Prescottbob,
Part I:
Please open
Notepad: (Start > All Programs > Accessories > Notepad)
Copy/paste the entire content inside the quote box below to Notepad (Do not copy the word 'Quote'):
FCopy::
C:\MpSvc.dll | C:\Program Files\Windows Defender\MpSvc.dll
C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
ClearJavaCache::
In Notepad, click:
File (upper left) >
Save As...
Save the file to the
Desktop
Name it:
CFScript.txt
Click:
Save
-->>Both the
CFScript.txt and the
ComboFix program icon
must be on the
Desktop, or this will not work.<<--
Make sure all AntiVirus and AntiMalware programs are disabled, so they do not interfere with the running of ComboFix.
Info:
http://www.bleepingcomputer.com/forums/topic114351.html
Now,
drag the
CFScript.txt into
ComboFix.exe as shown below:
This action starts
ComboFix again.
If the program asks to reboot, please do so.
When done, please attach the new
Combofix.txt in your reply.
Part II:
Can't remember if you have
MBAM installed or not. If not, please download
Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.
MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Continue disabling these programs, or permit them to allow the changes.
Right-click the
MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.
Make sure both of these are checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Click:
Finish
MBAM automatically starts and you are asked to
update the program.
If an update is found, the program will automatically update itself.
Press the
OK button to close that box and continue.
On the
Scanner tab:
Make sure the
Perform Full Scan option is selected.
Then click on the
Scan button.
If asked to select the drives to scan, leave
all the drives selected.
Click on the
Start Scan button.
The scan may take some time to complete, so please be patient.
When the scan is finished, a message box shows
The scan completed successfully. Click 'Show Results' to display all objects found
Click
OK to close the message box and continue with the removal process.
Back at the main
Scanner screen:
Click on the
Show Results button to see a list of any malware found.
Make sure everything is checked, and click:
Remove Selected
When removal is completed, a report opens in Notepad.
The log is automatically saved and can be viewed by clicking the
Logs tab.
Please copy/paste the entire contents of the
MBAM report in your reply.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot normally (
not into safe mode) prevents MBAM from removing all the malware.
HP/C99shell.J which spreads through social network Flickr to download and install malware Movavi Screen Capture Personal on the affected machines.
