Received. Thanks :)
Would you zip a copy of the following file and send that zip to me as well? C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
Entering your addresses in such a simple batch was necessary due to working with static IPs. A more complex batch could be created that would...
No, I don't mind. Just make sure to note all addresses are conditional and should be adjusted for each environment in which it is used. Now,...
Great! I'll mark this topic resolved then. Geri has posted some very helpful information and recommendations regarding future protection in the...
File received. Thank you! This should be the last task, then we can cleanup. Disable any realtime protection applications. Highlight and copy...
Got it! Thank you. Will likely be tomorrow before I have time to study it.
Make a batch out of the contents of the code box below. Should be 1 click to switch. ;) @echo off echo Please wait ipconfig>temp0 type temp0...
I hope you do too. BTW, would you pass along the link where you found the batch? I know how I'd write one to do that, but am always curious how...
Lets use ComboFix to get copies of those registry hive backups so I can check them. Disable any realtime protection applications. Highlight and...
No need to apologize. ;) Rename one to 10.bat and the other to 13.bat :D
Welcome to WindowsBBS Steve :) Your log does not suggest any infection. My first impulse would be to disable the Firewall from starting up with...
This should work, since ComboFix now uses a different routine to upload files. Disable any realtime protection applications. Highlight and...
Looks good. If you're satisfied things are working normally again, lets cleanup now. Open your resident antivirus (Norton) and remove all...
I don't know. What happens if you right click on the file and select Send To>Mail Recipient
Hmmm, the reg dumps is what I was really hoping to see too. :mad: Highlight and copy the contents of the code box below. if exist...
I recieved the emails and knew immediately upon opening the first what the problem was, then saw upon opening the second that you had figured it...
See if you can attach that zip file to an email and send it to me please. Then we'll finish cleaning up. BTW, how's the computer behaving now?
Highlight and copy the contents of the code box below. cd %systemroot% @swreg save HKLM\System\controlset001 D:\CCS1.hiv @swreg save...
You won't find the folder with either of those apps. You should be able to find the files that were in it and recover those however.
Separate names with a comma.
