User User name Password  
   
Thursday 31.10.2024 / 19:00
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > combofix stalls
Show topics
 
Forums
Forums
Combofix stalls
  Jump to:
 
Posted Message
Page:12Next >
Paynor
Newbie
_
25. December 2013 @ 11:50 _ Link to this message    Send private message to this user   
Hello,

On old laptop with Win7 SP1 32 bit), all MS windows update secu patches applied, recently started having problems with occasional freezes of about 10 seconds duration (on whatever application was running, MS Word, browser....). High level of CPU activity for the duration of the freeze. No obvious malware, nothing strange in process monitor. AVGFree does not report any problem, and completes a complete scan with no problems.

Ran MWBytes with latest definitions, found 2 items, hiding in non system-critical files:
- Trojan.ransom.gen
- Backdoor.IRCBot.FB
Removed these using MWBytes.

Uninstalled AVGFRee.

Rebooted.

Ran MWBytes antirootkit (mbam 10.07.0.1008, with DB v2013.12.25.03.
Nothing found.

Ran Kaspersik antirootkit, tdsskiller.
Found compromised sptd.service. Quarantined (I can reinstall the software).

rebooted.

Tried running Combofix. It stalls just after letting you know that the scan can take over 10 minutes. Does not get to showing scan stages. No clock change. Waited one hour and no change. ALT CNTL DEL disabled (by malware?) when Combofix run. Hard reboot needed to go anywhere. Tdsskiller scan was clean when run a second time.

Tried running DDS, it stalls too with the progress bar at about 3/4 and "Please wait..." No log file generated.

Laptop has Linux installed as well, Linux bootloader. See ASWMBR scan log (clean) for details.

Suggestions anyone? Thanks!

////// ASWMBR SCAN LOG //////////////////////////

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-25 09:35:53
-----------------------------
09:35:53.678 OS Version: Windows 6.1.7601 Service Pack 1
09:35:53.678 Number of processors: 1 586 0xD06
09:35:53.688 ComputerName: T42-WIN7 UserName: T42-Win7
09:35:54.349 Initialize success
09:51:13.186 AVAST engine defs: 13122500
10:09:31.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:09:31.295 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
10:09:31.425 Disk 0 MBR read successfully
10:09:31.445 Disk 0 MBR scan
10:09:31.465 Disk 0 unknown MBR code
10:09:31.475 Disk 0 Partition 1 00 17 Hidd HPFS/NTFS 219 MB offset 63
10:09:31.495 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 60466 MB offset 453600
10:09:31.525 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 81000 MB offset 124291440
10:09:31.545 Disk 0 Partition - 00 05 Extended 10936 MB offset 290183101
10:09:31.575 Disk 0 Partition 4 00 82 Linux swap 2034 MB offset 290183103
10:09:31.595 Disk 0 Partition - 00 05 Extended 8902 MB offset 294349104
10:09:31.645 Disk 0 scanning sectors +312581808
10:09:31.676 Disk 0 scanning C:\Windows\system32\drivers
10:09:52.736 Service scanning
10:10:36.819 Modules scanning
10:10:46.824 Disk 0 trace - called modules:
10:10:46.854 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:10:46.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e624c8]
10:10:46.894 3 CLASSPNP.SYS[8aeab59e] -> nt!IofCallDriver -> [0x860c3608]
10:10:46.914 5 ACPI.sys[8a6273d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860bf610]
10:10:47.294 AVAST engine scan C:\Windows
10:10:51.911 AVAST engine scan C:\Windows\system32
10:16:38.956 AVAST engine scan C:\Windows\system32\drivers
10:17:14.527 AVAST engine scan C:\Users\T42-Win7
10:23:59.670 AVAST engine scan C:\ProgramData
10:26:10.008 Scan finished successfully
10:49:09.632 Disk 0 MBR has been saved successfully to "C:\Users\T42-Win7\Desktop\MBR.dat"
10:49:09.652 The log file has been saved successfully to "C:\Users\T42-Win7\Desktop\aswMBR.txt"
Advertisement
_
__
AfterDawn Addict
_
25. December 2013 @ 18:52 _ Link to this message    Send private message to this user   
Hi Paynor,

Try running Combofix in Safe Mode..

