Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:
Code:
KILLALL::

DirLook::
C:\WINDOWS\system32\LA104.tmp



Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown: this is what i couldn't be able to do,so if you can guide me first on this,i will put the link back into this message copy & paste it into your browser when you have opened it up scroll down the page where it shows you how to download comifix [1] to your desktop & to save the name as well,ive done that but as you will see to boxes showing you what you havr to do then it has an arrow pointing downwoods so that is the part i haven't done yet where you have to copy & paste what is in that white box somehow & you are meant to put it into the comifix [1] thats where i left it,if we do this part then we can start on the xp moving it to the combifix [1],heres the link for you to see what im talking about on the diagram
http://aumha.net/viewtopic.php?p=183111&...4c2e0c27558c48b

thats the part im having the problem with the easy part is copying it & pasting it but how do i find out where this note pad is i don't have a clue & then how do i get to the format part

im sorry for any delay the avg started to do a scan test saying that there is a setup_en[1].exe the result infection it says trojan horse downloader.zlob.xb what do i do its only found this one trojan ,do we carry on from where i said i needed your help about the note pad where do you find it & how do you find the format bit after to format it then to drag it into comofix[1[

Umm, I never ask you to open Notepad. I simply asked you to move the setup file into ComboFix.exe. Where did you get that instructions from??

remember i sent you a link & on that link as you scroll down it look at the set up of combo bombo & you will see the picture diagram & you will see how it tells you step by step on how to do it,its no different to your one really,but thats where i started to get confused

The diagram you are looking at is NOT what I'm telling you to do.

The diagram is telling you how to download and rename ComboFix.exe, but we do NOT have to do that.

You already have ComboFix.exe on your desktop. You just need to install the Microsoft Windows Recovery Console. Please follow my earlier instructions on how to install the Recovery console below:

Quote:

---

Install recovery console

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System (Your Operating System is Windows XP Service Pack 2).




Download the file & save it as it's originally named, next to ComboFix.exe.<--- Important!




Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

---

[b]Please don't look at the instructions at that link anymore, it will only make you more confused. Just follow my instructions.

ok i will do that now,i know what you mean,thank you

is this the link i have to download http://www.microsoft.com/downloads/detai...;displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=en)
Back to the top

Yes, please download the setup file from that link by pressing the "Download" button.

ive downloaded it & saved it as the name of ComboFix.exe.& it is on my desktop,now a black box has opened up & says please specify the floppy drive to copy the images to: so now im stuck i don't know what to type into this black box at the top of the box first it states to create these disks,you need to provide 6 blank,formatted,high-density disks,i don't have a floppy disk on my pc what to do next bruce

Huh? You downloaded the setup file and named it ComboFix.exe? Why did you do that?

You should leave the name of the setup file as it is. I said download it and put it on desktop together with ComboFix.exe, NOT name the setup file as ComboFix.exe.

It seems that you have problem understanding my instructions, if you are unsure, please ask.

sorry shall i download it again & once ive done it i will let you know

Please do, and follow my instructions carefully. Thanks. :)

~Ltangel~

iv'e done it now its on my desk top,but the black box has oppened up again saying the same thing what to do now

What is the message in that black box? Can you tell me the full message?

c:\DOCUME-1\EDDY\LOCALS-1\TEMP\IXPOOO.TMP\makeboot.exe,this is in grey on the top of the black box,its the same type of box that opens up when you go into start then run then you type in cmd then that black box opens up,after saving it to the desktop it says run then i clicked it to run then the next part of it said open run i think then after i did that which usually thats near the end or is the end of the insterlation,thats when the black box comes only then not before
****************************************************
This program creates the Setup boot disks
for Microsoft Windows XP SP2.
To create these disks, you need to provide 6 blank,
formatted, high-density disks.

Please specify the floppy drive to copy the images to:

Did you drag and drop the setup file onto ComboFix.exe? It seems that you still don't understand my instructions.

When you download the setup file to your desktop at the link in the previous post, it should be dragged and dropped directly onto ComboFix.exe. You should NOT double-click on the setup file.

Ok, I shall say it clearer.

Use your mouse and click on the setup file you've downloaded, hold down your left mouse button and drag the setup file to ComboFix.exe. Then release your left mouse button when the setup file is right on top of ComboFix.exe.

Actually, the image below is clear enough, what do you not understand?

ive done it,im filled with joy & not pain & sorrow for a change im half way back to getting my baby back i miss her so much,i think tonight it time to spoil her with a candle lit dinner for two,joking,whats next bruce,you are the original terminator,of all pests & viruses

Can you please post the CF_RC.txt in your C drive?

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Hey engin123,

Great, now please restart your computer. If the Recovery Console is indeed installed successfully, you should see a black screen with Microsoft Windows Recovery Console as a booting option when you restart.

AFTER restarting your computer, please follow the instructions below.

VERY IMPORTANT! Please read the entire instructions and ask if you have anything you don't understand. Do NOT do anything until you know what I'm asking you to do completely.

Run SDFix

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\.

Please then reboot your computer in Safe Mode by doing the following :
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the first option, to run Windows in Safe Mode, then press Enter.
[*]Choose your usual account.

[*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
[*] Type Y to begin the cleanup process.
[*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
[*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.

----------------------------------------------------------------------

Scan with SmitFraudFix

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

----------------------------------------------------------------------

In your next reply (please include):

Fresh HijackThis log (after doing all the above)
Report.txt from SDFix
Report from SmitFraudFix

Go!

~Ltangel~

thank you so so so so so so much,im going out now i will be back it is in london now 1140am i will leave by 1150am or 1155am i will be back no later then 1pm or 1.30pm,maybe even before then i will start to read & follow your guidelines to make the world a better & safer place to live in is that ok ,in future because now & again i get a bit of bad luck when it comes to pc's can you send me your details like name country & e-mail,

because when you post a post upsometimes they don't always reply & its like a quick thing & you don't know from one minute to the next if it will be somone else who will take over or not,so its less confusing if i can stick to you bruce because i like your style & i can learn a lot from you,

everyone gives different advice on things so its better to be sticking with one do you agree to this bruce,im even willing to sign a treety if that will help the un

Alright, I'll wait for you.

As much as I would want to help you in real life, I cannot give away my personal information in a public forum like this. It is very dangerous to give out personal information on the Internet, I believe we all know that.

By the way, I don't live in USA or UK. My time zone is entirely different from yours, so I might not be on when you are on. I'll try my best to help you, and I can guarantee that helping you on here is the most effective way.

Just follow my instructions and you shall be fine. :)

ok no problem,it would be nice to know at least where you are from i don,t think that can cause you any harm because i got your last post at 3.45am this moring but i only saw it there at 6.10am when i woke up,so we know each oters times zones,

i have no problem with you if you asked me where my parents come from i would tell you,although i cant see you visa versa you just at least want to know the persons name or nick name & country of birth,it just makes you know the person a little better,

if we just spoke only once or twice there is no need but we have become like teacher & pupal so thats the only reason because time zone wise i don.t know when we can interact,do you get me

I don't really consider myself a teacher, I am more of a helper, that's all. :)

I live in Asia, and my time zone is GMT +8. Sorry but that's all I can reveal. While it's ok to tell you which country I am from privately, I prefer not to say it on here where lots of other users can read my post.

Thanks for your understanding. :)

PS. I'm a girl btw.