Please help with infected CPU.

[eaglecarr]

I ran in normal mode and it started the scan ran for a short time and said (examining waiting) and then closed. when I looked on the menu I tried to examine report and it did not find one. I am not sure if I have the settings right or not.

If I miss your next post I will pick up on it tomorrow. I have to leave work in a few, but thank you for all of your help.

[PhilliePhan]

by the way phillie phan, I am a big baseball fan myself. I see where the Rockies are up on your boys.
thanks for the help

We are happy to help!

-- It's been an interesting season. . . . Rox are a tough matchup for the Phils because they are a mirror image of each other.



Once all the tools have been run, the new logs will show any remaining malware and we can rip that out by hand. Looks like you were goaded into downloading hXXp://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
which is Vundo / WinFixer or whatever you want to call it. VundoFix will address the damage it did. Or, Judy can tell you how to configure ComboFix to target it as well. I prefer running both tools since you'll probably need to run ComboFix to remove the other baddies....

Best Luck
PP

[jholland1964]

Let's go with VundoFix First.
Do that first and report back with the log. Then we will do ComboFix

[eaglecarr]

hey, sorry I was out of town this morning. I am d/l and installing vundofix now. Do I need to run in safe mode?

also, on the log. will that be a log from Vundofix or do you want new hjt logs?

[jholland1964]

Just run in normal.
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.



Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot

It is the VundoFix log we need this time.

After that;

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log in the thread you are working in.

Note:

• Do not mouseclick combofix's window while it is running. That may cause it to stall.

[eaglecarr]

o.k., I completed VundoFix and it removed several files. (however I do not see the option for printing a log or creating a log)

I am in the process of d/l combofix.

When I did not see the option for a log in Vundo I did rerun HJT. Do you want it or disregard it.

thanks

[jholland1964]

For now, go with combofix. Once that is done then post combofix log and run a new HJT scan and post those two.

[eaglecarr]

o.k., I ran combofix and it did its thing, but in the middle of the run the old NAV program on the computer threw up a message saying "malicious script detected"
C:\combofix\svcdrv.vbs
C:\combofix\lnkread.vbs

I was not sure what to do when this happen, so I let it sit there and tried to look at the options to deal with the script and when I clicked on the tab it blanked out the selections and eventually both instances went away and combofix finished the log file.

here are the combofix logs and both HJT logs

thanks

also, this is my last post for the day. I will be back on this in the morning. thank you so much for your help!

[jholland1964]

I really need to see that VundoFix log. Look here;
C:\vundofix
See if you can then find C:\vundofix.txt
Post it here.

[eaglecarr]

Sorry for not responding Friday. I actually got a virus myself, I tested positive for the flu and was piled up. I am feeling much better now after some rest and I found the vundofix.txt file.