We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help needed to remove Trojan horse patched_c.LYU

Options
2456

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    What happens exactly when you double click combofix.exe?
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    A combo fix box opens and a black dos screen in it and a green bar showing progress (within the dos screen its deleting and extracting files) I have just tried rerunning it and now I have a message saying there is a new version available and I didnt get that before (should I say yes or no?)
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Go ahead & Say Yes
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    I've clicked yes, and then the green bar gets to the end and then nothing happens. The combofix box closes and no blue box appears as stated in intructions
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Delete the copy of combofix you have & download it again
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    3rd time lucky - blue box now appeared! I'll post log once completed
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Good. It may not perform exactly as the tutorial, as every infection is different, but it will be very similar.
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    SO it ran as stated in the instructions, but then the computer automatically rebooted itself before it showed the log file. I have found the log file after reboot and is as follows:


    ComboFix 12-07-01.01 - SAMSUNG 01/07/2012 10:37:53.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.2037.1118 [GMT 1:00]
    Running from: C:\Users\SAMSUNG\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    The log seems quite different to those on the examples so I hope I've done it cirrectly. Definitely turned off AVG prior to running combofix, but presumably has turned itself on after reboot.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    The log will have popped up itself after the reboot. It looks like you've accessed it early before all the information was wrote to it.

    Look again at the root of your C:\ drive for combofix.txt and see if it differs now.

    Also look in the folder C:\Qoobox for ComboFix-quarantined-files.txt and post the contents of that.
  • kellyp
    kellyp Posts: 182 Forumite
    Part of the Furniture 100 Posts Name Dropper
    The combfix file still reads the same. In qoobox i can only find a catchme.txt file which appears to have an error:
    2012-07-01 - 10:33:57
    error: 31
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.6K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture