Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
TDSSkiller and combofix do not work on my computer, what next?
Message
<blockquote data-quote="Fiery" data-source="post: 89923" data-attributes="member: 9"><p>Ok, let try this. Delete the old copy of combofix and download a new copy to your desktop. Do NOT run it yet.</p><p></p><p></p><p>Open up Notepad and paste the following:</p><p></p><p>[code]</p><p>Killall::</p><p></p><p>Rootkit::</p><p>C:\$recycle.bin\S-1-5-18\$6eafbdfb16247891b48cd81310fa2096\</p><p>C:\$recycle.bin\S-1-5-21-2237648750-519446113-968589488-1001\$6eafbdfb16247891b48cd81310fa2096\</p><p>C:\$recycle.bin\S-1-5-18\$6eafbdfb16247891b48cd81310fa2096\</p><p>C:\$recycle.bin\S-1-5-21-2237648750-519446113-968589488-1001\$6eafbdfb16247891b48cd81310fa2096\</p><p></p><p>File:: </p><p>C:\Users\Nigel\AppData\Roaming\sbthn.dll</p><p>[/code]</p><p></p><p> * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe</p><p> * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!</p><p> * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.</p><p> * Now use your mouse to drag CFscript.txt on top of ComboFix.exe</p><p><img src="http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p> * Follow the prompts.</p><p> * When it finishes, a log will be produced named c:\combofix.txt</p><p> * I will ask for this log below</p><p></p><p></p><p>Then,</p><p></p><p>Download Farbar Recovery Scan Tool from the below link:</p><p><ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><<strong>>Farbar Recovery Scan Tool</<strong>></a> and save it to a flash drive.</strong></strong></p><p><strong><strong>For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><<strong>>Farbar Recovery Scan Tool x64</<strong>></a> and save it to a flash drive.</li></strong></strong></strong></strong></p><p><strong><strong><strong><strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><li>Plug the flashdrive into the infected PC.</li></strong></strong></strong></strong></p><p><strong><strong><strong><strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><li>Enter <<strong>>System Recovery Options</<strong>>.</li></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><<strong>>To enter System Recovery Options from the Advanced Boot Options:</<strong>></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><ul></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong> <li>Restart the computer.</li></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong> <li>As soon as the BIOS is loaded begin tapping the<<strong>> F8</<strong>> key until Advanced Boot Options appears.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Use the arrow keys to select the <<strong>>Repair your computer</<strong>> menu item.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select <<strong>>US</<strong>> as the keyboard language settings, and then click <<strong>>Next</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select the operating system you want to repair, and then click <<strong>>Next</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select your user account an click <<strong>>Next</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong></ul></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><<strong>>To enter System Recovery Options by using Windows installation disc:</<strong>></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><ul></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Insert the installation disc.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Restart your computer.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Click <<strong>>Repair your computer</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select <<strong>>US</<strong>> as the keyboard language settings, and then click <<strong>>Next</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select the operating system you want to repair, and then click <<strong>>Next</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select your user account and click <<strong>>Next</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong></ul></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><li>On the System Recovery Options menu you will get the following options:</span></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><pre>Startup Repair</strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>System Restore</strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Windows Complete PC Restore</strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Windows Memory Diagnostic Tool</strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Command Prompt</pre></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><ol></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select <<strong>>Command Prompt</<strong>></li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>In the command window type in <<strong>>notepad</<strong>> and press <<strong>>Enter</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>The notepad opens. Under File menu select <<strong>>Open</<strong>>.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Select "Computer" and find your flash drive letter and close the notepad.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>In the command window type <<strong>><span style="color: #ff0000;">e</span>:\frst.exe</<strong>> (for x64 bit version type <<strong>><span style="color: #ff0000;">e</span>:\frst64</<strong>>) and press <<strong>>Enter</<strong>></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><<strong>>Note:</<strong>><span style="color: #ff0000;"> Replace letter <<strong>>e</<strong>> with the drive letter of your flash drive.