Download Killbox
this is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.
Usage Information:
Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so.
These are the files you want it to search for and delete;
C:\WINDOWS\system32\rzozhe.dll
C:\WINDOWS\system32\jdkiucpa.dll
C:\WINDOWS\system32\jdvwwnef.dll
When the computer reboots I want you to do the following;
Open Notepad and copy/paste the text in the below quote box into it:
KILLALL::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"BM2c819698"=-
- Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
- At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
- You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
- Now use your mouse to drag CFscript.txt on top of ComboFix.exe
- Follow the prompts.
- When it finishes, a log will be produced named c:\combofix.txt
Do you have any idea what these listed below refer to?
We have no clue at all what these are:
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\A LCXWDex]
"ImagePath"="system32\drivers\ALCXWDex.sys"
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\n ull2k]
"ImagePath"="system32\drivers\null2k.sys"
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p 3nt]
"ImagePath"="system32\drivers\p3nt.sys"
As far as the infected pen drive;
PP said the following;
If he is able to track down the infected drive, he could try http://download.bleepingcomputer.com...isinfector.exe
Or, even scanning with his AV?
Reply With Quote