mikex Posted November 30, 2008 Report Share Posted November 30, 2008 Hey guys, I am working on a pc remotely that is infected. I am trying to get the logs for HJT from the machine to mine to post. The symtoms:When surfing you can go just about any where until the site comes to s security site like avg, notron and such. Anytime I try to download an AV scanner I get page cannot be found, no matter which scanner. If you try to install Malwarebytes, Spybot, or scanners the Run/Cancel window opens and after clicking Run nothing happens. Nothing obvious in the Task Manager. I did run HJT, Ccleaner, ATF cleaner, I have Dr. Web Cureit running now.Any thing I can look at to assist in cleaning this machine. I am doing all scans possible in Safe Mode.Mike Link to post Share on other sites
Rorschach112 Posted November 30, 2008 Report Share Posted November 30, 2008 Post the Dr. Web log if you have itPlease download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".[*]During the download, rename Combofix to Combo-Fix as follows:[*]It is important you rename Combofix during the download, but not after.[*]Please do not rename Combofix to other names, but only to the one indicated.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers.WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combo-Fix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites
mikex Posted December 1, 2008 Author Report Share Posted December 1, 2008 The infection was tdss. I inadvertantly deleted the folder where I had everything saved. The machine is running 100% better than yesterday. I was able to clean a few infections with Dr. Web CureIt then after that I was able to install Malwarebytes and AVG. I have been doing this remotely and the users need to do some work for school tomorrow. I will tinker with it more this week late nights. Thanks for the input I did download Combo Fix to keep in the ol' Tool box.Mike Link to post Share on other sites
Rorschach112 Posted December 1, 2008 Report Share Posted December 1, 2008 Ok let me know if you need anything Link to post Share on other sites
Rorschach112 Posted December 8, 2008 Report Share Posted December 8, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts