Help please!!! - Split from other user's thread

**bingo** · 05-16-2007, 06:18 PM

Originally Posted by jholland1964

Type 1 and then hit Enter on your keyboard.
The scan will run.
When the scan is completed a Notepad will automatically open with the log. Save the log as a text file and post it back here.

I ran the new downloaded Combofix.exe by type '1' and hit Enter. During the first 15 min, the program is working (hard disc light is blink), then it's sleeping. The info in the window is same as I posted last time. I closed the window after 4 hours (during these period, I haven't move my mouse and key board) because looks like it'll do nothing forever. How long supposed Combofix.exe run? I never get the Notepad log. All the log I gave to you is copying from Combofix.exe window. I noticed there is 1 directory and 1 .bat file created in desktop right after running the exe file, but they are disappeared from desktop in about 20 seconds. Is this normal? Help me go through this scan please! Many thanks!!!

**jholland1964** · 05-16-2007, 07:03 PM

No, this is not normal. You actually only see the blue "dos" window while the scan is running and it actually should only take around 10 minutes. Have never seen this happen before. Let me do some checking.

**bingo** · 05-20-2007, 11:52 PM

Originally Posted by jholland1964

No, this is not normal. You actually only see the blue "dos" window while the scan is running and it actually should only take around 10 minutes. Have never seen this happen before. Let me do some checking.

Hi Judy,

Any results and suggestions? Thanks!

Bingo

**jholland1964** · 05-21-2007, 10:11 AM

I'll tell you what, I obviously have not been paying attention and I am sorry...PP noted AND I have seen the entries in your logs indicating the Sony DRM Rootkit on your system...I am really sorry that I kept "not seeing what I was seeing".
You need to remove this with these manual removal steps from Bleepingcomputer;
Manual deletion instructions of the DRM rootkit service (Windows NT/2000):

Because Windows NT or 2000 does not include the SC.exe program, we will need to download a freeware alternative. Download SWSC and save it in your Windows folder.
Click on the Start button.
Click on the Run option.
In the Open: field type cmd /k swsc delete $sys$aries and press the OK button.
Reboot your computer
Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with the directory that Windows is installed on your computer)

Reboot and then run a new HJT scan and post the log.

**bingo** · 05-21-2007, 10:51 AM

Originally Posted by jholland1964

I'll tell you what, I obviously have not been paying attention and I am sorry...PP noted AND I have seen the entries in your logs indicating the Sony DRM Rootkit on your system...I am really sorry that I kept "not seeing what I was seeing".
You need to remove this with these manual removal steps from Bleepingcomputer;
Manual deletion instructions of the DRM rootkit service (Windows NT/2000):

Because Windows NT or 2000 does not include the SC.exe program, we will need to download a freeware alternative. Download SWSC and save it in your Windows folder.
Click on the Start button.
Click on the Run option.
In the Open: field type cmd /k swsc delete $sys$aries and press the OK button.
Reboot your computer
Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with the directory that Windows is installed on your computer)

Reboot and then run a new HJT scan and post the log.

I downloaded and copied swsc.exe in C:\WINNT and run cmd /k swsc delete $sys$aries in the run window. Syatem can not find swsc under my document directly. Then, I go to WINNT directly in cmd.exe window and run "run cmd /k swsc delete $sys$aries", still get following error:

C:\WINNT>cmd /k swsc delete $sys$sries
SteelWerX Service Controller 2.0
Written by Bobbi Flekman 2006 (C)

System Error. Code: 1060.
The specified service does not exist as an installed service

Please tell me how to run swsc.exe correctly, thanks!

**jholland1964** · 05-21-2007, 12:26 PM

Download and run the automated removal tool from here;
http://securityresponse.symantec.com.../FixRyknos.exe

**bingo** · 05-21-2007, 06:40 PM

Originally Posted by jholland1964

Download and run the automated removal tool from here;
http://securityresponse.symantec.com.../FixRyknos.exe

I ran FixRyknos.exe and ended with message "Ryknos has not been found on your computer". Attached are new logs from AVG and HJT v1.99.1. Please take a look. Many thanks!

**jholland1964** · 05-24-2007, 10:50 PM

Please run the Microsoft® Windows® Malicious Software Removal Tool

Once you have run the tool then run a new HJT scan and post the log.

**bingo** · 05-25-2007, 10:27 AM

Run Microsoft® Windows® Malicious Software Removal Tool and nothing found. Attached is a new HJT scan log. It's same as last time. Based on so many logs, how my machine looks like? Can I run Spyware and Virus scan now? Per your suggestion, I should not run these tools until you suggest me do that.

**jholland1964** · 05-25-2007, 10:53 AM

Can I run Spyware and Virus scan now?

What Spyware? You all ready have scanned with AVG Anti-spy, and the I am not certain what Spyware program you are talking about. You have SpywareGuard and AVG Anti-spy running in the background right now, too many progams can also cause problems and you just scanned with the Microsoft® Windows® Malicious Software Removal Tool.

Thread: Help please!!! - Split from other user's thread

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions