Hi all, I am pretty annoyed by this 'unknown' worm. I had check in google and the closest i get was brontok.32 but i dun think its the worm which infected my PC. Below are the symptoms: -- It disables run command, task manager. -- I cant open registry. -- I cant open any DOS-related application. -- It keeps repeating even after i have run RRT. Any help/assistance is much appreciated. Thanks!
Hi 786khan Woah.. you are indeed infected. Does SYmantec detect anything? Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Hi cdavfrew, Thanks for your response. Forgot to include that i have done running ComboFix. What happens is that it works untill the next restart or for a prolonged period till the worm hits back. And Symantec is not helpful in any way. I believe symantec is not very good against worms since the first time i killed a worm. Anyway this is a wierd problem, as i cant find any problem with the HJT log also. So i wanted to share it with all. Before i end, here is another diagnostic: -- the worm is believed to be spread from a thumb drive or through ppfilm, according to the symantec logs. Any help/assistance is much appreciated. Thanks!
Hey 786khan In your next post, answer this question: Are you willing to uninstall Symantec for a better antivirus? Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer into Safe Mode by doing the following: • Restart your computer • After pressing the power button, repeatedly tap the F8 key. • Instead of Windows loading as normal, the Advanced Options Menu should appear; • Select the first option, to run Windows in Safe Mode, then press Enter. • Choose the administrator's account. • Open the extracted SDFix folder and double click RunThis.bat to start the script. • Type Y to begin the cleanup process. • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. • Press any Key and it will restart the PC. • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. • Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum) • Finally paste the contents of the Report.txt here. Best Regards
