[RBASE-L] - RE: OT - no DOS box - FIXED

[Jason Kramer]

I agree.  You probably had a rootkit.  If at all possible, I would recommend you pull the drive, stick it in another system (that has fully up to date AV and all OS patches), and scan it.  Once a system is infected, it can be very hard to clean from itself.  By putting the drive in another system, you don't give the virus/trojan/rootkit a chance to hook into the OS and redirect file I/O to its own ends.     Also, if you used any USB drives or other writable removable storage on the system while it was infected, you should scan them on a known clean system.  Same for any backups you made while the system was infected.                                                           Jason Jason Kramer University Archives and Records Management 002 Pearson Hall (302) 831 - 3127 (voice) (302) 831 - 6903 (fax) Emmitt Dove wrote: Your anti-malware program let something through.  You need better protection.   Emmitt Dove Manager, Converting Applications Development Evergreen Packaging, Inc. emmitt.d...@everpack.com (203) 214-5683 m (203) 643-8022 o (203) 643-8086 f emmitt.w.d...@comcast.net   From: rbase-l@rbase.com [mailto:rbase-l@rbase.com] On Behalf Of karentel...@cs.com Sent: Wednesday, April 22, 2009 7:12 PM To: RBASE-L Mailing List Subject: [RBASE-L] - OT - no DOS box - FIXED   Must have been something running rampant today.  Per John's advice, I did a search on ComboFix, was sent to BleepingComputer.com (my sentiments exactly).  In their virus forum, found half a dozen posts from today from people describing the same problem I had.  No DOS box, no regedit, cannot edit batch files ... I downloaded ComboFix, ran it, and IT'S FIXED!    Got a DOS box, got Regedit ...  It printed out a big old log .txt file, but I can't make anything out that tells me what it did. THANK YOU JOHN! Now if I can only figure out how I got it so I don't do it again ... Karen