[Blind Dragon]

I cleaned a badly infected computer for a friend. It had smitfraud variety trojans, a ton of spyware, and Look2Me infection, over 400 registry problems, a few gigs of system clutter. I basically just spent 11 hours cleaning.

I think I got everything as the installed programs are gone from the desktop and there are no more redirects, I don't see anything else, but am quite tired at this point.

Would one of you mind doublechecking the HJT to make sure it looks ok.

thanks in advance

[Howard]

That`s clean as a whistle mate.

However, you might want to do the following.

Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt, please post the log.

Regards Howard

This thread is for the use of Blind Dragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Blind Dragon]

I was already running a fresh combofix right after posting.

Here ya go

[Howard]

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

Quote:

File::
C:\WINDOWS\system32\lo2.txtt
C:\WINDOWS\unins000.exe
C:\WINDOWS\unins000.dat

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Regards Howard

This thread is for the use of Blind Dragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Blind Dragon]

tea timer keeps popping up asking permission to change SCR Extension handler -> Says "Value Changed" Old data = Notepad.exe %1 then New Data "%1" /S

I have been hitting Deny - any idea on that one? My guess is that it is because I deleted the redirects from the host file and installed the spybot hosts file

[Howard]

Your log file is clean.

Allow the alert in SS&D instead of hitting deny. It shouldn`t ask you again after that.


Click start/run and type combofix /u into the run box and hit the enter key. Note the space between combofix and forward slash. This will uninstall Combofix and all it`s folders etc.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Blind Dragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Blind Dragon]

Thank you sir

Time to sleep finally

You can mark the thread Solved

[Howard]

Ok mate, consider it done.

Thread solved.

Regards Howard