combofix wont run properly

Discussion in 'Malware Help (A Specialist Will Reply)' started by indigolite, Jul 6, 2008.

  1. indigolite

    indigolite Private E-2

    HI..... I have followed all of the steps for the malware removal. the first scan (superantispyware) found only 7 cookies and everything else was clean. Windows stated that Combofix had an unknown publisher and i scaned it with norton 360 which found nothing. Combofix states windows xp cant open pv.cfexe and then want to find a program to open it and cant.... First it opened up shell.windows.com file association/0409/xml/redr.asp?ext=cfexe. While i was working with combofis spyware dr found trojan pws-bancos and stopped it. Then a blue box screen comes up with a dark rectangle with ca in the upper left hand corner with cursor. I did delete combofix and redownloaded it again from the forum with same results. Please advise. Thanks So Much for Your help. :wave
     
    indigolite, Jul 6, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please read the instructions in the READ & RUN ME under the Running ComboFix link. We explained that antivirus program may get in the way and they need to be shutdown. Also if you want to run the program, you have to allow it to run. Your antivirus program is blocking you from running the program so you need to override it. MGtools.exe has an unknown publisher too.

    Why are you running the READ & RUN ME anyway? What malware problems are you having?
     
    chaslang, Jul 6, 2008
    #2
  3. indigolite

    indigolite Private E-2

    HI HI HI.......
    I have been having a few problems since I used system restore.... a couple of months ago... a few trojans had been found. I was getting system errors on system mechanic, drive scrubber, norton 360 would say it wasnt responding while running a scan.. i was recieving error messages that said private info was being stolen.....programs were showing up that had long been deleted, and notepad showed up with eight kinds of error message on desktop in the last week or so. I can include one of the notepads if you would like. It takes 5 minutes to connect to the internet... it has been running very slow... spyware dr is now showing a generic trojan. I ran the malware removal read and run. and am attaching the scans. Mgtools could not run a part of it because i did not have .net framework. so i have downloaded it. I hope i have include the correct attachments. Please advise. Thank so much.:wave
     

    Attached Files:

    indigolite, Jul 8, 2008
    #3
  4. indigolite

    indigolite Private E-2

    Part 2

    I think that is all of the logs. Thanks so much for your help. :wave
     

    Attached Files:

    indigolite, Jul 8, 2008
    #4
  5. indigolite

    indigolite Private E-2


    It looks like the original post with attachments didnt go thru so i will re attach.
    It is taking 5 minutes to connect to the internet... various access violations with system mechanic and drive scrubber. home page being changed... us.ard.yaho... spyware dr has found a generic trogan.. messages of private information being accessed.... 8 notepad message errors in desktop in the last week. norton 360 doesnt run properly.. it scans with message not responding in the tool bar.... various other messages.
    I hope i got all of the files.
    Thanks so much.. :wave
     

    Attached Files:

    indigolite, Jul 8, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I have not looked thru your logs in detail yet, but at least some of your problems may not be due to having malware. Having too many protection programs installed can be just as bad as have none installed. You fall into the too many category and they are probably conflicting with each other and causing you problems.

    You have the below installed (I'm not including anything from running the READ & RUN ME since they are not realtime protection):
    • Is Spyware Doctor a paid version of free trial?
    • Why do you have both Spyware Doctor and CA Yahoo Anti-spy?
    • Does your version of System Mechanic also include their firewall? What about their antivirus? Is it a paid version or trial version?
    • Why do you need both SpamSubtract and Norton's AntiSpam?
     
    Last edited: Jul 8, 2008
    chaslang, Jul 8, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs do not show any malware problems but I do suggest that you answer my questions from the last message and also that you delete the below files:

    C:\WINDOWS\Temp\cc12.tmp
    C:\WINDOWS\Temp\cc13.tmp
    C:\WINDOWS\Temp\cc4.tmp
    C:\WINDOWS\Temp\cc5.tmp
    C:\WINDOWS\Temp\cc6.tmp
    C:\Documents and Settings\Owner\Local Settings\Temp\1D.tmp
     
    chaslang, Jul 8, 2008
    #7
  8. indigolite

    indigolite Private E-2

    HI.... Hi... Hi...

    I tried to find these files and havent been able to.. I have run search and looked thru file folders... any suggestions... Thanks :wave
     
    indigolite, Jul 9, 2008
    #8
  9. indigolite

    indigolite Private E-2

    I run the Norton 360, System Mechanic, and Drive Scrubber. i only run the CA Yahoo Anti-spy in the browser window. I dont run the norton parental control..

    Thanks you....:wave
     
    indigolite, Jul 9, 2008
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are missing the point of my questions and did not answer about Spyware Doctor and SpamSubtract.

    You have both Spyware Doctor and Yahoo Antispyware running and they will affect your performance.

    Norton Parental Controls is still installed. Whether it is actually running or not I cannot say but it is included as part of this software and may be hooked in.

    If Norton 360 is not running properly (as you stated earlier), perhaps you should just uninstall it and also run the below to make sure it is uninstalled since it rarely uninstalls correctly.

    Norton Removal Tool (SymNRT)

    After running the removal tool, reboot and run it again. Then check to see if you are still having problems connecting to the internet while Norton 360 is not installed.


    Are you sure that System Mechanic is not doing any form of protection and that it does not include a firewall.

    As far as the tmp files are concerned, they may have been removed after your last reboot.
     
    Last edited: Jul 9, 2008
    chaslang, Jul 9, 2008
    #10
  11. indigolite

    indigolite Private E-2

    Thank You..

    What did the scans show. I wasn't able to complete MGtools due to not having .net framework on windows.
    Thanks for your time....:wave
     
    indigolite, Jul 10, 2008
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In message # 7 I said:
    ComboFix was the only scan that removed some misc unknow tmp.DLL files. No other active malware was seen.

    You should uninstall the Spyware Doctor trial and also Spam Subtract.

    If you problems with System Mechanic & Norton 360 continue, you should uninstall them reboot, and then reinstall them (only one at a time to make sure each work properly). Any further discussion about problems with them should be posted in the Software Forum.
     
    chaslang, Jul 10, 2008
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds