"Detection signature file is more than 30 days old"

whabtbob

New Member
Please help! I can't get rid of this error!!

I'm using the McAfee Security Center (special edition from AOL).

Trouble started after McAfee displayed a window saying it caught something! I got the following details from the archives:

Broadcast PC TAI=7 2 removed
Win32, Trojan Agent TAI=10 2 removed

Immediately ran virus scan. No problems detected.

But then messages kept popping up saying "Your computer is not protected". The title was the given reason. So tried to update. Window popped up that said "Your programs are up to date". But the error never went away!

Then I discovered more worrisome problems! Other software (ie, Ad-Aware, Spybot S&D) would not update either! And I could no longer launch my Firefox browser, either.

I tried installing & running the McAfee Virtual Technician, but after installing & clicking on the icon, again, nothing happened!

McAfee Website gave instructions to run VirusScan in DOS. I did so. Took 2 hrs, but still didn't help.

I know Trojans can play around sometimes with the system date on your computer, so I checked that, and it is still accurate.

Finding solutions are frustrating!! I keep getting links to pages with solutions to this exact same problem, but each time I click on one I get message "IE cannot display this page". In Yahoo!Answers, the only solution they have is to use something else.

I finally ended up here, and hope someone here can help. I figure I could eliminate the error statements through uninstalling/reinstalling McAfee; but what about the inability to update other programs? That scares me. Could this be additional fallout from a Trojan or virus?

Thank you in advance for whatever help, resources, or referrals you can offer.
 

whabtbob

New Member
Log from Hijack This

TY for responding.
Saved Hijack This to Desktop; clicked icon - no response.

Went back - this time I hit Run instead of Save from Website. I guess it worked. I tried to attach my log file - but kept getting "unable to upload" message. No choice but to copy/paste it here.
***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:30 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1127868883\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1127868883\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127868883\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JCKK1FC0\mvtapp[1].exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127868883\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Sys49.exe] C:\Windows\Sys49.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sys49.exe] C:\Windows\Sys49.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114966525669
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123904530937
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.csde.state.ct.us/public/sde/CrystalRpts/activexviewer.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85A6ACC5-81F2-4B3E-9CB7-8A3FD9539290}: NameServer = 205.188.146.145
O20 - Winlogon Notify: GoToAssist - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12627 bytes

***
Any ideas?
 

johnb35

Administrator
Staff member
You are infected with these 2 items... possibly more...

O4 - HKLM\..\Run: [Sys49.exe] C:\Windows\Sys49.exe
O4 - HKCU\..\Run: [Sys49.exe] C:\Windows\Sys49.exe

Download and run combofix from this site and come back here and post the log that it displays at the end. and then post a fresh hijackthis log as well

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 

whabtbob

New Member
Thanks John. I thought that particular item looked suspicious. I'll follow your directions and repost ASAP.
 

whabtbob

New Member
uh-oh!

John, something went wrong when I tried to install/run ComboFix.

The ComboFix icon appeared on my desktop, but when I double-clicked to run it, nothing happened. It was a very small file (about 484 kb) and didn't even appear in the Add/Remove Programs list. So I deleted it manually & tried again.

This time after I tried running it, a warning message popped up from McAfee, warning me of a Potentually Unsafe Program, referred to as:

RemAdm - ProcLaunch! 171

Since this didn't seem to be related to ComboFix (and you warned me there might be other creepy things on my computer running besides what you pointed out), I instructed McAfee to remove the program. A message followed that the program could not be removed & I'd have to do it manually via the Control Panel. But again, nothing showed up in the list that was new or looked suspicious.

When all was said & done, a log file from ComboFix didn't appear to be generated anywhere. The ComboFix icon returned to my desktop, and this time the filesize is much larger - about 2.1 Megs. Still, nothing appeared to happen when I clicked it.

Did I mess up by instructing McAfee to stop that program? Do you think I shot ComboFix in the foot by mistake? I didn't think I should generate a new HijackThis log yet until I got some feedback from you first on what to do next.

I'm sorry if I messed this up. :( That unexpected & unrecognizable popup from McAfee caught me with my pants down.

I'll be awaiting your reply (or anything from someone else who has any insights). Thanks!
 

whabtbob

New Member
No such file or folder exists

It should be a new folder on C: where it puts it, called 'combofix' i think.

I checked the C drive. No such file or folder.
I then did a search. Only thing found was the Combofix application on my desktop.

Did you read my initial post? Right now, I can't update anything, and even routine downloads have difficulty running & doing what they are supposed to.

I then included hidden files & folders in my search, and I found two other files under C/Windows/prefetch:

combofix.exe-24A34DB5.pf
combofix[1].exe-18821102.pf

These wouldn't be the log files, would they? They shouldn't be hiding in such a hard-to-reach place.
 

johnb35

Administrator
Staff member
I checked the C drive. No such file or folder.
I then did a search. Only thing found was the Combofix application on my desktop.

Did you read my initial post? Right now, I can't update anything, and even routine downloads have difficulty running & doing what they are supposed to.

I then included hidden files & folders in my search, and I found two other files under C/Windows/prefetch:

combofix.exe-24A34DB5.pf
combofix[1].exe-18821102.pf

These wouldn't be the log files, would they? They shouldn't be hiding in such a hard-to-reach place.

The log will be at C:\combofix.txt... Do you have a flash drive where you can download combofix from another computer and then copy it to the flash drive and then run it on your computer?
 

whabtbob

New Member
I do have a flash drive. I'll give it a shot.

