chiaz

Your PC should be clean now. Congratulations! It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Let me know if you have any other questions or problems. Otherwise I think we are all done here. :)

Hey Nicky and Steve, Let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply. ======== You can certainly do so.

Hi steve and Nicky, That is what we call a BSOD (Blue Screen of Death). But is it a one-off thing, or does it now appear on every boot-up? You can follow the instructions in my previous post with no problems though. But heed Randy's instructions to back up all important data first.

Hi RichReeve, I am disabling the live links in your thread in case memepasmal.net is really a bad site. This will prevent guests or members from clicking on it accidentally. For now, please download and install HijackThis: HijackThis - Trend Micro USA 1) Click the button labeled Do a system scan and save a logfile. 2) HijackThis V2 will quickly scan your system, and then open two new windows. The results of the HijackThis V2 scan, and hijackthis.log in Notepad. Save hijackthis.log. By default it will be saved to C:\HijackThis, or you can chose “Save As…”, and save to another location. 3) Post this log in your reply here. Note: HijackThis is an advanced tool meant for experienced and trained personnel. Not all the entries listed are malicious in nature. Do not remove any entries yourself.

You can keep one and delete the other icon. In your HJT log, there was a link to virusermoverpro.com. If guests are careless enough to click on the link, they may get infected. So I edited out the link. It wasn't your fault though. And it's nothing to be really concerned about, I was just informing you. :) ================================ Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: File:: c:\documents and settings\All Users.WINDOWS.0\SPL1A4.tmp c:\documents and settings\All Users.WINDOWS.0\SPL18.tmp c:\documents and settings\All Users.WINDOWS.0\SPL16.tmp Dirlook:: c:\program files\Legjendat c:\documents and settings\All Users.WINDOWS.0\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

Download: CCleaner (freeware) |MG| CCleaner Slim 2.23.999 Download Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar). Once installed, run CCleaner click the Windows [tab] The following should be selected by default, if not, please select: http://i210.photobucket.com/albums/bb164/jedi_030/CCleanerA.png Next: click Options click the Settings tab Uncheck: "Only delete files older than 48 hrs.", click Ok Then click Run Cleaner (bottom right) then Exit I'm grabbing at straws here, but let's give this a try anyway. Press Ctrl + Alt + Delete to summon up Task Manager. Go to the "Processes" tab. End this: vortex.scr If this doesn't work, I'm out of ideas. Let's see if others have more to add.

Give MBAM an update, as well as a quick scan again. Then reboot your PC and run ComboFix. Take all the time you need, we're always here. :)

Run HijackThis by navigating to and double-clicking on: C:\Program Files\trend micro\TARDIS.exe Click "Do a System Scan only". Now place a tick by the following entries: O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dumps_startup O4 - Global Startup: Update Agent.lnk = ? Special Note: Please note that the above 2 entries are not malware-related! If this does not fix the "form 1" issue, they can be restored later through the backups that HijackThis automatically creates. Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer. Now as a final confirmation of any possible presence of malware, can I have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply, as well as let me know whether you still experience the same problem.

Hi mr_banana_pants, I do have some guesses on where this "Form 1" is coming from, but maybe you would like to address Randy's concerns above first.

Hey nicky, I disabled the live link in your HJT log to virusermoverpro.com. This is a rogue site promoting malware. ==================== OK, first let's have you run HijackThis and place a tick by the following entries: O1 - Hosts: 91.206.201.8 virusermoverpro.microsoft.com O1 - Hosts: 91.206.201.8 virusermoverpro.com O1 - Hosts: 91.206.201.8 http: // http://www.virusermoverpro.com Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer. ==================== Next download Malwarebytes' Anti-Malware by clicking the link below: |MG| Malwarebytes Anti-Malware 1.41 Download Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ==================== Finally download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

No problem danzil, we can certainly learn from each other.

Hi Danzil, As far as I know SmitfraudFix has not been updated for close to 3 months. According to the changelog, the last update was on June 24, 2009. Not entirely true. Yes, all these programs belong to the same Smitfraud/Zlob family, and exhibit similar symptoms on an infected PC. But these malware creators constantly come up with new methods to avoid detection and removal. The infection changes and updates itself frequently. And this is a big reason why this particular infection is now affecting so much of the Internet population. Most of us now suggest MalwareBytes Anti-Malware as an alternative to remove Smitfraud/Zlob. It has been shown to be effective in dealing with most . However ultimately we are always one step behind the malware developers. In fact currently I'm manually dealing with a fresh one on another forum, MBAM is unable to catch it yet. Just my 2 cents....

Just delete this: C:\Users\Pel\Documents\Pel\fatcockney\Documents\Pe ls Personal Folder\DivXBundle.exe And your PC should be clean of malware.

Hello Danzil, Glad to hear SmitfraudFix worked for you but to be honest, it is not really up-to-date and may not catch all the new infections out there. I would suggest any members who have unfortunately gotten infected by FB infections to start a new thread here: Malware Infection Removal - Computer Support Forums - FreePCHelp.co.uk Only then will you be able to truly ensure that your PC has been rid of malware and no remnants remain. :)

Hello Jackhelp. :) Let's start by downloading and running HijackThis! (HJT) from Trend Micro. http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe Save the file to a folder of its own such as C:\HJT. Click on Run Scanner and Save a Log File. When it has finished, a text file will have been saved, copy and paste the entire log back into your thread. Note: Not all the items detected in HijackThis are malicious! Do not attempt to fix anything yourself with HijackThis!

Hey Fatcockney, After you have tried what Tootech posted above (and if it did not work), let's give your PC a checkup for any possible malware that is lurking in your system. Go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

Hello mr_banana_pants, I haven't heard of something like this happening to Avast or Outpost users. I'm thinking that this could be due to malware. ==== Please download Random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) I will review the two logs when they come in.

Hi Paul, Besides what Maynard requested, it would also be good if you can provide a screenshot of those pop-ups. They may be legitimate warnings from your resident security products, but may also be generated by malware that display fake security alerts to convince you that your computer is seriously infected. Here's how to capture a screenshot: Capture a Screen Shot of your Desktop or the Active Window in Windows Let us know if you need more information.