Virus file - need help on removal

Status
Not open for further replies.
It just protects them against getting viruses.

Was there anything in the drive when running ComboFix?

Give it one more run for me.

Plug in your flash drive as well this time.

avatar62338_9.gif
Combofix
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
Link 3
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
I'd venture to guess it's a U3 flash memory device? I think with U3 flash sticks you'll may find both
=> A removable disk and
=> A CD drive

USE THE SAFELY REMOVE HARDWARE icon to stop the device. Remove it. Does the CD go away?

btw.. i haven't read the whole thread but when said "my flash wasn't connected when scanned" i just wondered did you ever scan your flash drives??? they may be infected and carrying malware themselves
 
kritius: for some reason, it will not let me download the flash disinfector. There was nothing in my D: drive at the time and there still isn't. I will run combofix now.

lookinaround: I did not scan my flash drive because it still isn't showing up on my computer. I can find it under "safely remove hardware" but it does not give me the option to view it's files. I'm not sure what a U3 flash memory device is, actually =(
 
Strange,

The link works fine for me. What happens when you try to download it?

I'll see if I can find another.
 
It says the following error message:

"File Not Found

Firefox can't find the file at http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe."

Should I run combofix first or wait to try flash disinfector again before doing that?

Also, I'm able to access my flash drive perfectly under "Disk Management". It just doesn't run automatically when I put it in the USB port.
 
An autorun trojan may be the problem.

Run Combofix with your flash drive in. We'll see about flash disinfector later.

Have to head to sleep now. I'll look at the log tomorrow.
 
Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word KillAll:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
KillAll::

File::

Folder::

Driver::

DirLook::

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10a77790-f28e-11db-b04b-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cba5d2d-f4cd-11db-b3ec-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e63f5ad-087b-11dc-9ac1-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9323aad-f3fe-11db-b907-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec46b1ad-19d1-11dc-ad3e-806d6172696f}]
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Right Click on the link below and choose save as, then save it to your desktop.

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Then run the flash disinfector as normal.
 
Okay here are the logs. I ran the disinfector and it just finished doing what it's supposed to. What should I do now?
 
Yes,

It won't really do much harm if you don't though, Trend Micro are rubbish at keeping it updated so if you need it again chances are you will already have the latest version.
 
Just for interest Rukichu
What is the expiry date on your licensed McAfee Antivirus?
I ask this mainly because of your infections (now being solved) and would like to inform you that McAfee is not one of the best Antiviruses available (IMO). ie do you want to change it?
 
I'm not sure when the expiration date is, actually. This may sound a bit strange, but my mom is actually paying for the antivirus software and as far as her thinking is concerned, she believes it is the best out there. I really can't change it right now, but so my computer isn't left practically naked, I still kept SuperAntiSpyware in my computer.
 
Thanks

Well as I mentioned I do not believe it is the best out there, this also confirmed by the fact that you were infected as well.

Anyway it all comes down to if you are happy with what you have, then stick with it :grinthumb
 
I understand, and I don't really think it's the best either, to be honest. But I'm a lot more educated in the causes of these viruses and such so I dont think I'll have such a severe problem again.
Thanks to everyone for their help :D
 
kimsland said:
Thanks

Well as I mentioned I do not believe it is the best out there, this also confirmed by the fact that you were infected as well.

Anyway it all comes down to if you are happy with what you have, then stick with it :grinthumb
Click to expand...

I'd temper that statement by saying i don't think any A/V (be it the best or not) can provide 100% certain protection against infection (whether it's truly the best or not)

And while i believe that's true, also consider i say this within the context of... "kimsland and i like to go back-and-forth on the details.." :D so I had to throw my statement in as well!
 
I agree that no single software program can provide full 100% protection against Virus or Malware

But McAfee Antivirus has many startups, causing the system (response) to be generally slower, this being also due to the amount of Ram that is required to run it !

And on top of that I have had other members use it, scan fully, without finding a Virus
Then uninstall it, and then run the removal tool (as it won't uninstall fully without this)
Then install free Avira, and do an updated full scan, and find positive (real) viruses

So there :p
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M
Jess_123
My num pad + doesn't work ...
Replies
0
Views
265
Jess_123
Jess_123
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
275
Nelson28
N

Latest posts

Back