Hi, I was gone to holidays and this pc was used by my friends.HE had installed all types of RATS,keyloggers and crypter etc etc. The bitdefender,hijack this and iseeyouxp logs are attached. iseeyouxp.txt hijacthis.txt
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, ComboFix will produce a log.
Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe
Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt
I will ask for this log below
Note:DO NOT mouseclick combofix's window while it is running. That may cause it to stall.
The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
Now use your mouse to drag CFscript.txt on top of ComboFix.exe
Follow the prompts.
When it finishes, a log will be produced named c:\combofix.txt
I will ask for this log below
Note:DO NOT mouseclick combofix's window while it is running. That may cause it to stall.
The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.
Unless you are having problems from Malware it is time to do the final steps.
If I had you use ComboFix, Uninstall ComboFix:
Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
AvoidTDSS /u or combofix /u(Which command depends on whether or not I had you rename ComboFix) Note: The space before /u, must be there. This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
Delete everything in C:\!KillBox
Delete the following from your Desktop: (If they exist) Avenger.exe Avenger.zip Combofix.exe AvoidTDSS.exe ISeeYouXP.exe ISeeYouXP.txt DisableAutoRuns.reg FixMe.reg FixReg.reg Any Registry patch I had you use
Delete the following files: (If they exist) C:\Avenger.txt C:\ComboFix.txt
Delete the following folders: (If they exist) C:\Avenger C:\SDFix C:\Qoobox
You can delete and unistall any programs I had you download, that you do not wish to keep on the system.
Run Windows Update and update your Windows Operating System.
Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.
Empty the Recycle Bin
Run ATF Cleaner
In the ISeeYouXP folder double-click HideIT.bat.
Turn off System restore to flush all your restore points then turn system restore back on.
To manually turn off System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK. 4 Click Yes when you receive the prompt to the turn off System Restore.
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties. 2. Click the System Restore tab. 3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
All products mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners.
This site is powered by e107, which is released under the terms of the GNU GPL License. Internet X theme by Flash
