Yup! I'm surprised it didn't find it earlier....Originally Posted by Tirhakah
Here they are, i think combofix appears to have found wowfx somehow
I employed a different CFScript this time, but didn't think it would be necessary in the first place.
I think wowfx.dll may have been hidden due to some sort of rootkit/stealthing process, though we can't be sure without running a number of rootkit detection tools. That is up to you whether you'd like to continue along those lines.
The Gmer rootkit scan was clean, however, so my suspicion could very well be wrong.
If indeed the system has been compromised by a rootkit (which in essence hides programs from the Windows API), then the only way you can truly be certain a machine is clean is to wipe the hard drive and reinstall the OS.
At this point, the ComboFix log looks OK.
-- You can delete this folder: C:\Program Files\Kaspersky Lab
Also, I'd suggest visiting my linky below and getting AV and Firewall, installed and running. Also install Spyware Blaster, if you haven't already done so.
PP
Reply With Quote