</span></li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>The tool will start to run.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>When the tool opens click <<strong>>Yes</<strong>> to disclaimer.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Press <<strong>>Scan</<strong>> button.</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li><<strong>>FRST</<strong>> will let you know when the scan is complete and has written the <<strong>>FRST.txt</<strong>> to file, close out this message, then type the following into the search box:</strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><<strong>>services.exe</<strong>></li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Now press the <<strong>>Search</<strong>> button</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>When the search is complete, search.txt will also be written to your USB</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Type <<strong>>exit</<strong>> and reboot the computer normally</li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong> <li>Please copy and paste both logs in your reply.(FRST.txt and Search.txt)</li></li></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong></ol></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong></ul></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></strong></p></blockquote><p></p>
[QUOTE="Fiery, post: 89923, member: 9"] Ok, let try this. Delete the old copy of combofix and download a new copy to your desktop. Do NOT run it yet. Open up Notepad and paste the following: [code] Killall:: Rootkit:: C:\$recycle.bin\S-1-5-18\$6eafbdfb16247891b48cd81310fa2096\ C:\$recycle.bin\S-1-5-21-2237648750-519446113-968589488-1001\$6eafbdfb16247891b48cd81310fa2096\ C:\$recycle.bin\S-1-5-18\$6eafbdfb16247891b48cd81310fa2096\ C:\$recycle.bin\S-1-5-21-2237648750-519446113-968589488-1001\$6eafbdfb16247891b48cd81310fa2096\ File:: C:\Users\Nigel\AppData\Roaming\sbthn.dll [/code] * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe * At this point, you MUST EXIT ALL BROWSERS NOW before continuing! * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop. * Now use your mouse to drag CFscript.txt on top of ComboFix.exe [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img] * Follow the prompts. * When it finishes, a log will be produced named c:\combofix.txt * I will ask for this log below Then, Download Farbar Recovery Scan Tool from the below link: <ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><[b]>Farbar Recovery Scan Tool</[b]></a> and save it to a flash drive. For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><[b]>Farbar Recovery Scan Tool x64</[b]></a> and save it to a flash drive.</li> <li>Plug the flashdrive into the infected PC.</li> <li>Enter <[b]>System Recovery Options</[b]>.</li> <[b]>To enter System Recovery Options from the Advanced Boot Options:</[b]> <ul> <li>Restart the computer.</li> <li>As soon as the BIOS is loaded begin tapping the<[b]> F8</[b]> key until Advanced Boot Options appears.</li> <li>Use the arrow keys to select the <[b]>Repair your computer</[b]> menu item.</li> <li>Select <[b]>US</[b]> as the keyboard language settings, and then click <[b]>Next</[b]>.</li> <li>Select the operating system you want to repair, and then click <[b]>Next</[b]>.</li> <li>Select your user account an click <[b]>Next</[b]>.</li> </ul> <[b]>To enter System Recovery Options by using Windows installation disc:</[b]> <ul> <li>Insert the installation disc.</li> <li>Restart your computer.</li> <li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li> <li>Click <[b]>Repair your computer</[b]>.</li> <li>Select <[b]>US</[b]> as the keyboard language settings, and then click <[b]>Next</[b]>.</li> <li>Select the operating system you want to repair, and then click <[b]>Next</[b]>.</li> <li>Select your user account and click <[b]>Next</[b]>.</li> </ul> <li>On the System Recovery Options menu you will get the following options:</span> <pre>Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt</pre> <ol> <li>Select <[b]>Command Prompt</[b]></li> <li>In the command window type in <[b]>notepad</[b]> and press <[b]>Enter</[b]>.</li> <li>The notepad opens. Under File menu select <[b]>Open</[b]>.</li> <li>Select "Computer" and find your flash drive letter and close the notepad.</li> <li>In the command window type <[b]><span style="color: #ff0000;">e</span>:\frst.exe</[b]> (for x64 bit version type <[b]><span style="color: #ff0000;">e</span>:\frst64</[b]>) and press <[b]>Enter</[b]> <[b]>Note:</[b]><span style="color: #ff0000;"> Replace letter <[b]>e</[b]> with the drive letter of your flash drive.</span></li> <li>The tool will start to run.</li> <li>When the tool opens click <[b]>Yes</[b]> to disclaimer.</li> <li>Press <[b]>Scan</[b]> button.</li> <li><[b]>FRST</[b]> will let you know when the scan is complete and has written the <[b]>FRST.txt</[b]> to file, close out this message, then type the following into the search box: <[b]>services.exe</[b]></li> <li>Now press the <[b]>Search</[b]> button</li> <li>When the search is complete, search.txt will also be written to your USB</li> <li>Type <[b]>exit</[b]> and reboot the computer normally</li> <li>Please copy and paste both logs in your reply.(FRST.txt and Search.txt)</li></li> </ol> </ul>[/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b] [/QUOTE]
Insert quotes…
Verification
Post reply
Top