09-02-2009 07:38 PM
Solved! Go to Solution.
09-02-2009 07:44 PM
You would have been better to ask for assistance first. There is no guarantee that we will be able to help you now that you have applied other fixes to what is a very specialized problem. We will see what has been left and Quads will make a determination on whether he can help you safely, or whether you will need to take it in to a computer expert in your locale.
Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.
Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.
Choose log, check all the boxes except show hidden objects only and scan.
You will be able to post the log here using the "add attachments" link just below the orange post button.
09-02-2009 09:06 PM
One thing you can do for yourself, is to remove Spybot Search & Destroy with Teatimer. Teatimer runs in real time the same as Norton. Whenever you run two real time scanners at the same time, you have conflicts that leave you vulnerable.
Another thing to know about S & D is that it actually prevents the removal of some of the rootkits. It should be removed from your system ASAP.
You still have a kbiwkm rootkit infection.
What other programs or utilties did you use to try and remove it?
09-03-2009 06:35 PM
Here is sysprot log.
The three scan programs I have tied so far are Norton, Malwarebytes' anit-malware, and Sophos' anti-rootkit. Have now removed spybot too.
Thanks for helping.
09-03-2009 06:52 PM
NOTE: You will have to save as combofix to save it as a different name so the it is No longer named "Combofix.exe" so that when I say Combofix below I mean the new name you have downloaded it as instead
1. Download Combofix to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-us
Don't use yet.
2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side. Copy the Script.
3. Open Notepad and paste it in to notepad with the first line being killall::
4. Save the script as "CFScript.txt" CFScript.txt is what you see on your desktop after saving.
5. Disable Nortons Auto-Protect and Firewall.
6. Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.
7. Combofix will start, When it is scanning don't move the mouse cursor inside the box, can cause freezing.
09-03-2009 07:44 PM - edited 09-03-2009 07:49 PM
I ran Combofix. It seemed to work as described in the tutorial from the link. Do you want me to upload the log file?