Moneypak Virus, Dept of Justice version, 5 days fighting
- Thread starter typicaldani
- Start date
- Status
- Mar 8, 2013
- 22,627
Click on Start --> Run, and then copy this text:
Press OK, and tell me is ComboFix working now>
Code:
"C:\Users\Petty home\Desktop\ComboFix(2).exe" /KillAll /StepDel /NoMBRPress OK, and tell me is ComboFix working now>
No, here's what happened: first I got this message " error opening file for writing: c:\32788R22FWJFW\ERUNT.3XE" I pressed retry, same, pressed ignore. It went forward but then at that same point where I get the 216 (which I now see is connected to output folder c:\32788R22FWJFW) now I get: "Contents of folder c:\Windows\erdnt\Hiv-backup could not be deleted" and it stops like before.
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Is your Antivirus enabled when running ComboFix?
Please download Farbar Service Scanner and run it on the computer with the issue.
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
OK, back from the dentist for something more painful. I turned the antivirus off before running combofix but it might have come back on. Here's the log
- Mar 8, 2013
- 22,627
OK, here's what we're going to do:
Go to recovery mode and from there make fresh FRST report.
Also when in recovery:
Type the following in the edit box after "Search:"
Click Search File(s) button and post the log (Search.txt) it makes to your reply.
Go to recovery mode and from there make fresh FRST report.
Also when in recovery:
Type the following in the edit box after "Search:"
Code:
user32.dllClick Search File(s) button and post the log (Search.txt) it makes to your reply.
Search is taking quite a long time, 20 minutes now, is that normal? If so I'll ignore it, just trying not to waste time.
- Mar 8, 2013
- 22,627
I think it is normal. Wait 10 minutes more, if it doesn't finish comeback to me with at least one report.
- Mar 8, 2013
- 22,627
Ok, let's try:
Go download this file, and copy it on your flash drive from which you're running frst into recovery.
http://www73.zippyshare.com/v/88841583/file.html
Next, execute this fixlist.txt
Then boot normally and attach fresh FRST report.
Go download this file, and copy it on your flash drive from which you're running frst into recovery.
http://www73.zippyshare.com/v/88841583/file.html
Next, execute this fixlist.txt
Then boot normally and attach fresh FRST report.
- Mar 8, 2013
- 22,627
Yeah, I think we finally got him 
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
Next try to run ComboFix.
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
Next try to run ComboFix.
Attached fixlog. Combofix has made it through installation without any of the previous problems and it is now running, will see how this works out.
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
I've been just leaving it but this stage has been like 90 minutes so far, the others did go faster
- Status
Similar threads
