Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] intermittent computer lockup


  • This topic is locked This topic is locked
24 replies to this topic

#16 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 27 October 2009 - 08:52 AM

Hi,

Please do the following:

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#17 kayaref

kayaref

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 28 October 2009 - 06:16 AM

Hi Catbyte, Please find attached Combofix log file. I supposedly quit my Antivirus by clicking the "Quit" button in Eset, but Combofix still warned me that the Eset was still running. I could not find any other command to disable my Antivirus, so you will see that the log file states that Eset is still running. I realise this may have affected the diagnosis, otherwise I can run it again if you can advise a different way to disable Eset. Best regards, Kevin

Attached Files



#18 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 28 October 2009 - 07:28 AM

Hi, Can you please advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#19 kayaref

kayaref

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 29 October 2009 - 05:21 AM

Hi Catbyte, Comp is running a lot better now - no more lockups, no popup. I will keep monitoring performance. Thanks very much again, Best regards, Kevin

#20 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 29 October 2009 - 06:14 AM

Hi,

Good, we need to clean up combofix.

Please do the following:

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK.
  • Note the space between the ..X and the /U, it needs to be there.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#21 kayaref

kayaref

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 29 October 2009 - 07:14 AM

Hi CatByte, I think I spoke too soon. Please see attachment showing screenshot. I am not sure if this is malware. These alerts have been more frequent lately. Thanks, Kevin

Attached Files



#22 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 29 October 2009 - 07:42 AM

Hi, Windows script host is a legitimate program. It wants to change the file association for .vbs files to run with the script host rather than have it open with an editor ie Notepad. It is more secure to leave it the way it is....to have notepad as the default file association. But Windows script host is in no way malicious. Yo may be getting the popup now due to a recent update from microsoft perhaps. Your computer is free of malware now. If you get further alerts from winpatrol regarding changes, there is usually an answer to whether to allow it or not readily available on Google. If you are still in doubt by all means ask a question in our Windows forum.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#23 kayaref

kayaref

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 29 October 2009 - 08:06 AM

Thanks very much for that advice. I have uninstalled Combofix successfully. Regards and thanks, Kevin

#24 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 29 October 2009 - 09:28 AM

You are more than welcome stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#25 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 November 2009 - 05:01 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users