Spoof Paypal e.mail. Am I infected??

aliEnRIK

Whats this 'Birdstep Technology' all about?

Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.



then run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates

Tatty_

Birdstep technology is to do with the 3 connect software, I access the internet through a dongle.

I didn't save the Combofix to my desktop. Can I not just run it again from my downloads folder? Does it not look right or have I done something wrong? Why have I got to run it again?

aliEnRIK

Because this file needs removing ~
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf

aliEnRIK

Scratch the above. (leave it for now)

Im not 100% on what the file is

Tatty_

Ooooo I had already tried to do it but it wouldn't let me. It said CFScript appeared to be incorrectly spelt. Just as well then :-)

Should I run Kapersky or leave things as they are?

k

aliEnRIK

Id run kaspersky as a precaution personally (Though im still thinking that file is dodgy whatever the outcome)

Tatty_

Which file? The original google file that I blocked?

Ok, I'll run Kaspersky

k

aliEnRIK

I ment the one you nearly removed ~

"Because this file needs removing ~
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf"