Infected cmd.exe file

Welcome to Major Geeks!

We need the logs from MGtools and ComboFix. What problems are you having running them? It is quite possible that you have a Virut infection. If you do the you will be reinstalling from scratch and no backups of any executable type files can be made as they would be infected.

Shutdown Spybot's Teatimer, see this: How to disable Spybot's TeaTimer

And then do the below.


Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

Run HijackThis (Note: if using Vista, use right click and select Run As Administrator). (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: santa.bat
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.


Now Reboot your PC.


Can you run ComboFix and MGtools now? If not in normal boot mode, how about in safe boot mode.