So John, if I'm understanding this correctly, ComboFix will generate another log file that will hopefully provide information that would point us to the potential problem or problems, correct? And I should post this log file, along with another one from Hijack This, just like I did yesterday.

Would you like the whole thing (you know how long it is), or is there a particular section from it that would suffice?
 

whabtbob

New Member
Combo Fix does not run

I d/led CF to a flash drive and moved it to the desktop on my computer w/o incident. But after double-clicking the Icon, nothing happens. No log file is generated on my C-drive.

I went as far as to right-click on the Icon and select "Run as...", then uncheck the box "Protect my computer and data from unauthorized program activity", thinking that might have hindered the application from working. Still nothing.

Mystified? I am. Now what?
 

whabtbob

New Member
Combofix now runs....sort of!

Gentlemen,
With nothing to lose, I returned to the Website you referred me to for ComboFix. This time, instead of saving it to my desktop first & attempting to run it from there, I clicked Run.

I got a little message box labeled ComboFix, and it appeared to work! The box closed, McAfee gave me a warning message, but this time I answered allow it to run. Then, right when it appeared everything was alright, I received a message box titled "Error", with the message:

You cannot rename ComboFix as ComboFix[1]. Please use another name...

I searched for files/folders containing "Combo" and found 5 files named ComboFix or ComboFix[1]. I deleted them all, and removed the ComboFix application as well, wanting to remove all references to "ComboFix" in hopes to prevent the above error statement from reappearing.

Well, I once again Ran ComboFix directly from the sight, got the same ComboFix box, it appeared to run, no interference from McAfee this time... but I got the same error statement. No apparent log files were generated, so I did another search just to make sure. Only result was another
ComboFix[1].exe file in that same Prefetch folder.

That's the latest. Looking forward to your reply. I very much appreciate your input!
 

Respital

Active Member
Gentlemen,
With nothing to lose, I returned to the Website you referred me to for ComboFix. This time, instead of saving it to my desktop first & attempting to run it from there, I clicked Run.

I got a little message box labeled ComboFix, and it appeared to work! The box closed, McAfee gave me a warning message, but this time I answered allow it to run. Then, right when it appeared everything was alright, I received a message box titled "Error", with the message:

You cannot rename ComboFix as ComboFix[1]. Please use another name...

I searched for files/folders containing "Combo" and found 5 files named ComboFix or ComboFix[1]. I deleted them all, and removed the ComboFix application as well, wanting to remove all references to "ComboFix" in hopes to prevent the above error statement from reappearing.

Well, I once again Ran ComboFix directly from the sight, got the same ComboFix box, it appeared to run, no interference from McAfee this time... but I got the same error statement. No apparent log files were generated, so I did another search just to make sure. Only result was another
ComboFix[1].exe file in that same Prefetch folder.

That's the latest. Looking forward to your reply. I very much appreciate your input!

Try saving it onto your desktop, that usually works. :)
 

johnb35

Administrator
Staff member
Gentlemen,
With nothing to lose, I returned to the Website you referred me to for ComboFix. This time, instead of saving it to my desktop first & attempting to run it from there, I clicked Run.

I got a little message box labeled ComboFix, and it appeared to work! The box closed, McAfee gave me a warning message, but this time I answered allow it to run. Then, right when it appeared everything was alright, I received a message box titled "Error", with the message:

You cannot rename ComboFix as ComboFix[1]. Please use another name...

I searched for files/folders containing "Combo" and found 5 files named ComboFix or ComboFix[1]. I deleted them all, and removed the ComboFix application as well, wanting to remove all references to "ComboFix" in hopes to prevent the above error statement from reappearing.

Well, I once again Ran ComboFix directly from the sight, got the same ComboFix box, it appeared to run, no interference from McAfee this time... but I got the same error statement. No apparent log files were generated, so I did another search just to make sure. Only result was another
ComboFix[1].exe file in that same Prefetch folder.

That's the latest. Looking forward to your reply. I very much appreciate your input!

it almost sounds like you are renaming the file before you download it. Don't change the name at all. What browser are you using to download the file?
 

whabtbob

New Member
Thanks, but...

Try saving it onto your desktop, that usually works. :)

Not in this case! See previous posts #6 and #14 for details on what happened when I tried to do this.

Right now, I'm in a position where I can't seem to save, download, or update anything from the Internet to my computer. The problem goes way beyond the initial error statement!
 

whabtbob

New Member
I didn't make any changes before downloading!

it almost sounds like you are renaming the file before you download it. Don't change the name at all. What browser are you using to download the file?

John, I'm not renaming anything. Everything happened exactly as I described. I was not even prompted to rename it, nor do I want to!

This is why I thought there might be some residual files installed from a previous (failed) download still on my computer. I suspected the problem was, for some reason, an existing copy of ComboFix was already being recognized on my unit; hence the prompt to change the filename. So I searched the hard drive for all filenames containing "combo", and deleted them. I also deleted my existing copy of the download to my desktop. I wanted my computer to be free of any references to ComboFix so I could finally run it without problems. Regardless, I still got that weird error, and a file installed in the Prefetch folder named "ComboFix[1].exe.pf".

As you can see, right now NOTHING appears to download, install, or update to my unit like it should -- even stuff to help us find solutions!! :confused:

My mind keeps returning to that stupid "sys49" file we discovered! Of course, as you mentioned, there may be other ones too.

Oh, and I've been using AOL 9.0 to access the Internet. I can also go online directly via IE 7.0. I also have Firefox installed, but after the Trojan (or whatever it was) attacked, I can no longer use it. Nothing happens anymore after I click the Icon.

I told you this was strange! Even a little scary.... RSVP!!
 
Top