I've been smacked with this headache. Having a lot of trouble finding a solution. Vista Antivirus 2008 has taken over. Could someone help with a solution. Mcafee will not install due to "not enough memory". I've cleaned and defraged as much as I can. HELP!!!
Hi Mekia1217 First, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Next, please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
PUSHD "C:\32788R22FWJFW\" IF NOT EXIST C:\WINNT\system32\cmd.exe GOTO Not_NT VER 1>VER00 C:\WINNT\system32\FIND.exe "Microsoft Windows [Version 5.2.3790]" VER00 ---------- VER00 IF NOT ERRORLEVEL 1 GOTO Not_NT C:\WINNT\system32\FIND.exe "Windows XP" VER00 ---------- VER00 C:\WINNT\system32\FIND.exe "Windows 2000" VER00 ---------- VER00 Microsoft Windows 2000 [Version 5.00.2195] HANDLE 1>temp01 SED -r "/<Non-existant Process> pid: ([0-9]*) .*/!d; s//@Nircmd KillProcess \/\1/" temp01 1>temp00.bat CALL temp00.bat PV -o"%i\t%l" 1>temp02 SED "/\t.*\\nircmd\.inf$/!d; s///; s/./@pv -kfi &/" temp02 1>temp01.bat CALL temp01.bat DEL /Q temp0?.bat temp0? ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CFLDR=32788R22FWJFW CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=COMPUTER-R26IN0 ComSpec=C:\WINNT\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\ KMD=CF27619.exe LOGONSERVER=\\COMPUTER-R26IN0 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Os2LibPath=C:\WINNT\system32\os2\dll; Path=C:\32788R22FWJFW;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0803 ProgramFiles=C:\Program Files PROMPT=$ sfxcmd="C:\Documents and Settings\Administrator\Desktop\Combo-Fix(.exe).exe" sfxname=C:\Documents and Settings\Administrator\Desktop\Combo-Fix(.exe).exe SYSTEM=C:\WINNT\system32 SystemDrive=C: SystemRoot=C:\WINNT TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=COMPUTER-R26IN0 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINNT ============================================= IF NOT DEFINED sfxname GOTO END COPY swreg.exe swreg.cfexe 1 file(s) copied. CALL sfx.cmd IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort IF EXIST "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log" 1 file(s) copied. 1 file(s) copied. ( SET "FileName=Combo-Fix(.exe)" SET "FilePath=C:\Documents and Settings\Administrator\Desktop\" ) SET FileName 1>FileName GREP -isqx "FileName=[-[:alnum:]@.]*" FileName || ( CALL NIRCMD infobox "You cannot rename ComboFix as ~n~nPlease use another name, preferbaly made up of alphanumeric characters" "" GOTO END ) IF EXIST "C:\WINNT\system32\cmd.execf" MOVE /Y "C:\WINNT\system32\cmd.execf" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp" CD .. IF DEFINED cfldr RD /S/Q "32788R22FWJFW"
I hope that was it. I followed instructions but things did not go as described. A text appeared on my C drive labeled bug.
Hey Mekia1217 Hmmm... Combofix had a problem. We'll run another tool. Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
