Jump to content

Change Mode

Combofix And Trojan.bamital!inf Help!


Meagan
 Share

Recommended Posts

Hello,

 

I recently acquired the Trojan.bamital!inf virus which infected explorer.exe and winlogon.exe. I couldn't start my computer unless I selected "last known good configuration" and system restore was telling me there were no restore points even though I have never turned it off. So after some online browsing I decided to run combofix, which was great and seemed to solve some problems as now my computer would boot normally and seems to be functioning normally. However, when I run my Symantec full scan, it detects two infected files (winlogon.exe and explorer.exe) in a Qoobox folder, which I think is where Combofix put the bad files, and it also tells me I have a bad copy of explorer.exe in C:\WINDOWS\system32\dllcache\. So my questions are: can I delete the files in the Qoobox folder without damaging my system, and how do I get rid of the other one?!!

 

Also, I deleted combofix by just right-clicking on the .exe file located on my desktop, and I don't think that that was how to properlly uninstall it, so will that cause damage?

 

One more thing . . . My virus scanner also brought up several A00000 . . .files ending in different numbers in my restore folder as infected, but now that I've turned off restore they don't show up anymore.

 

Thanks to anyone who can help!!!

 

Meagan

Link to comment
Share on other sites

go to start, select run and type in "combofix /uninstall" There is a space between combofix and /

 

Do an on line scan if you can and see in anything else pops up

http://www.eset.com/online-scanner/run

 

If you are having more issues then post a HiJackThis log over here

http://forums.pcpits...ijackthis-logs/

Edited by Joe C
Link to comment
Share on other sites

go to start, select run and type in "combofix /uninstall" There is a space between combofix and /

 

Do an on line scan if you can and see in anything else pops up

http://www.eset.com/online-scanner/run

 

If you are having more issues then post a HiJackThis log over here

http://forums.pcpits...ijackthis-logs/

 

 

I tried to do the uninstall, but it tells me that windows cannot find "combofix". I'll do the online scan now.

Link to comment
Share on other sites

Oh Joe,

 

Things have taken a major turn for the worse!! I ran the online scan you suggested, then my computer totally crashed. things were popping up, telling me of failures left and right! Now I can no longer get onto my machine in normal mode or in "last good configuration" . My system restore was shut off, so I can't do that. I have it up and running in safe mode, and ran malware bytes, which said I had no infected files (congratulations!!), and now I'm running spybot. I am typing this message from my netbook, but I don't know how I could connect to the internet on the infected computer as it is on it's death bed. Prior to crashing, the scan said I had three infected files, all in win32. Some popup came up right before it crashed, which is I'm sure the cause. It was something called "HDD control" I think

 

Any suggestions?

 

Thanks so much.

Link to comment
Share on other sites

you'll have to go to the HiJackThis forum where you can get the help from an adviser, they will be able to guide you through this and use the proper software to clean this up

http://forums.pcpits...ijackthis-logs/

 

You'll need to be patient because they are many that need help but few to serve

Do Not Delete your ComboFix folder because they will want to see the scan log from it

Edited by Joe C
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...