Hi thatscheesy,
It's time for CFScript. We will now use CF's CFScript to target the malware itself.
Open notepad and copy/paste the text present inside the code box below:
KillAll::
FCopy::
c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe|c:\windows\explorer.exe
Save this as
CFScript.txt Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\
ComboFix.txt )
--- --- --- --- --- ---
When CF finish the fixing, malware will be disinfected. I would like to preform the additional check using FRST tool just in case ...
Please download
Farbar Recovery Scan Tool (
) by
Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version. - Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Once again we shall use FRST for additional checks. Re-run
FRST/FRST64 by double-clicking:
- Type explorer.exe into the Search: field in FRST then click the Search File(s) button.
- FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
- Please attach it to your reply.