I would advise against using your system for online banking until we have made progress. OK continue as follows:
Step 1Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-
Link 1Link 2- Ensure that Combofix is saved directly to the Desktop <--- Very important
Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
Do not run CF yet.
Step 2
Please download Rkill and save to your Desktop.
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use Link 1 from the following list and so on in sequencial order until one runs successfully.
Link 1
Link 2
Link 3
Link 4
Link 5
Link 6
- A log pops up at the end of the run. This log file is also located at C:\rkill.log. Please post this log in your reply.
- If you get an alert from your own Security Program, accept it and allow Rkill to run, it is very safe and will not harm your system.
- If the tool does not run from any of the links provided, please let me know.
Step 3
If you run RKill successfully continue with Combofix as follows:
- Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
- Close any open browsers and any other programs you might have running
- Double click the
icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
- Instructions for running Combofix available Here if required.
- If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
- When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read
Here why disabling autoruns is recommended.
*EXTRA NOTES*
- If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
- If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
- If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
Post the log in next reply please...
Kevin
