Hello!
I had a virus on my PC which had the following behavior:
I couldn't open regedit, cmd, regedt32, and other exes from the Start/Run.
When I typed it in it seemed like soft-rebooting my system or opening the My Documents folder (in Safe mode as well).
Also I could not browse any Mcafee web pages. Could not run RegistryBooster cleaner and some other cleaners.
I could not update Malwarebytes and Mcafee would not update either.
While having the problem I removed Mcafee and Installed NORTON 360.
I run numerous scans on safe mode (with no System restore) and Norton could not find anything. As a matter of fact I also run a lot of other legit and strong Antivirus programs and none could remove it.
Norton 360 was up and running fine and could update as well (after a patched it as suggested by your site).
When I run Norton 360 scan it would find cookies like user@tribalfusion.com, user@quantserve.com, and few more and always last appeared Cookie: orpan cleanup. I kept fixing those but came up at every scan.
Finally, I run Combofix in Safe mode and removed: catchme.sys, cathme.log and informed me of registry key LEGACY_CATCHME.
After that, everything was back to normal!
I am not returning to Mcafee since I believe Norton is much better.
HOWEVER, could you please inform me why it could not remove this trojan???
Is what I am writting here, first time heard?
Also I have a Qoobox folder which has the trojan in quarantine. Should I go and manually now remove this folder? I know that this folder has been created by Combofix.
Please your advice will be much appreciated.
Also another question:
I have Winpatrol running and from time to time it keeps popping a window asking me whether I will allow a change for file type .scr from "%1" to "%1 /s", or allow for file type .exe from "%1 1*" to "%1 %". Is this normal? Should I allow or not?
Thanks a lot for your time! I await your answer!