We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Trojan Possibly Crashing Avira?
Comments
-
:j I have fixed the hotkey entries and successfully run a Dr. Web express scan with NO turning off incidents!! :j It found the EICAR test file but nothing else: will run the complete scan now ...Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
After a marathon five hour complete scan, Dr. Web has found two EICAR test files and two adware.coupons.34 but it seems to think they are all incurable. Shall I try Combofix again?Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
If theyre incurable then it should give the option of 'moving' (Quarantining them)
Either way, sure, give combofix another try:idea:0 -
XxxxxxxxxxxxxxxxxxxxDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
XxxxxxxxxxxxxxxxxxxxxxDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
:beer: Thank you very much aliEnRIK, I am chuffed to bits that you have got my lappy so far.Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
Your definitely still infected
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\RMActivate_isv.exe
c:\windows\system32\RMActivate.exe
c:\windows\system32\secproc_isv.dll
c:\windows\system32\secproc_ssp_isv.dll
c:\windows\system32\secproc_ssp.dll
c:\windows\system32\secproc.dll
c:\windows\system32\msdrm.dll
c:\windows\system32\RMActivate_ssp_isv.exe
c:\windows\system32\RMActivate_ssp.exe
c:\programdata\SPL929D.tmp
c:\programdata\SPL11FA.tmp
c:\programdata\SPL7A2E.tmp
c:\programdata\SPL3DD1.tmp
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
:idea:0 -
XxxxxxxxxxxxxxxxxDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
XxxxxxxxxxxxDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
Intriguing.
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
manually find and delete these (If possible)
c:\windows\system32\secproc_isv.dll
c:\windows\system32\secproc_ssp_isv.dll
c:\windows\system32\secproc_ssp.dll
c:\windows\system32\secproc.dll
c:\windows\System32\drivers\pavboot.sys
c:\windows\System32\drivers\nnrnstdi.sys:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.4K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604.1K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards