InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : kamsoft.exe? |
|
Answer» Hi, I ran the scans, and they appear to have found and removed it. I've attached the log files for checking.Well, MBAM found the infection, but it wasn't removed (the log says "No action taken"). You should try running the scan again, but this time, make sure the infection is deleted. Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. For Windows XP Systems install the Recovery Console: - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes. - If for some reason your Internet is not working click No. - If you are not using Windows XP, you will not be prompted. - When prompted to accept the EULA click OK. - Accept Microsoft's EULA (Click Yes). - When you are told that the RC is installed correctly click YES to continue scanning for malware. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.I ran the MBAM can again, and it came up clean. I've attached the log. I ran ComboFix, and the log is attached, plus a new HT log. Thanks Nick [attachment deleted by admin]Sorry for the delay. As you can imagine, the holidays have been quite busy! Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: c:\windows\system32\vbsdfe1.dll c:\windows\system32\vbsdfe0.dll 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply along with a new HijackThis log. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze How are things running now?I've attached the latest log files for this one. McAfee displayed an infected file warning again yesterday, unfortunately I didn't get chance to make a note of the infected file. I'll see how it runs now. Cheers Nick [attachment deleted by admin]Well, your logs are looking better. However, I forgot to ask if you recognize these entries at all... O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HQ.AUTOCAB.COM O17 - HKLM\Software\..\Telephony: DomainName = HQ.AUTOCAB.COM O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HQ.AUTOCAB.COM Does HQ.AUTOCAB.COM sound familiar? Because McAfee is alerting you of an infected file, try scanning with McAfee and see what it picks up. It could have simply been a rogue internet file, but it doesn't hurt to look.The hq.autocab.com entries are fine, I am aware of them. McAfee came up with another warning today. It said the file was Generic PWS.ak, and the location was in the System Restore files. I turned off system restore, then REBOOTED. I'll run a scan with McAfee to see if it finds anything. Thanks for your help NickOkay, I had a feeling it might be the System Restore files and what you did is exactly what I would've instructed. That clears out the files, so the warning should stop appearing. Just make sure you turn System Restore back on and create a new restore point.Thanks for the advice. It seems OK now. I'll let you know if it throws up anymore virus warnings NickSounds like a plan. |
|