Author Topic: virus help (Read 14329 times)

Tarq57 · « **Reply #15 on:** February 19, 2011, 09:11:20 AM »

Is combofix asking you to disable the AV?

Alpha32 · « **Reply #16 on:** February 19, 2011, 09:17:38 AM »

Quote from: Tarq57 on February 19, 2011, 09:11:20 AM

Is combofix asking you to disable the AV?

Isn't asking but it gives a warning

ComboFix has detected the following real time scanner(s) to be active:

antivirus: avast! Antivirus
antispyware: avast! Antivirus

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'

-------

I did what you said to disable it but after clicking ok it still says it's running and continuing with avast running is at my own risk

Tarq57 · « **Reply #17 on:** February 19, 2011, 09:30:33 AM »

I don't know, I'd be inclined to do as combofix suggests, and re-enable them after the scan.

Alpha32 · « **Reply #18 on:** February 19, 2011, 09:33:11 AM »

Yeah but even if I select disable permanently ComboFix still says avast is still running, which is where I get the 'continuing with avast running is at your own risk' warning

argus · « **Reply #19 on:** February 19, 2011, 11:29:52 AM »

Alpha32 · « **Reply #20 on:** February 19, 2011, 04:45:53 PM »

Did that but still getting the warning from ComboFix

DavidR · « **Reply #21 on:** February 19, 2011, 04:51:14 PM »

The background service will still be running but there are no shields running, just continue with the combofix scan.

Alpha32 · « **Reply #22 on:** February 19, 2011, 04:54:39 PM »

Quote from: DavidR on February 19, 2011, 04:51:14 PM

The background service will still be running but there are no shields running, just continue with the combofix scan.

Ok,

I ran ComboFix, it asked to update then when it restarted after the update it returned with:

Windows cannot find 'ComboFix'. Make sure you typed in the name correctly, and then try again.

I don't seem to have much luck when it comes to these

Edit: Re-ran ComboFix, didn't get the error but it says access denied because ComboFix needs administrator rights in order to do the selected tasks
------

I have admin rights tho

------

Should I just follow the steps on here?: http://www.bleepingcomputer.com/virus-removal/remove-system-tool

since thats what I have

DavidR · « **Reply #23 on:** February 19, 2011, 05:36:05 PM »

I don't know if that will work as you have already tried to download rkill but were unable to and that is one of the steps in the bleeping computes instructions.

What if you download combofix again not just update it, which failed. The combofix tool is constantly updated so if you had an old copy on your system it would be out of date and I don't know how it performs the update.

Alpha32 · « **Reply #24 on:** February 19, 2011, 05:44:34 PM »

Quote from: DavidR on February 19, 2011, 05:36:05 PM

I don't know if that will work as you have already tried to download rkill but were unable to and that is one of the steps in the bleeping computes instructions.

I was able to download it but wasn't able to run it because system tools was stopping it from running, but i'm in safe mode at the moment, which is also one of the steps from bleeping computers

Edit: Was just reading over the steps that bleeping computers has and saw this:

This infection changes your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software. Regardless of the web browser you use

But I can still use Firefox with no problems in safe mode and normal, so if I did do that guide would it be best just to miss the steps for that? (won't do the steps on bleeping computers until instructed to do so)

Also if System Tools came through Java, does that mean Java is infected too? or did it just use an exploit/back door to install on my computer? Because I would like to go on mibbit (irc java client) to let people know what's going on

DavidR · « **Reply #25 on:** February 19, 2011, 06:39:53 PM »

I would still check that the firefox settings are correct.

I don't think that it is confirmed where it came through, JAVA or not.

The one thing with JAVA is to ensure that it is fully up to date or old vulnerabilities can be exploited. The latest version is 6.0.24, which was only recently updated.

- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

Alpha32 · « **Reply #26 on:** February 19, 2011, 06:49:20 PM »

Thanks, currently running a thorough scan, just so I know everything is secured, currently found 5 and patched 5, Java was one of them.

I'll also see if Firefox is using the correct settings. Would you recommend doing the steps bleeping computers suggests? or should I wait for someone who is more experianced in this?

argus · « **Reply #27 on:** February 19, 2011, 06:55:34 PM »

like this

Right click

Alpha32 · « **Reply #28 on:** February 19, 2011, 06:57:25 PM »

Yeah, I did that when it gave me the access denied message, but it just gave me the exact same thing

argus · « **Reply #29 on:** February 19, 2011, 07:08:41 PM »

Run Combofix in Safe Mode

No safe mode with metworking

Author Topic: virus help (Read 14329 times)

Tarq57

Re: virus help

Alpha32

Re: virus help

Tarq57

Re: virus help

Alpha32

Re: virus help

argus

Re: virus help

Alpha32

Re: virus help

DavidR

Re: virus help

Alpha32

Re: virus help

DavidR

Re: virus help

Alpha32

Re: virus help

DavidR

Re: virus help

Alpha32

Re: virus help

argus

Re: virus help

Alpha32

Re: virus help

argus

Re: virus help