Results 1 to 10 of 45

Thread: Computer cleaned (?) but Control Panel still inaccessible

Hybrid View

  1. 01-13-2008, 09:46 AM #1
    Tirhakah
    Tirhakah is offline Junior Member
    Join Date
    Jan 2008
    Posts
    18
    Sorry, I didn't have access to the infected computer yesterday, but I've done what you said now. Combifix deleted several files, and control panel is now available again (yay) updated java, but I haven't been able to verify it yet, as I haven't been allowed to reconnect to the internet on that computer... also ran hjt, and the logs are attached.

    Notes:
    * Kaspersky kept flagging combofix.exe as infected with Heur.Invader(modification), don't know why...
    * when the computer restarted during combofix, it complained of not being able to find C:\WINDOWS\system32\ndaTqsVqrX.dll, one of the files that combofix removed.
    * Combofix also deleted some of kasperky's files.
    Attached Files Attached Files
    Reply With Quote Reply With Quote
  2. 01-13-2008, 03:06 PM #2
    PhilliePhan's Avatar
    PhilliePhan
    PhilliePhan is offline High-Voltage Messiah
    Join Date
    Aug 2006
    Posts
    578

    Lightbulb

    Quote Originally Posted by Tirhakah View Post
    * Kaspersky kept flagging combofix.exe as infected with Heur.Invader(modification), don't know why...
    Heuristic detections like this are not uncommon when you are working with tools such as these that shut down various Windows processes. No worries.

    Quote Originally Posted by Tirhakah View Post
    * when the computer restarted during combofix, it complained of not being able to find C:\WINDOWS\system32\ndaTqsVqrX.dll, one of the files that combofix removed.
    That is another case of a registry remnant calling a removed malware at startup. We'll probably need to remove it manually .
    Quote Originally Posted by Tirhakah View Post
    * Combofix also deleted some of kasperky's files.
    That is odd, but not surprising. I suggest uninstalling Kaspersky for the time being - until the machine is clean. Then completely re-install it so we can be sure it hasn't been damaged and will work properly in the future.


    ** This machine is pretty heavily infested - Please run ComboFix again. Download a fresh version as it is constantly updated. Please post the fresh scanlog.
    I know all these scans can be a pain, but they do make things easier (if less challenging) than they were back in the old days of ripping out infestations manually
    We'll probably have a lot of "manual" removal to do afterward nonetheless.....


    @Judy:
    I'd suggest a running of SDFix as well as a rerun of combofix and get both fresh logs before starting the manual removal process. What do you think?


    Cheers
    PP
    Philadelphia Phillies
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules