Hello I'd really appreciate if someone could help me - I can't delete windir32.exe file. I follow all the instructions to remove it, but nothing seems to work. I fix problems (not sure if all) using "HijackThis" and delete windir32.exe file with "KillBox" (in Safe mode) but every time I reboot, windir32.exe reappears. By the way, "tot.exe" file can be found in my Local Disk (C), even though I have never installed it. I delete this file every time I turn my computer on, but it reappears after every restart, just like windir32.exe (and some other files - mirc.ini, secus16.exe, windir32.zip, WMM2RE2.dll, WMM2RE3.dll, WMM2RE4.dll and shortcut to "gm2re1"). Thanks in advance for any help :)
This is my HijackThis log:
Logfile of HijackThis v1.99.1 Scan saved at 00:04:39, on 2008.05.25 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Please connect all your external hard drive/flash drive before running Combofix
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply with a new hijackthis log.
Please copy and paste your log files. DO NOT add it as an attachment
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Thanks for taking the time to help I couldn't open ComboFix through Start->Run->ComboFix /snapshot. It said "Windows cannot find ComboFix". I clicked on the file on desktop and I was shown a message that ComboFix can only run on Windows 2000 and XP (Don't know if it's really true?). I have Windows 2003. Anyway, yesterday I updated my NOD32 antivirus program and it found "a variant of Win32/AutoRun.KS worm" here: c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe. I deleted it along with windir32.exe (it was in C:\WINDOWS\system32) and all its associated files. I also ran CCleaner. After the restart everything was normal and windir32.exe with all its other files didn't reappear. So maybe everything's ok now?
Please take a look at my fresh HijackThis log:
Logfile of HijackThis v1.99.1 Scan saved at 15:25:49, on 2008.05.25 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Currently it is Wednesday, June 19, 2013 6:12 AM (GMT +3) There are a total of 59,652 posts in 13,158 threads. In the last 3 days there were 2 new threads and 12 reply posts. View Active Threads
Who's Online
This forum has 34676 registered members. Please welcome our newest member, hawanili. 35 Guest(s), 0 Registered Member(s) are currently online. Details
|
Forum Help Manual
