worked...malwarebytes and safeboot.bat did the trick On Mon, Jan 24, 2011 at 7:19 PM, Samuel Wachira <wachirasam@gmail.com> wrote:

Seen it before... Download DrWeb Cureit Bootable CD, boot to disk... After it runs, run full scan, and removes some files, Download, update and run Malwarebytes Then run combofix.

Sounds like overkill, but each of these tools has a specific way of dealing withViruses: Drweb is perhaps the best tool to remove *unknowns* Malwarebytes goes to the rootkit level Combofix enumerates the registry, and finds those *persistent* virus entries Hope this helps....

pehaps it would be more helpful if you posted your combofix logs for analysis.

/.Sam On Fri, Jan 21, 2011 at 1:27 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:

...

On Fri, Jan 21, 2011 at 8:26 AM, wallace ngene <wallacengene@gmail.com> wrote:

...

Dear folks, i have a machine that is affected by the conime virus and one cannot access safe coz it gives out blue screens. it also crashes the antivirus program while scanning. im using security essentials which detects the virus as backdoor:win32/ircbot.gen! I cant run combofix coz it gives me blue screen while running and cannot access safe mode.Blue screen. it also prompts for network login with wierd ip addressess and sends out links to all your skype contacts tried a repair but has not worked.I dont want to format the machine. Any tools out there that can remove the virus or how can i remove it manually? cheers!

Slave the disk on another machine and clean it.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- WALLACE NGENE TARURU wallacengene@gmail.com

I have a virus/malware in my comp which I fetched from a cyber using FlashDisk. The virus has created a password such that I can't access my comp's files the normal way. I have to go to safe mode, log in as the administrator, then ctlr panel->User Accounts-Office(this is the user name) and I remove the password then restart the machine to start normally. Removing the password makes the system run normally. I use Win XP Professional (SP3)0 and run both MSE and Avast and Malwarebytes' Anti-Malware but none get to clean the virus/malware. Any help would be appreciated. On 26/01/2011, wallace ngene <wallacengene@gmail.com> wrote:

worked...malwarebytes and safeboot.bat did the trick

On Mon, Jan 24, 2011 at 7:19 PM, Samuel Wachira <wachirasam@gmail.com> wrote:

...

Seen it before... Download DrWeb Cureit Bootable CD, boot to disk... After it runs, run full scan, and removes some files, Download, update and run Malwarebytes Then run combofix.

Sounds like overkill, but each of these tools has a specific way of dealing withViruses: Drweb is perhaps the best tool to remove *unknowns* Malwarebytes goes to the rootkit level Combofix enumerates the registry, and finds those *persistent* virus entries Hope this helps....

pehaps it would be more helpful if you posted your combofix logs for analysis.

/.Sam On Fri, Jan 21, 2011 at 1:27 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:

...

On Fri, Jan 21, 2011 at 8:26 AM, wallace ngene <wallacengene@gmail.com> wrote:

...

Dear folks, i have a machine that is affected by the conime virus and one cannot access safe coz it gives out blue screens. it also crashes the antivirus program while scanning. im using security essentials which detects the virus as backdoor:win32/ircbot.gen! I cant run combofix coz it gives me blue screen while running and cannot access safe mode.Blue screen. it also prompts for network login with wierd ip addressess and sends out links to all your skype contacts tried a repair but has not worked.I dont want to format the machine. Any tools out there that can remove the virus or how can i remove it manually? cheers!

Slave the disk on another machine and clean it.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- WALLACE NGENE TARURU wallacengene@gmail.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- Sent from my mobile device *Solomon Mbũrũ Kamau* ***************************************************** *Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!* AND *It is better to die in dignity than in the ignominy of ambiguous generosity! * http://smiley2.wordpress.com http://mburu.sikika.co.ke