Thane,
OK. I've tried this protocol; went to BleepingComputer and got a new
version of
ComboFix. The newest version is very odd. It deletes itself and its'
directory
after running. Surprised I was; twice!
Both times, the directory and the run file were gone after I ran the app.
Gone as in the Search routine can not find it.
I never get to do Start/Run/"combofix /uninstall"
or Start/Run/cmd/"combofix /uninstall"
or Start/Run/cmd/cd.. (back to ?)/"combofix /uninstall"
I suppose that after 2-in-a-row, I might suspect a major vector?
But, I will play with this some more. Really interesting actually.
LOL!
It is a semi-virgin system. I can just erase it and start fresh; though
I'd like to
avoid this if possible.
I am still smiling! I have never seen this behavior in WinXPpro. Then,
the baddies
have certainly gotten smarter. I do so hate when this happens........... :)
Best,
Duncan
On 11/30/2010 15:08, DSinc wrote:
Thane,
Thank you! I will now go back and try this protocol. Completely forgot
this idea.
Lastly, is it possible for an application to set access rights such
that even the
system admin account can NOT reset same via the ATTRIB command in DOS?
Combofix seems to create a directory in root (c:\) called "Qoobox"
which I think is
its' quarantine area. Fine. But, inside this directory is a
sub-directory called
"BackEnv" that appears to be empty. This sub-directory is so well
protected, I can NOT
make it just go away.
Best,
Duncan
On 11/30/2010 05:18, Thane Sherrington wrote:
At 06:07 PM 29/11/2010, DSinc wrote:
Thane,
Is that a CMD line tool/command?
If so, I may be farqued!
But, I'll give it a try.
Just run it out the same folder you ran combofix out of before. (If
you've already deleted combofix, redownload it, run it, and then run
the uninstall.) You can also manually delete the extra driver with
no problems.
T
