View Single Post

**ceewi1** · 11-17-2008, 11:32 AM

You appear to have a flash drive infection, among other things. This may have infected any other machines that the flash drive was plugged into, so I suggest you check those as well.

Please plug any flash drives you have into your computer.

Please set Windows to show hidden files:

From any folder, select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please navigate to each flash drive and look for a folder named Recycler. If found, see if it contains a file called UcHelp.exe. If so, delete that file and any others within the Recycler folder.

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
c:\program files\Common Files\adydu.pif
c:\program files\Common Files\ypoky.dat
c:\windows\qenuwodi.db
c:\program files\Common Files\upomado.vbs

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6c001de0-b269-11dd-8e7b-000d56389311}]

Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please post

The ComboFix log
A new HijackThis log
A new log with Malwarebytes' Antimalware
An update on how your system is running now

11-17-2008, 11:32 AM	#2 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	You appear to have a flash drive infection, among other things. This may have infected any other machines that the flash drive was plugged into, so I suggest you check those as well. Please plug any flash drives you have into your computer. Please set Windows to show hidden files: From any folder, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please navigate to each flash drive and look for a folder named Recycler. If found, see if it contains a file called UcHelp.exe. If so, delete that file and any others within the Recycler folder. Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: Code: File:: c:\program files\Common Files\adydu.pif c:\program files\Common Files\ypoky.dat c:\windows\qenuwodi.db c:\program files\Common Files\upomado.vbs Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6c001de0-b269-11dd-8e7b-000d56389311}] Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. CAUTION: Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. Please post The ComboFix log A new HijackThis log A new log with Malwarebytes' Antimalware An update on how your system is running now __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides