Need help please(I may have a virus/adware)

MBGraphics · 09-23-2008, 01:04 AM

Thats fine Respital

I'll get whatever help I can get whenever I can get it. My computer is at least in working condition now

**Buzz1927** · 09-23-2008, 04:13 AM

Boot into safemode and delete all the files Kaspersky found.

The Malwarebytes link is down at the minute..

nobbly niblets · 09-23-2008, 07:21 AM

A CF script will be able to clean out 99% of the files Kespersky found.
The problem is there is a rootkit present which could protect or repopulate an infection.
Some of the infections found already have been fixed with ComboFix and HJT, and are quarantined or in a back-up folder.

Here's the CF Script I came up with.

Quote:

File::

C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-we dont give ****.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download \Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Local Settings\Temporary Internet Files\Content.IE5\BW1UOR46\x12c[1].htm
C:\Documents and Settings\chevy\Local Settings\Temporary Internet Files\Content.IE5\BW1UOR46\x7b[1].xml
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\WINDOWS\SYSTEM32\mC02\mC022328.exe
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3

If the H drive is an external device that will need to be connected while the script runs.

**mep916** · 09-23-2008, 07:27 AM

Quote:

Originally Posted by cohen

Pls create your own thread in the same section.

Let Buzz handle it, Cohen.

**ceewi1** · 09-23-2008, 11:57 AM

As some of you have noticed, my activity here has been limited recently and is likely to stay that way for the foreseeable future. It's rather sad to see what's happening with these threads, though.

I notice you have the Freeze.com Toolbar installed. This is considered by many to be adware. See http://www.emsisoft.com/en/malware/?...ze.com+Toolbar for more information. I suggest you remove it. To do so click on Start -> Control Panel -> Add or Remove Programs. If Freeze.com Toolbar appears, click on it and click Remove. Once done, delete the following folder:
C:\Program Files\Freeze.com Toolbar

Please download SDFix and save it to your Desktop but do not run it yet.

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Double click SDFix.exe and it will extract the files to C:\SDFix

You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site.

Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please paste the contents of the Report.txt back on the forum in your next reply.

Please plug drive H: into your system if it is an external drive.

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
C:\WINDOWS\SYSTEM32\c0c2a076
C:\955.bat
C:\Documents and Settings\chevy\1359.bat
C:\Documents and Settings\chevy\4742.bat
C:\421.bat
C:\Documents and Settings\chevy\3480.bat
C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
C:\356.bat
C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
C:\WINDOWS\SYSTEM32\eiytiugwtrfxaxske.exe
C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\WINDOWS\SYSTEM32\filekiller.dll
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3 
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3

Folder::
C:\Program Files\Antivirus Protection
C:\WINDOWS\Y2hldnk
C:\WINDOWS\SYSTEM32\wp
C:\WINDOWS\SYSTEM32\RES
C:\WINDOWS\SYSTEM32\np5
C:\WINDOWS\SYSTEM32\mC02
C:\Temp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18a44c72-d267-d443-1461-db8338bae54e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"{88263159-d7ea-a00a-302d-778d20c39157}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

The name of the following file has not been completely displayed, presumably due to this forum's language filter. Please locate and delete it (the **** will correspond to a swear word):
C:\Documents and Settings\chevy\Incomplete\T-3545425-we dont give ****.mp3

Please click on Start -> Run. Type the following command and click OK:
notepad C:\WINDOWS\winstart.bat

This should popup a Notepad document showing the contents of winstart.bat. Please post the contents in your next reply.

Please post:

The SDFix report
The ComboFix log
The contents of winstart.bat
A new HijackThis log
An update on how your system is running

**ceewi1** · 09-24-2008, 03:14 AM

It seems that the CFScript file has been unsuccessful. I've attached it to this post. Please save it to your Desktop and drag it into ComboFix as before, then post the log generated.

Also, please click on Start -> Run. Type the following command and click OK:
notepad C:\WINDOWS\winstart.bat

This should popup a Notepad document showing the contents of winstart.bat. Please post the contents in your next reply.

nobbly niblets · 09-23-2008, 07:28 AM

Cohen, lol..... that's a ComboFix script to clean out the infected files for MBGraphics.

If you have a close look and compare to the Kaspersky scan performed you will find it lists the infected files.

Geez you're swift, I posted that not 2 minutes ago.

<EDIT> I refrained from giving detailed instructions on running the script.... Just thought it could save some one time</EDIT>

cohen · 09-23-2008, 07:30 AM

Quote:

Originally Posted by nobbly niblets

Cohen, lol..... that's a ComboFix script to clean out the infected files for MBGraphics.

If you have a close look and compare to the Kaspersky scan performed you will find it lists the infected files.

Geez you're swift, I posted that not 2 minutes ago.

<EDIT> I refrained from giving detailed instructions on running the script.... Just thought it could save some one time</EDIT>

Sorry, i just thought it was a hijackthis log.

Sorry.

nobbly niblets · 09-23-2008, 07:34 AM

That's cool... I'm not here often. Easy mistake to make. No harm, No Foul.

nobbly niblets · 09-23-2008, 07:43 AM

Here are alternative links to MBAM (MalwareBytes' Anti-Malware)

This one starts the downloader:

http://www.besttechie.net/tools/mbam-setup.exe

From Major Geeks:

http://www.majorgeeks.com/Malwarebyt...are_d5756.html

09-23-2008, 01:04 AM	#1 (permalink)
MBGraphics Platinum Member Join Date: Dec 2007 Location: Garden Grove CA Age: 18 Posts: 811	Thats fine Respital I'll get whatever help I can get whenever I can get it. My computer is at least in working condition now __________________ Mike Pics of my rig HERE Case:Lian Li with Swiftek apogee watercooling CPU: Intel Q6600 (2.4 GHz) Video: NVIDIA GeForce 8800GTX BFG OC Edition. LG 23" 1080HD and Sharp 19" RAM/Storage:4GB Kingston Hyper X DDR2/320GB(7,200RPM) an 160GB(10,000 RPM) internals, and 320GB External Sound Card: Creative X-Fi XtremeGamer Fatality OS: Windows Vista Home Premium (64-bit) M-B-Photos Winner of Photo Tournaments: Automobiles and Birds

09-23-2008, 04:13 AM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,613	Boot into safemode and delete all the files Kaspersky found. The Malwarebytes link is down at the minute.. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi

09-23-2008, 11:57 AM	#5 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	As some of you have noticed, my activity here has been limited recently and is likely to stay that way for the foreseeable future. It's rather sad to see what's happening with these threads, though. I notice you have the Freeze.com Toolbar installed. This is considered by many to be adware. See http://www.emsisoft.com/en/malware/?...ze.com+Toolbar for more information. I suggest you remove it. To do so click on Start -> Control Panel -> Add or Remove Programs. If Freeze.com Toolbar appears, click on it and click Remove. Once done, delete the following folder: C:\Program Files\Freeze.com Toolbar Please download SDFix and save it to your Desktop but do not run it yet. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Double click SDFix.exe and it will extract the files to C:\SDFix You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site. Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list). Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Please paste the contents of the Report.txt back on the forum in your next reply. Please plug drive H: into your system if it is an external drive. Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: Code: File:: C:\WINDOWS\SYSTEM32\c0c2a076 C:\955.bat C:\Documents and Settings\chevy\1359.bat C:\Documents and Settings\chevy\4742.bat C:\421.bat C:\Documents and Settings\chevy\3480.bat C:\WINDOWS\SYSTEM32\tuvWmJdb.dll C:\356.bat C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp C:\WINDOWS\SYSTEM32\eiytiugwtrfxaxske.exe C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3 C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3 C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3 C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3 C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3 C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\Antivirus_Protection_Setup.exe C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3 C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3 C:\WINDOWS\SYSTEM32\filekiller.dll H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3 H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3 Folder:: C:\Program Files\Antivirus Protection C:\WINDOWS\Y2hldnk C:\WINDOWS\SYSTEM32\wp C:\WINDOWS\SYSTEM32\RES C:\WINDOWS\SYSTEM32\np5 C:\WINDOWS\SYSTEM32\mC02 C:\Temp Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18a44c72-d267-d443-1461-db8338bae54e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "{88263159-d7ea-a00a-302d-778d20c39157}"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. CAUTION: Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. The name of the following file has not been completely displayed, presumably due to this forum's language filter. Please locate and delete it (the ** will correspond to a swear word): C:\Documents and Settings\chevy\Incomplete\T-3545425-we dont give **.mp3 Please click on Start -> Run. Type the following command and click OK: notepad C:\WINDOWS\winstart.bat This should popup a Notepad document showing the contents of winstart.bat. Please post the contents in your next reply. Please post: The SDFix report The ComboFix log The contents of winstart.bat A new HijackThis log An update on how your system is running __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virus/Adware problems	PunterCam	Computer Security	2	03-18-2008 07:21 PM

09-23-2008, 07:28 AM	#7 (permalink)
nobbly niblets Bronze Member Join Date: Dec 2007 Posts: 62	Cohen, lol..... that's a ComboFix script to clean out the infected files for MBGraphics. If you have a close look and compare to the Kaspersky scan performed you will find it lists the infected files. Geez you're swift, I posted that not 2 minutes ago. <EDIT> I refrained from giving detailed instructions on running the script.... Just thought it could save some one time</EDIT>

09-23-2008, 07:34 AM	#9 (permalink)
nobbly niblets Bronze Member Join Date: Dec 2007 Posts: 62	That's cool... I'm not here often. Easy mistake to make. No harm, No Foul.

09-23-2008, 07:43 AM	#10 (permalink)
nobbly niblets Bronze Member Join Date: Dec 2007 Posts: 62	Here are alternative links to MBAM (MalwareBytes' Anti-Malware) This one starts the downloader: http://www.besttechie.net/tools/mbam-setup.exe From Major Geeks: http://www.majorgeeks.com/Malwarebyt...are_d5756.html