Start >> Run
%UserProfile%\desktop
Enter
Sorry about this i must be really annoying but if I do that it'll just bring up the desktop in a window won't it?
Rename the Combofix-in iexplore.exe.
Note,The display extension ComboFix.exe be called iexplore.exe(is wrong iexplore.exe.exe) .
I also don't get that part
(ain't been asleep yet, been wanting to get rid of the virus first, thats my excuse for the noob questions tho)
Edit: after doing that patch thing on secunia, it isn't coming up on normal no more and I can now run Malwarebytes in normal mode so I did a scan on mbam and it's found 1 infected object, however according to bleep computers it should find 4
but it isn't system tools, what it found was Spyware.Zbot
log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5812
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
19/02/2011 20:01:46
mbam-log-2011-02-19 (20-01-46).txt
Scan type: Quick scan
Objects scanned: 165851
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Admin\AppData\Local\Temp\jar_cache2978039640436424214.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
So the question is.. is it still on my system hiding (must be? wasn't removed) or am I missing something
- currently doing a full scan with mbam, should I do a scan with avast aswell and see if that brings something up? Because I couldn't do one last time cos pc kept restarting every 35 minutes, which wasn't long enough to complete the scan
Full scan
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5812
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
19/02/2011 21:35:53
mbam-log-2011-02-19 (21-35-53).txt
Scan type: Full scan (C:\|S:\|)
Objects scanned: 426566
Time elapsed: 1 hour(s), 18 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\bdamdbk09000\bdamdbk09000.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
If they're in the quarantine does that mean they could still cause problems or is it like on avast where they can't be run and no damage can be done? Is it best to keep in there or delete permanently? or is both just as each other? Still love to know where System Tools is
