Solve : Virus, Not Sure Where :-(?

1.	Solve : Virus, Not Sure Where :-(?
Answer» Re-running ComboFix to remove infections: Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open NOTEPAD and copy/paste the text in the quotebox below into it: Quote KillAll:: File:: c:\DOCUMENTS and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe C:\fgujfsee.exe Folder:: C:\Program Files\wadwupun RegNULL:: [HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}] Allowed: (Read) (RestrictedCode) Allowed: (Read) (RestrictedCode) "abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62, 63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\ "bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d, 64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a . [HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}] Allowed: (Read) (RestrictedCode) Allowed: (Read) (RestrictedCode) "iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66, 69,6a,00,00 "halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65, 61,69,63,6e,00,00 "iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c SAVE this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please post the contents of the log in your next reply. Hiya Dave Just to let you know that I decided to rebuild my pc. I have wanted to do that for a while now and the way we were struggling to solve this issue, thought now was as good a time as any. Just like to say thx for all your help and if i have any such issues again, WOULD not hesitate to ask for your help Once again Thanks PaulOk Paul. If that is your wish. I will lock this thread. If you need it re-opened, please send me a pm.

Answer»

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open NOTEPAD and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\DOCUMENTS and settings\Paul and Jane\Start Menu\Programs\Startup\fgujfsee.exe
C:\fgujfsee.exe

Folder::
C:\Program Files\wadwupun

RegNULL::
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{142CD2CF-756C-381E-759D-20FC7E2F111E}*]
Allowed: (Read) (RestrictedCode)
Allowed: (Read) (RestrictedCode)
"abehjcdkbnfajfgdfiiomepmfiljnhooln"=hex:65,62,65,68,63,65,64,6d,64,65,62,62,
63,68,6a,62,6c,63,6e,62,69,65,61,6a,67,66,6c,61,6c,63,68,62,68,65,6a,6a,66,\
"bbehjcdkbnfajfgdfihohincaleghhekpfol"=hex:61,62,64,62,64,6c,69,70,6b,6c,6e,6d,
64,66,6e,6c,6a,6c,70,6d,6f,6a,68,6b,6b,6e,6f,65,66,61,70,69,66,65,00,6a
.
[HKEY_USERS\S-1-5-21-2052111302-1614895754-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F011243-2BF9-227A-A86C-B3C19DB5E2C4}*]
Allowed: (Read) (RestrictedCode)
Allowed: (Read) (RestrictedCode)
"iabdoenbheaognkbme"=hex:6a,61,66,6d,68,6f,63,70,6e,62,6b,61,6a,66,6b,65,6a,66,
69,6a,00,00
"halndhddfkcbdame"=hex:6b,61,66,6d,63,6f,6a,6f,67,65,6a,6e,68,66,6d,61,6f,65,
61,69,63,6e,00,00
"iafcfikbniidmfemlf"=hex:63,61,64,6d,6f,6f,00,7c
SAVE this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Hiya Dave

Just to let you know that I decided to rebuild my pc.

I have wanted to do that for a while now and the way we were struggling to solve this issue, thought now was as good a time as any.

Just like to say thx for all your help and if i have any such issues again, WOULD not hesitate to ask for your help

Once again

Thanks

PaulOk Paul. If that is your wish. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : Virus, Not Sure Where :-(?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment