Computer cleaned (?) but Control Panel still inaccessible

**PhilliePhan** · 01-22-2008, 02:58 PM

Originally Posted by Tirhakah

Ok, doesn't look very informative, but here it is:

Well . . . That's odd. It just seems to have disappeared. There were a number of things in the first combofix log that I thought you and Judy cleaned, but going back over the thread, I do not see those steps. Curiouser and curiouser

If you don't mind, I'd like to see one last ComboFix log at your leisure. Download a new version and keep it on the desktop after the scan in case we need to use it to remove additional baddies.

Cheers

PP

**Tirhakah** · 01-23-2008, 10:59 AM

Here's the log. Still includes some 'reg load points' for files that don't exist (I checked), and the scheduled tasks seem to be far greater in number than they used to be...

**PhilliePhan** · 01-23-2008, 04:12 PM

Originally Posted by Tirhakah

Here's the log. Still includes some 'reg load points' for files that don't exist (I checked), and the scheduled tasks seem to be far greater in number than they used to be...

Yup - There is a bunch of stuff we missed. Sorry about that.

Let's do this:

-- Download the attached file CFScript.txt to your Desktop
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe

-- Let Combofix run as before and post me that log along with a fresh HJT Log.

And . . . We'll go from there

PP

**Tirhakah** · 01-24-2008, 11:22 AM

Done the scan with the dragging as shown. Actually, done it twice, since when I returned to the computer the first time it appeared to have crashed (no icons/menubar) and so I wasn't sure it had managed to complete the scan. Here are the logs:

**PhilliePhan** · 01-24-2008, 02:32 PM

Originally Posted by Tirhakah

Done the scan with the dragging as shown. Actually, done it twice, since when I returned to the computer the first time it appeared to have crashed (no icons/menubar) and so I wasn't sure it had managed to complete the scan. Here are the logs:

Looks like it made some progress!
I should apologize - it is taking me a bit longer than I thought to get back into the swing of things, malware-wise.

Anyhoo, lets try that one more time, but this time in Safe Mode.

-- I have attached a fresh CFScript.txt. Please DL a fresh ComboFix.exe and delete the older version and then do the drag and drop again with this new CFScript and post the log.

Hopefully this should do the trick!

Best Luck

PP

**Tirhakah** · 01-25-2008, 02:20 PM

Ok, here they are:
the combofix was done in safe mode, and the hjt after the computer was back in normal mode.

**PhilliePhan** · 01-25-2008, 03:35 PM

Originally Posted by Tirhakah

Ok, here they are:
the combofix was done in safe mode, and the hjt after the computer was back in normal mode.

Great! Almost done - For some reason the fix scripts are only partially taking.

Let's do this by hand:

-- Completely Uninstall Kaspersky (via Add/Remove Programs, if possible) and then DELETE this folder if it remains: C:\Program Files\Kaspersky Lab

-- Download the attached Zip. Please extract Fixit.reg to the desktop and DoubleClick on it and allow it to merge into the registry. Let me know if there are any problems with that.

-- Boot to Safe Mode with the Viewing of Hidden Files Enabled and see if you can locate C:\WINDOWS\system32\wowfx.dll
RightClick on it and Rename it to wowfx.BAD
Then, please upload it here for analysis and let me know what you find ---> http://virusscan.jotti.org/

If the above goes well, reinstall or re-enable your Resident Anti-virus program. Also, I would suggest installing Zone Alarm Firewall from my linky below as well.

Best luck

PP

**Tirhakah** · 01-29-2008, 12:39 PM

Sorry, I haven't been home for a couple of days.
Anyway, I removed kaspersky, and the online filescanner portion, but when I tried to merge fixit with the registry editor, I got an error saying "Cannot import C:\Documents and Settings\User\Desktop\Fixit.reg: The specified file is not a registry script.
You can only import binary registry files from within the registry editor."
Assuming that this stage was required, I therefore haven't done anything about wowfx.dll.

**PhilliePhan** · 01-29-2008, 04:18 PM

Originally Posted by Tirhakah

Sorry, I haven't been home for a couple of days.
Anyway, I removed kaspersky, and the online filescanner portion, but when I tried to merge fixit with the registry editor, I got an error saying "Cannot import C:\Documents and Settings\User\Desktop\Fixit.reg: The specified file is not a registry script.
You can only import binary registry files from within the registry editor."
Assuming that this stage was required, I therefore haven't done anything about wowfx.dll.

No worries!

Let's try that again - I need to get on of our admins to allow the uploading of .reg extensions so I don't need to zip them. Always causes headaches.

Anyhoo, please download the attached FIXME.txt to the Desktop.
--- You will need to change the extension to FIXME.reg and allow that change.
Then, DoubleClick on FIXME.reg and allow it to merge into the registry.
Also, please finish the rest of the previous steps concerning wowfx.dll.

And, how about a fresh ComboFix log as well, please.

Cheers

PP

**Tirhakah** · 01-31-2008, 12:27 PM

I still get the same error when trying to allow it to merge.
Also, even on safe mode with hidden files enabled, I can't find wowfx.dll
There's a wowfax.dll, though...
And the combofix log is attached:

Thread: Computer cleaned (?) but Control Panel still inaccessible

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions