Author Topic: repetitive Win32 virus popup  (Read 9190 times)

0 Members and 1 Guest are viewing this topic.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: repetitive Win32 virus popup
« Reply #15 on: August 02, 2012, 07:34:28 PM »
Have you read the guide?
Wait a wile longer ... if it still does not eject CF log, restart the computer, delete old Combofix, download fresh one, turn off your Antivirus and re-run Combofix again.
While Combofix running, dont touch the computer.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: repetitive Win32 virus popup
« Reply #16 on: August 02, 2012, 07:36:59 PM »
...text in the box has disappeared, what should i do?

Aha, seek CF log here:

If is not there, re-run it as i said above.


  • Guest
Re: repetitive Win32 virus popup
« Reply #17 on: August 02, 2012, 07:49:15 PM »
Ok Combofix completed :D and here are the logs
« Last Edit: August 02, 2012, 08:41:27 PM by Jamie711 »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: repetitive Win32 virus popup
« Reply #18 on: August 02, 2012, 10:02:05 PM »
Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

Code: [Select]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

c:\program files (x86)\




uStart Page = hxxp://


FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\fqzslzie.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://

@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
@Denied: (A 2) (Everyone)
@Denied: (Full) (Everyone)

  • Save this as CFScript.txt, in the same location as ComboFix.exe ( on Desktop )

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
Attach here Combofix.txt


  • Guest
Re: repetitive Win32 virus popup
« Reply #19 on: August 02, 2012, 11:46:59 PM »
here is that log :)

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: repetitive Win32 virus popup
« Reply #20 on: August 03, 2012, 12:03:36 AM »

It is necessary to uninstall the ComboFix :
  • Click Start (or ) then Run.

    On Windows7 or Vista you may use Start Search field if Run is not available.

  • In the line of text type in (Copy) the following:
Code: [Select]
ComboFix /Uninstall
    Note that there is a space between " ComboFix " and " /Uninstall " .

    • then click OK (or press Enter ).
    Wait for the uninstall process is complete.

    >> How's your computer behaving now ?


    • Guest
    Re: repetitive Win32 virus popup
    « Reply #21 on: August 03, 2012, 12:11:41 AM »
    My computer seems to be running smoothly, any programs or actions I need to take to double check?

    Offline magna86

    • Anti Malware Fighter
    • Avast Evangelist
    • Massive Poster
    • ***
    • Posts: 4235
      • Ambulanta MyCity Forum - ASAP Member
    Re: repetitive Win32 virus popup
    « Reply #22 on: August 03, 2012, 12:41:53 AM »
    My computer seems to be running smoothly, any programs or actions I need to take to double check?

    No, no needs ;)

    Re-run OTL and click on CleanUp!


    • Guest
    Re: repetitive Win32 virus popup
    « Reply #23 on: August 03, 2012, 01:09:15 AM »
    ok thanks for all your help :D