internet Files

Those do not incude the extentions, which I need so I can type out an avengerscript for you. Could you do a search for these files again and post a fresh list as well as a fresh HijackThis log?


Regards,
Your friendly momok =)

This thread is for the use of OKai only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.