We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Sirefef trojan problem
Comments
-
OK I'll do that tomorrow. Enjoy whatever it is you have planned (or if it's not something that's naturally enjoyable, grit your teeth and get through it somehow).
Signing off now, I'm hoping that an hour with Simon Reeve and the Indian Ocean (BBC2) will help me wind down. Thank you very much everyone, after I've run aswMBR tomorrow I'll start a new thread with the log file.If you can't think of anything nice to write, say nothing. Rudeness isn't clever.0 -
As I said I'll be offline tomorrow so I'll just point out one thing that might muddy the waters with aswMBR. From the combofix log:
http://www.bleepingcomputer.com/startups/sptd.sys-13477.htmlS0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
You may see an unknown module called.
This would be the sptd driver, which aswMBR may report as being locked. Something similar to this:>>UNKNOWN [0x*random_hex*]<<
http://forum.avast.com/index.php?topic=92520.msg736622#msg736622
That's perfectly fine.12:07:22.734 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:07:23.421 Modules scanning
12:08:15.921 Disk 0 trace - called modules:
12:08:15.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898eb938]<<
12:08:15.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d82ab8]
12:08:16.000 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007e[0x89dec030]
12:08:16.000 5 ACPI.sys[b9e41620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-e[0x89d85940]
12:08:16.015 \Driver\atapi[0x89d86408] -> IRP_MJ_CREATE -> 0x898eb9380 -
One last thing, you must uninstall combofix when finished. When you're happy everything is running correctly.
Open a Run command box. (Start > Run or Windows key + R on your keyboard) and copy/paste this command in:
ComboFix /uninstall
Note the space between ComboFix and /uninstall , it needs to be there.
Click OK
let combofix uninstall itself.0 -
Combofix is resolutely refusing to uninstall, despite following these instructions and looking at the screenshots on bleepingcomputer.com to make sure I've not misunderstood things. I get a message telling me it's out of date (which it is, by a few days) so I opt to proceed in some sort of restricted mode (I forget the exact wording) and when it finishes the exe file and lots of other combofix stuff is still there.
As I've decided to go the recovery/restore route (I think it's clean now, I just don't trust it) will it matter if I can't get combofix to uninstall?If you can't think of anything nice to write, say nothing. Rudeness isn't clever.0 -
Combofix is resolutely refusing to uninstall, despite following these instructions and looking at the screenshots on bleepingcomputer.com to make sure I've not misunderstood things. I get a message telling me it's out of date (which it is, by a few days) so I opt to proceed in some sort of restricted mode (I forget the exact wording) and when it finishes the exe file and lots of other combofix stuff is still there.
As I've decided to go the recovery/restore route (I think it's clean now, I just don't trust it) will it matter if I can't get combofix to uninstall?
If you're doing a factory restore in most cases it doesn't matter what's on the hard disk as it will be wiped.How do I add a signature?0 -
that's what I thought but glad to have confirmationIf you can't think of anything nice to write, say nothing. Rudeness isn't clever.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.5K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.5K Work, Benefits & Business
- 598.2K Mortgages, Homes & Bills
- 176.7K Life & Family
- 256.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards