Expert: Brian Benosky - 8/18/2009

Question
QUESTION: I had the Trojan spm/lx and followed your instructions and got rid of it yesterday.  When I went to check emails this am an Antivirus pro window came up and I could not run the malwarebytes anti-malware program.  A message came up and said it was infected.
I then went to safe mode but I got a screen that says problem has been detected and windoows has been shut down to prevent damage to your computer. Any ideas. Thanks for your help.

ANSWER: Hi Tom

Please download ComboFix from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
*Important*-Save it to your desktop.
Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.  If asked to install the Windows Recovery Console, please allow the program to do so.  ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.  If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. ComboFix may also restart your computer.  Do not intervene.  Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.  It will then display the log file automatically for you.  Post me that log and a HJT this in your follow-up.

Brian

---------- FOLLOW-UP ----------

QUESTION: I did as you said and when I double clicked on the combofix the run box came up.  I clicked on run and a black box come up real fast and dissappeared. The program did not run.  Any ideas.

Thanks

Tom

ANSWER: Hi Tom

Try running the program in Safe Mode.  Restart the computer and keep tapping the F8 key until a black screen with a menu appears.  Choose to boot Windows into Safe Mode.  Logon as usual, then click on ComboFix to see if it will run.  I also need to see the HJT log so I can determine if anything else is going on.

Brian

---------- FOLLOW-UP ----------

QUESTION: What is a HJT log.  I asked a few friends here but noone knew.

Thanks

Tom

Answer
Hi Tom

I was referring to a HijackThis log.  As stated in my posting instructions, it is essential for me to see the log of virus infections to determine a course of action.  Here are the steps to follow:

Please download HijackThis to your desktop from here:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Make sure you close EVERY open window and ALL browser windows. The only thing that should be open is the HijackThis program.
Double-click on the file you just downloaded.
Click on the "Install" button.
Upon install, HijackThis should open for you.
Should it not open, go to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
Choose 'Do a system scan and save a log file'.
Copy the text file which opens in Notepad and paste it in your question here.
   * Do not fix any entries in HijackThis, as they may be harmless.

Brian