If you have 'ComboFix' (CF) already on your Desktop, please remove it! We'll download an updated version.
Save ComboFix.exe to your Desktop!!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through these links:
Vista - Right-click on ComboFix.exe and select: Run as Administrator
Follow the prompts.
Click on ‘Yes‘, to continue scanning for malware.
When finished, CF produces a report.
Since this report can be quite large, please go to the ‘Uploading’ website:
In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”
Please copy the 'Download link', and provide it in your reply.
1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Now, please remove any previous download of 'TDSSKiller' (if used) and download the latest version:
Execute the file:
Windows 7: Right-click and select: Run as Administrator
Press the button: Start Scan
The tool scans and detects two object types:
'Malicious' (where the malware has been identified)
'Suspicious' (where the malware cannot be identified)
When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.
It automatically selects an action ('Cure' or 'Delete') for 'Malicious' objects. Leave the setting as it is.
It also prompts the User to select an action to apply to 'Suspicious' objects ('Skip', by default). Leave the setting as it is.
After clicking 'Next/Continue', the tool applies the selected actions.
A Reboot Required prompt may appear after a disinfection. Please reboot.
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\.
Logs have a name like:
Please post the TDSSKiller log in your reply, by uploading it also.
Need to see the following uploads in your reply:
**The 'ComboFix' log
**The 'TDSSKiller' log
Also need to know whether TDSSKiller needed a reboot!
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals