"Detection signature file is more than 30 days old"

Discussion in 'Computer Security' started by whabtbob, Sep 2, 2008.

  1. whabtbob

    whabtbob New Member

    Messages:
    18
    Please help! I can't get rid of this error!!

    I'm using the McAfee Security Center (special edition from AOL).

    Trouble started after McAfee displayed a window saying it caught something! I got the following details from the archives:

    Broadcast PC TAI=7 2 removed
    Win32, Trojan Agent TAI=10 2 removed

    Immediately ran virus scan. No problems detected.

    But then messages kept popping up saying "Your computer is not protected". The title was the given reason. So tried to update. Window popped up that said "Your programs are up to date". But the error never went away!

    Then I discovered more worrisome problems! Other software (ie, Ad-Aware, Spybot S&D) would not update either! And I could no longer launch my Firefox browser, either.

    I tried installing & running the McAfee Virtual Technician, but after installing & clicking on the icon, again, nothing happened!

    McAfee Website gave instructions to run VirusScan in DOS. I did so. Took 2 hrs, but still didn't help.

    I know Trojans can play around sometimes with the system date on your computer, so I checked that, and it is still accurate.

    Finding solutions are frustrating!! I keep getting links to pages with solutions to this exact same problem, but each time I click on one I get message "IE cannot display this page". In Yahoo!Answers, the only solution they have is to use something else.

    I finally ended up here, and hope someone here can help. I figure I could eliminate the error statements through uninstalling/reinstalling McAfee; but what about the inability to update other programs? That scares me. Could this be additional fallout from a Trojan or virus?

    Thank you in advance for whatever help, resources, or referrals you can offer.
     
  2. johnb35

    johnb35 Administrator Staff Member

    Messages:
    42,124
  3. whabtbob

    whabtbob New Member

    Messages:
    18
    Log from Hijack This

    TY for responding.
    Saved Hijack This to Desktop; clicked icon - no response.

    Went back - this time I hit Run instead of Save from Website. I guess it worked. I tried to attach my log file - but kept getting "unable to upload" message. No choice but to copy/paste it here.
    ***
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:30:30 PM, on 9/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\1127868883\ee\AOLSoftware.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\program files\common files\aol\1127868883\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1127868883\ee\aolsoftware.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JCKK1FC0\mvtapp[1].exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127868883\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Sys49.exe] C:\Windows\Sys49.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sys49.exe] C:\Windows\Sys49.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYUS_undefined
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114966525669
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123904530937
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
    O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.csde.state.ct.us/public/sde/CrystalRpts/activexviewer.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85A6ACC5-81F2-4B3E-9CB7-8A3FD9539290}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: GoToAssist - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 12627 bytes

    ***
    Any ideas?
     
  4. johnb35

    johnb35 Administrator Staff Member

    Messages:
    42,124
    You are infected with these 2 items... possibly more...

    O4 - HKLM\..\Run: [Sys49.exe] C:\Windows\Sys49.exe
    O4 - HKCU\..\Run: [Sys49.exe] C:\Windows\Sys49.exe

    Download and run combofix from this site and come back here and post the log that it displays at the end. and then post a fresh hijackthis log as well

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
     
  5. whabtbob

    whabtbob New Member

    Messages:
    18
    Thanks John. I thought that particular item looked suspicious. I'll follow your directions and repost ASAP.
     
  6. whabtbob

    whabtbob New Member

    Messages:
    18
    uh-oh!

    John, something went wrong when I tried to install/run ComboFix.

    The ComboFix icon appeared on my desktop, but when I double-clicked to run it, nothing happened. It was a very small file (about 484 kb) and didn't even appear in the Add/Remove Programs list. So I deleted it manually & tried again.

    This time after I tried running it, a warning message popped up from McAfee, warning me of a Potentually Unsafe Program, referred to as:

    RemAdm - ProcLaunch! 171

    Since this didn't seem to be related to ComboFix (and you warned me there might be other creepy things on my computer running besides what you pointed out), I instructed McAfee to remove the program. A message followed that the program could not be removed & I'd have to do it manually via the Control Panel. But again, nothing showed up in the list that was new or looked suspicious.

    When all was said & done, a log file from ComboFix didn't appear to be generated anywhere. The ComboFix icon returned to my desktop, and this time the filesize is much larger - about 2.1 Megs. Still, nothing appeared to happen when I clicked it.

    Did I mess up by instructing McAfee to stop that program? Do you think I shot ComboFix in the foot by mistake? I didn't think I should generate a new HijackThis log yet until I got some feedback from you first on what to do next.

    I'm sorry if I messed this up. :( That unexpected & unrecognizable popup from McAfee caught me with my pants down.

    I'll be awaiting your reply (or anything from someone else who has any insights). Thanks!
     
  7. chibicitiberiu

    chibicitiberiu New Member

    Messages:
    1,263
    Combofix does not need installation: you only download it, extract and use.
     
  8. whabtbob

    whabtbob New Member

    Messages:
    18
    Reply to comment

    A log was supposed to be generated after running this, right? I don't know if this occurred, or if it did, where I would find it.
     
  9. chibicitiberiu

    chibicitiberiu New Member

    Messages:
    1,263
    It should be a new folder on C: where it puts it, called 'combofix' i think.
     
  10. whabtbob

    whabtbob New Member

    Messages:
    18
    No such file or folder exists

    I checked the C drive. No such file or folder.
    I then did a search. Only thing found was the Combofix application on my desktop.

    Did you read my initial post? Right now, I can't update anything, and even routine downloads have difficulty running & doing what they are supposed to.

    I then included hidden files & folders in my search, and I found two other files under C/Windows/prefetch:

    combofix.exe-24A34DB5.pf
    combofix[1].exe-18821102.pf

    These wouldn't be the log files, would they? They shouldn't be hiding in such a hard-to-reach place.
     
  11. johnb35

    johnb35 Administrator Staff Member

    Messages:
    42,124
    The log will be at C:\combofix.txt... Do you have a flash drive where you can download combofix from another computer and then copy it to the flash drive and then run it on your computer?
     
  12. whabtbob

    whabtbob New Member

    Messages:
    18
    I do have a flash drive. I'll give it a shot.

    So John, if I'm understanding this correctly, ComboFix will generate another log file that will hopefully provide information that would point us to the potential problem or problems, correct? And I should post this log file, along with another one from Hijack This, just like I did yesterday.

    Would you like the whole thing (you know how long it is), or is there a particular section from it that would suffice?
     
  13. johnb35

    johnb35 Administrator Staff Member

    Messages:
    42,124
    The whole report please.
     
  14. whabtbob

    whabtbob New Member

    Messages:
    18
    Combo Fix does not run

    I d/led CF to a flash drive and moved it to the desktop on my computer w/o incident. But after double-clicking the Icon, nothing happens. No log file is generated on my C-drive.

    I went as far as to right-click on the Icon and select "Run as...", then uncheck the box "Protect my computer and data from unauthorized program activity", thinking that might have hindered the application from working. Still nothing.

    Mystified? I am. Now what?
     
  15. whabtbob

    whabtbob New Member

    Messages:
    18
    Combofix now runs....sort of!

    Gentlemen,
    With nothing to lose, I returned to the Website you referred me to for ComboFix. This time, instead of saving it to my desktop first & attempting to run it from there, I clicked Run.

    I got a little message box labeled ComboFix, and it appeared to work! The box closed, McAfee gave me a warning message, but this time I answered allow it to run. Then, right when it appeared everything was alright, I received a message box titled "Error", with the message:

    You cannot rename ComboFix as ComboFix[1]. Please use another name...

    I searched for files/folders containing "Combo" and found 5 files named ComboFix or ComboFix[1]. I deleted them all, and removed the ComboFix application as well, wanting to remove all references to "ComboFix" in hopes to prevent the above error statement from reappearing.

    Well, I once again Ran ComboFix directly from the sight, got the same ComboFix box, it appeared to run, no interference from McAfee this time... but I got the same error statement. No apparent log files were generated, so I did another search just to make sure. Only result was another
    ComboFix[1].exe file in that same Prefetch folder.

    That's the latest. Looking forward to your reply. I very much appreciate your input!
     
  16. Respital

    Respital Active Member

    Messages:
    3,279
    Try saving it onto your desktop, that usually works. :)
     
  17. johnb35

    johnb35 Administrator Staff Member

    Messages:
    42,124
    it almost sounds like you are renaming the file before you download it. Don't change the name at all. What browser are you using to download the file?
     
  18. whabtbob

    whabtbob New Member

    Messages:
    18
    Thanks, but...

    Not in this case! See previous posts #6 and #14 for details on what happened when I tried to do this.

    Right now, I'm in a position where I can't seem to save, download, or update anything from the Internet to my computer. The problem goes way beyond the initial error statement!
     
  19. whabtbob

    whabtbob New Member

    Messages:
    18
    I didn't make any changes before downloading!

    John, I'm not renaming anything. Everything happened exactly as I described. I was not even prompted to rename it, nor do I want to!

    This is why I thought there might be some residual files installed from a previous (failed) download still on my computer. I suspected the problem was, for some reason, an existing copy of ComboFix was already being recognized on my unit; hence the prompt to change the filename. So I searched the hard drive for all filenames containing "combo", and deleted them. I also deleted my existing copy of the download to my desktop. I wanted my computer to be free of any references to ComboFix so I could finally run it without problems. Regardless, I still got that weird error, and a file installed in the Prefetch folder named "ComboFix[1].exe.pf".

    As you can see, right now NOTHING appears to download, install, or update to my unit like it should -- even stuff to help us find solutions!! :confused:

    My mind keeps returning to that stupid "sys49" file we discovered! Of course, as you mentioned, there may be other ones too.

    Oh, and I've been using AOL 9.0 to access the Internet. I can also go online directly via IE 7.0. I also have Firefox installed, but after the Trojan (or whatever it was) attacked, I can no longer use it. Nothing happens anymore after I click the Icon.

    I told you this was strange! Even a little scary.... RSVP!!
     
  20. johnb35

    johnb35 Administrator Staff Member

    Messages:
    42,124

Share This Page