TR/agent.72967 please help

CPJames19

If Malwarebytes doesnt get rid of the problem you could try get rid of it with Spyware Terminator - http://www.spywareterminator.com/

aliEnRIK

Uninstall JAVA (be sure to do this FIRST)


Open notepad and copy/paste the text in RED below

File::
c:\documents and settings\mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-259997f1-n\msvcp71.dll
c:\documents and settings\mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-259997f1-n\jmc.dll
c:\documents and settings\mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-259997f1-n\msvcr71.dll
c:\documents and settings\mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-5932947c-n\decora-sse.dll
c:\documents and settings\mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-5932947c-n\decora-d3d.dll

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

linni

OK, Thanks, I didn't know that. Why is it that it shows on Avira and am scanning for it on Malwarebytes? Should I run spywareterminator and see what that does? Edited to say will do as instructed...

aliEnRIK

linni wrote: »

OK, Thanks, I didn't know that. Why is it that it shows on Avira and am scanning for it on Malwarebytes? Should I run spywareterminator and see what that does? Edited to say will do as instructed...

'IT' is in your restore point. That basically means 'it' cant do any harm UNLESS you decide to do a system restore (Always a bad idea if the machines infected)

What im trying to do is determine how it got there in the 1st place and I use malwarebytes as a scanner/tool to help aid me (Same with combofix etc)

Also we need to make sure that the initial infection is completely gone else itll just keep re-occuring

CPJames19

linni wrote: »

OK, Thanks, I didn't know that. Why is it that it shows on Avira and am scanning for it on Malwarebytes? Should I run spywareterminator and see what that does? Edited to say will do as instructed...

Running Spyware Terminator may be easier for you do then following aliEnRIK's post. We are both trying to help sort your problem out tho so it's up2 u wot u wan2 do matey

linni

That's great because I would like to know how it got there too, because it was clear when you helped me with the last virus I had ages ago.

CPJames19

I hope you get the problem sorted out either way!

linni

Rik -I am now on ds's laptop, as it all went well until it got to the 'prepare log report' and it is stuck on the screen, it wont work with ctl alt delete even if I hold it down for a while. Do I have any choice but to turn it off and start again?

James - I appreciate your help too and am just finishing what I started with Rik. I need all the help I can get!

aliEnRIK

Turn it off

See if the updated combofix log is in C drive (Combofix.txt)
It will have the time ran on it at the top so you know if it is or not

linni

There was only about 2 lines on it so I have started it again to see what happens. The first time I ran it, it only took about 10 minutes.