Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
dll host consume ram
Message
<blockquote data-quote="TwinHeadedEagle" data-source="post: 184111" data-attributes="member: 6533"><p>Hi,</p><p></p><p></p><p>Who told you to run <strong>ComboFix</strong>? ComboFix is complex and very powerfull tool, not intended for everyday use. It should be run only when asked and under guidance by trained malware removal expert. Don't run <strong>ComboFix</strong> on your own!!!</p><p></p><p></p><p>Open notepad and copy/paste the text present inside the code box below:</p><p><span style="font-size: 12px"><span style="color: red"><strong>NOTICE:</strong> This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system</span></span></p><p></p><p><span style="color: #b35900">[code]</span></p><p><span style="color: #b35900">Folder::</span></p><p><span style="color: #b35900">c:\programdata\SNT</span></p><p><span style="color: #b35900">c:\program files (x86)\SNT</span></p><p><span style="color: #b35900">c:\programdata\SuperbApp</span></p><p><span style="color: #b35900">c:\programdata\YoutubeAdblocker</span></p><p><span style="color: #b35900">c:\programdata\save Neti</span></p><p><span style="color: #b35900">c:\program files (x86)\save Net</span></p><p><span style="color: #b35900">c:\programdata\InstallMate</span></p><p><span style="color: #b35900">c:\programdata\e8bfc10261579107</span></p><p><span style="color: #b35900">c:\users\user\AppData\Local\Torch</span></p><p><span style="color: #b35900">c:\program files (x86)\Conduit</span></p><p><span style="color: #b35900">c:\programdata\Conduit</span></p><p><span style="color: #b35900">c:\users\user\AppData\Local\FilesFrog Update Checker</span></p><p><span style="color: #b35900">c:\users\user\AppData\Local\Conduit</span></p><p><span style="color: #b35900">c:\program files (x86)\Webfuii</span></p><p><span style="color: #b35900"></span></p><p><span style="color: #b35900">Registry::</span></p><p><span style="color: #b35900">[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</span></p><p><span style="color: #b35900">"BackgroundContainer"=-</span></p><p><span style="color: #b35900">[HKEY_LOCAL_MACHINE\software\microsoft\security center]</span></p><p><span style="color: #b35900">"AutoUpdateDisableNotify"=dword:00000000</span></p><p><span style="color: #b35900"></span></p><p><span style="color: #b35900">Driver::</span></p><p><span style="color: #b35900">Update Webfuii</span></p><p><span style="color: #b35900">Util Webfuii</span></p><p><span style="color: #b35900">BprotectEx</span></p><p><span style="color: #b35900"></span></p><p><span style="color: #b35900">ClearJavaCache::</span></p><p><span style="color: #b35900">[/code]</span></p><p></p><p>Save this as <strong>CFScript.txt </strong></p><p></p><p><img src="http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>Close all browser windows and refering to the picture above.</p><p></p><p>Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.</p><p>ComboFix will will re-run. When finished, it will produce a log for you.</p><p>Attach the contents of the log in your next reply. (typical location: C:\<strong>ComboFix.txt</strong> )</p><p></p><p></p><p></p><p style="text-align: center"><strong><span style="color: #00b300">***** NEXT *****</span></strong></p><p></p><p></p><p></p><p>Please download <span style="color: blue"><strong>zoek.zip</strong></span> or <span style="color: blue"><strong>zoek.rar</strong></span> by <strong>smeenk</strong> (<img src="http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png" alt="" class="fr-fic fr-dii fr-draggable " style="" />) from <a href="http://hijackthis.nl/smeenk/" target="_blank"><strong><span style="color: green"><u>here</u></span></strong></a> or <a href="http://home.kpn.nl/stefsmeenk/zoek.exe" target="_blank"><strong><span style="color: green">here</span></strong></a> and save it to your <strong>Desktop</strong>.</p><p><em><span style="font-size: 12px">Unpack the archive...</span></em></p><ul> <li data-xf-list-type="ul">Close any open browsers</li> <li data-xf-list-type="ul">Temporarily disable your <strong>AntiVirus</strong> program. (<em>If necessary</em>)<br /> <span style="font-size: 12px"> If you are unsure how to do this please read <a href="http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html" target="_blank"><strong><em>this</em></strong></a> or <a href="http://www.bleepingcomputer.com/forums/topic114351.html" target="_blank"><em><strong>this</strong></em></a> Instruction.</span><br /> </li> <li data-xf-list-type="ul">Double click on <strong>zoek.exe</strong> to run the tool .<br /> <em>Please wait while the tool does not start...</em><br /> </li> <li data-xf-list-type="ul">Copy the text present inside the code box below and paste it into the large window in the zoek tool:<br /> <span style="font-size: 12px"><span style="color: red"><strong>NOTICE:</strong> This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system</span></span><br /> <br /> <span style="color: #b35900">[code]createsrpoint;<br /> emptyfolderscheck;delete<br /> autoclean;<br /> emptyclsid;<br /> emptyalltemp;<br /> ipconfig /flushdns;b<br /> [/code]</span><br /> </li> <li data-xf-list-type="ul">Click on <img src="http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /> button.<br /> <em>Please wait until a logreport will open (this can be after reboot)</em><br /> </li> <li data-xf-list-type="ul">Save notepad to your Desktop and attach here <strong>zoek-results.log</strong><br /> <em><strong><span style="color: red">Note:</span></strong><span style="color: blue"> It will also create a log in the <strong>C:\ </strong>directory named "<strong>zoek-results.log</strong>"</span></em></li> </ul><p></p><p></p><p></p><p style="text-align: center"><strong><span style="color: #00b300">***** NEXT *****</span></strong></p><p></p><p></p><p></p><p>Re-run <strong>FRST</strong> again, check <strong>Addition.txt</strong>, press <strong>Scan</strong>, and attach both reports.</p><p></p><p></p><p></p><p><strong><span style="color: #00b3b3">==========================================================================================================</span></strong></p><p><strong>Things I need you to do:</strong></p><p>- <em><span style="color: #00b300">ComboFix report</span></em></p><p>- <em><span style="color: #00b300">Zoek report</span></em></p><p>- <em><span style="color: #00b300">FRST.txt and Addition.txt reports</span></em></p><p><span style="color: #00b3b3">=======================================================================================================================</span></p></blockquote><p></p>
[QUOTE="TwinHeadedEagle, post: 184111, member: 6533"] Hi, Who told you to run [B]ComboFix[/B]? ComboFix is complex and very powerfull tool, not intended for everyday use. It should be run only when asked and under guidance by trained malware removal expert. Don't run [B]ComboFix[/B] on your own!!! Open notepad and copy/paste the text present inside the code box below: [SIZE=3][COLOR=red][B]NOTICE:[/B] This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system[/COLOR][/SIZE] [COLOR=#b35900][code] Folder:: c:\programdata\SNT c:\program files (x86)\SNT c:\programdata\SuperbApp c:\programdata\YoutubeAdblocker c:\programdata\save Neti c:\program files (x86)\save Net c:\programdata\InstallMate c:\programdata\e8bfc10261579107 c:\users\user\AppData\Local\Torch c:\program files (x86)\Conduit c:\programdata\Conduit c:\users\user\AppData\Local\FilesFrog Update Checker c:\users\user\AppData\Local\Conduit c:\program files (x86)\Webfuii Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackgroundContainer"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000000 Driver:: Update Webfuii Util Webfuii BprotectEx ClearJavaCache:: [/code][/COLOR] Save this as [B]CFScript.txt [/B] [IMG]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/IMG] Close all browser windows and refering to the picture above. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will will re-run. When finished, it will produce a log for you. Attach the contents of the log in your next reply. (typical location: C:\[B]ComboFix.txt[/B] ) [CENTER][B][COLOR=#00b300]***** NEXT *****[/COLOR][/B][/CENTER] Please download [COLOR=blue][B]zoek.zip[/B][/COLOR] or [COLOR=blue][B]zoek.rar[/B][/COLOR] by [B]smeenk[/B] ([IMG]http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png[/IMG]) from [URL='http://hijackthis.nl/smeenk/'][B][COLOR=green][U]here[/U][/COLOR][/B][/URL] or [URL='http://home.kpn.nl/stefsmeenk/zoek.exe'][B][COLOR=green]here[/COLOR][/B][/URL] and save it to your [B]Desktop[/B]. [I][SIZE=3]Unpack the archive...[/SIZE][/I] [LIST] [*]Close any open browsers [*]Temporarily disable your [B]AntiVirus[/B] program. ([I]If necessary[/I]) [SIZE=3] If you are unsure how to do this please read [URL='http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html'][B][I]this[/I][/B][/URL] or [URL='http://www.bleepingcomputer.com/forums/topic114351.html'][I][B]this[/B][/I][/URL] Instruction.[/SIZE] [*]Double click on [B]zoek.exe[/B] to run the tool . [I]Please wait while the tool does not start...[/I] [*]Copy the text present inside the code box below and paste it into the large window in the zoek tool: [SIZE=3][COLOR=red][B]NOTICE:[/B] This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system[/COLOR][/SIZE] [COLOR=#b35900][code]createsrpoint; emptyfolderscheck;delete autoclean; emptyclsid; emptyalltemp; ipconfig /flushdns;b [/code][/COLOR] [*]Click on [IMG]http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png[/IMG] button. [I]Please wait until a logreport will open (this can be after reboot)[/I] [*]Save notepad to your Desktop and attach here [B]zoek-results.log[/B] [I][B][COLOR=red]Note:[/COLOR][/B][COLOR=blue] It will also create a log in the [B]C:\ [/B]directory named "[B]zoek-results.log[/B]"[/COLOR][/I] [/LIST] [CENTER][B][COLOR=#00b300]***** NEXT *****[/COLOR][/B][/CENTER] Re-run [B]FRST[/B] again, check [B]Addition.txt[/B], press [B]Scan[/B], and attach both reports. [B][COLOR=#00b3b3]==========================================================================================================[/COLOR] Things I need you to do:[/B] - [I][COLOR=#00b300]ComboFix report[/COLOR][/I] - [I][COLOR=#00b300]Zoek report[/COLOR][/I] - [I][COLOR=#00b300]FRST.txt and Addition.txt reports[/COLOR][/I] [COLOR=#00b3b3]=======================================================================================================================[/COLOR] [/QUOTE]
Insert quotes…
Verification
Post reply
Top