03-02-2012 08:38 AM - edited 03-02-2012 09:15 AM
OK..lets get the reverse way.If combofix doesnt run even after many tries in safe mode please follow this
Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a long long hours)
Allow AVP to disinfect all infections found [delete if disinfection not possible]
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
03-02-2012 12:37 PM
just out of curiosity, is this going to take care of things? already seems better... also can i reinstall trend micro without infecting things again? just got it not that long ago.... also, any clue why my audio has dissappeared after all of this? none at all, not even standard bells and whistles...
03-02-2012 09:17 PM - edited 03-02-2012 10:04 PM
03-06-2012 03:08 PM
Back again, sorry for the delay...... heres the link...http://www.mediafire.com/?ezgp9fufpquxsk6... also I dont know what the deal with combo fix is... no matter how I use it (safe mode or not) it never finishes scanning.... just says it detects ROOTKIT... really would like to get this machine going again... works worse now than with the gremlins...
03-06-2012 09:17 PM - edited 03-06-2012 10:04 PM
Hi we have to kill whatever is alive anthen try combofix to get the infection out...
begin SetAVZGuardStatus(True); SearchRootkit(true, true); DeleteFile('C:\WINDOWS\System32\Drivers\dump_atapi
.sys'); DeleteFile('C:\WINDOWS\System32\Drivers\dump_WMILI B.SYS'); DeleteFile('C:\DOCUME~1\Bill\LOCALS~1\Temp\128.tmp '); DeleteFile('C:\Documents and Settings\Bill\Local Settings\temp\_uninst_77177826.bat'); DeleteFile('C:\Documents and Settings\All Users\Application Data\privacy.exe'); DeleteFile('C:\WINDOWS\system32\savscan.dll'); DeleteFile('\SystemRoot\system32\DRIVERS\1081806dr v.sys'); end.
All RKreport logs located on your desktop.
Delete the current combofix from desktop and download a fresh version from here
rename combofix to winlogon.exe and then try running it.
and attach the log
03-06-2012 10:46 PM - edited 03-06-2012 10:47 PM
If combofix again fails to run we will start it in special way...We will use force breach mode of combofix
Running Combofix from Run Command