If it works post the log and I can help you clean the rest.

or if it don't, we'll try sompthing else :)

2oG
ddp
Moderator
_
25. December 2013 @ 22:37 _ Link to this message    Send private message to this user   
Paynor, did the problem start just after the windows updates?
AfterDawn Addict
_
25. December 2013 @ 22:43 _ Link to this message    Send private message to this user   
ddp - it's a backdoor bot - Backdoor.IRCBot.FB

this one stops combofix and DDS from running...

if he can get combo to run in safe mode it may get the bad part of it.

it allows remote access to the computer. BAD GUY!!!

p.s. he also has a post for help on malwarebytes.org - they are good with these. :)

This message has been edited since posting. Last time this message was edited on 25. December 2013 @ 22:48

ddp
Moderator
_
25. December 2013 @ 22:58 _ Link to this message    Send private message to this user   
thought it might have something to do with this http://forums.afterdawn.com/thread_jump.cfm/965453/5922807 & what he has\had might have been there from before or ms is infected as had that happened to me once yrs ago.
AfterDawn Addict
_
25. December 2013 @ 23:13 _ Link to this message    Send private message to this user   
No, it has nothing to do with the updates,
MB.org has been using Farbar Recovery Scan Tool to fix it but I haven't been there in so long I have no training using it. but last one I ran across combofix and OTL plus some scanners took care of it.

Hope MR.org don't see his post on here.
ddp
Moderator
_
25. December 2013 @ 23:14 _ Link to this message    Send private message to this user   
why?
AfterDawn Addict
_
25. December 2013 @ 23:21 _ Link to this message    Send private message to this user   
They don't like multiple posts. it gets people screwed up on the order of removal. they want you to delete all other posts before they will help.
ddp
Moderator
_
25. December 2013 @ 23:46 _ Link to this message    Send private message to this user   
but if he has 1 post on their site & 1 post on ours then not multi-posting.
AfterDawn Addict
_
25. December 2013 @ 23:53 _ Link to this message    Send private message to this user   
To them it is..
they're not as loose as we are. 1 victim and 1 helper on a thread no peanut gallery.
No P2P software installed, no cracks keygens or illegal operating systems. no business machines etc. etc. etc.

he he been there, done that.
ddp
Moderator
_
26. December 2013 @ 00:18 _ Link to this message    Send private message to this user   
2 different sites for same problem i call shotgun approach. i do the same when applying for a job in that hit as many places with a resume as possible at once so can always say no to other job offers when you now have a job.
Paynor
Newbie
_
26. December 2013 @ 14:00 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Hi Paynor,

Try running Combofix in Safe Mode..

If it works post the log and I can help you clean the rest.

or if it don't, we'll try sompthing else :)

2oG
2oG - Same problem in ComboFix running Win in safe mode. ComboFix freezes, after a little burst of HD activity. ALT CTL DEL disabled. Waited half hour. No system clock change. Combofix does not get to the point where it shows the stages.
Paynor
Newbie
_
26. December 2013 @ 14:03 _ Link to this message    Send private message to this user   
Originally posted by ddp:
Paynor, did the problem start just after the windows updates?
ddp - I dont think so, it started several weeks ago (dont remember when in relation to Windows Update run), but I initially thought it was just because the HD was getting too full. However, freeing up HD space did not help, so then I started looking for malware.
AfterDawn Addict
_
26. December 2013 @ 19:52 _ Link to this message    Send private message to this user   
This one is a real bear to get out...

Try this:

Download rkill and run it before running combofix it will stop the running processes that are keeping combo and DDS from running.

If you reinstalled AVG, disable it before running Combofix in regular mode.
Don?t reboot after running rkill ? you will have to run it again. It will just flash a black box when it runs. I think? Haha been a long time:)
Rkill:
http://www.majorgeeks.com/mg/get/rkill,1.html

2oG

p.s. pls post the log

This message has been edited since posting. Last time this message was edited on 26. December 2013 @ 19:55

Paynor
Newbie
_
26. December 2013 @ 20:24 _ Link to this message    Send private message to this user   
Did not reinstall any AV software, pc is still not running any AV.

I ran rkill first time, the scan result contained the following line:
"* HKLM\Software\Classes\.exe\shell found and deleted!"
The log file was overwritten when I ran rkill the second time, so have only the second rkill log here:
******************************************************************
Rkill 2.6.4 by Lawrence Abrams (Grinler)
link removed for posting
Copyright 2008-2013 BleepingComputer
More Information about Rkill can be found at this link:

link removed for posting

Program started at: 12/26/2013 08:13:57 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

Program finished at: 12/26/2013 08:15:18 PM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)

****************************************************************

Then tried Combofix one more time (in normal mode). Same freeze problem as before.
AfterDawn Addict
_
26. December 2013 @ 20:31 _ Link to this message    Send private message to this user   
Like I said, this honey's a bear...

Let's see if you can run OTL:


--OTL--

Please download OTL by OldTimer to your Desktop.

If you already have a copy of OTL, delete it and use this version.

Double click OTL.exe to launch the program.

Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)

Please post me both logs

2oG
Paynor
Newbie
_
27. December 2013 @ 11:26 _ Link to this message    Send private message to this user   
Thanks for staying on this. Have tried posting the 2 log files, but I get a server error msg from the forum each time.
Paynor
Newbie
_
27. December 2013 @ 11:32 _ Link to this message    Send private message to this user   
Trying to split into text sections to see if that helps the server errror:
section #1

OTL logfile created on: 27/12/2013 07:19:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T42-Win7\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.64% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.05 Gb Total Space | 15.56 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
Drive D: | 79.10 Gb Total Space | 3.96 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 1.33 Gb Free Space | 36.85% Space Free | Partition Type: FAT32

Computer Name: T42-WIN7 | User Name: T42-Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/12/24 19:36:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
PRC - [2013/11/12 15:28:02 | 001,144,544 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe
PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/02 03:08:22 | 000,692,328 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2013/05/28 11:50:02 | 000,218,112 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/12/23 12:33:08 | 000,134,416 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/12/09 12:47:36 | 000,726,912 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 09:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/07/12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 16:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 15:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 15:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/04 10:42:58 | 002,411,520 | ---- | M] (GoldenDict) -- C:\Program Files\GoldenDict\GoldenDict.exe
PRC - [2010/10/27 12:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 04:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/24 10:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009/11/24 10:25:34 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/11/09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/09/23 09:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2007/03/26 09:00:26 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE
PRC - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] (GNU) -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe
PRC - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] () -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvslock.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/27 15:50:30 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll
MOD - [2010/12/03 16:03:12 | 000,007,168 | ---- | M] () -- C:\Program Files\GoldenDict\GdTextOutSpy.dll
MOD - [2010/12/03 06:37:48 | 000,378,880 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qtiff4.dll
MOD - [2010/12/03 06:37:48 | 000,351,744 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qmng4.dll
MOD - [2010/12/03 06:37:48 | 000,286,720 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qjpeg4.dll
MOD - [2010/12/03 06:37:48 | 000,083,456 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qico4.dll
MOD - [2010/12/03 06:37:46 | 000,083,456 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qgif4.dll
MOD - [2010/12/03 06:32:46 | 000,399,360 | ---- | M] () -- C:\Program Files\GoldenDict\QtXml4.dll
MOD - [2010/12/03 06:32:40 | 000,344,576 | ---- | M] () -- C:\Program Files\GoldenDict\phonon4.dll
MOD - [2010/12/03 06:32:28 | 017,314,816 | ---- | M] () -- C:\Program Files\GoldenDict\QtWebKit4.dll
MOD - [2010/12/03 06:32:22 | 001,149,440 | ---- | M] () -- C:\Program Files\GoldenDict\QtNetwork4.dll
MOD - [2010/12/03 06:32:18 | 000,043,008 | ---- | M] () -- C:\Program Files\GoldenDict\libgcc_s_dw2-1.dll
MOD - [2010/12/03 06:32:12 | 000,011,362 | ---- | M] () -- C:\Program Files\GoldenDict\mingwm10.dll
MOD - [2010/12/03 06:32:00 | 009,889,792 | ---- | M] () -- C:\Program Files\GoldenDict\QtGui4.dll
MOD - [2010/12/03 06:31:58 | 002,543,616 | ---- | M] () -- C:\Program Files\GoldenDict\QtCore4.dll
MOD - [2009/05/16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008/12/06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
MOD - [2005/04/19 18:38:00 | 000,396,288 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL
AfterDawn Addict
_
27. December 2013 @ 11:46 _ Link to this message    Send private message to this user   
Originally posted by Paynor:
Thanks for staying on this. Have tried posting the 2 log files, but I get a server error msg from the forum each time.
Trying to split into text sections to see if that helps the server errror:
Hold on to those Logs and should be able to post them later...

The Backdoor you have is NOT a rootkit but it hides like one, so please run MBAR and see if it catches it...
--Malwarebytes Anti-Rootkit--

Please download Malwarebytes Anti-Rootkit
? Unzip the contents to a folder in a convenient location.
? Open the folder where the contents were unzipped and run mbar.exe
? Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
? Click on the Cleanup button to remove any threats and reboot if prompted to do so.
? Wait while the system shuts down and the cleanup process is performed.
? Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please attempt to post the OTL logs you have and the MBAR folder..... mbar-log.txt and system-log.txt

2oG
Paynor
Newbie
_
27. December 2013 @ 11:47 _ Link to this message    Send private message to this user   
Very strange!
Even with html links removed, and split into small text sections, I still get the internal server error from AfterDawn after pasting any further sections of the log files as text. I dont see any option for posting them as attachments on the AfterDawn forum.

Then I tried posting them as attachments to my post on the MWBytes forum, but the file upload fails there too. Strange for a 150 KB text file.
"Extras.Txt
This upload failed"

All these attempts are from another (probably clean!) computer.
AfterDawn Addict
_
27. December 2013 @ 11:56 _ Link to this message    Send private message to this user   
just run the MBAR, my instructions may be out of date but click it update it and run it, save the logs and maybe can send them later.

please let me know what happens, since I can't see it :)

haven't tried this blind folded before may be fun. lol
Paynor
Newbie
_
27. December 2013 @ 12:23 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
just run the MBAR, my instructions may be out of date but click it update it and run it, save the logs and maybe can send them later.

please let me know what happens, since I can't see it :)

haven't tried this blind folded before may be fun. lol
Going away until Sunday, will do as you suggest then, thanks for your patience!
AfterDawn Addict
_
27. December 2013 @ 12:27 _ Link to this message    Send private message to this user   
no prob I must be out for a while so see you later



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
AfterDawn Addict
_
28. December 2013 @ 14:37 _ Link to this message    Send private message to this user   
Not Sunday yet but saw your post to malwarebytes.com.. Gringo is very qualified and is starting off with some of the adware/foistware removers that I will use next. it will clean up trash and will make the other logs easier to read. I didn't start with them because you were having so much trouble running the others.

Were you able to get a MBAR or OTL Log?

2oG
Advertisement
_
__
 
_
ps355528
Senior Member
_
29. December 2013 @ 07:51 _ Link to this message    Send private message to this user   
I can see the problem from the first successful log.. and I'm pretty sure where it came from (i have a copy of the malware installer or a close relative saved on my hdd) thing installs teamviewer and a nice backdoor.. it was designed to trick the moronic into paying for "help".. but it's since been exploited by the automation people (runs and hides.. not me this time Guv.. honest)

as the machine dual boots linux that would be my way in.. but they made a real mess of clamav recently.. so personally antirootkit and manual complete scrub of nasty files would be my first choice (shred them muthas.. or overwrite with crap by sector directly using dd and a mash file) and then I would NOT trust this installation of windows for ANYTHING after removal.. seriously..



ARR! Them pesky Navy! Get out of my sea!
irc://irc.villageirc.net/afterdawn http://www.pirateparty.org.uk/
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > combofix stalls
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork