When The Virus Won’t Let You Download A Fix

The other day I was again using CombFix to clean what turned out to be a keylogger on a client’s PC.

I found, though, that when I tried to run ComboFix.exe, the file downloaded, nothing happened.

So I renamed the file (and I suggest you do this as you save the file when downloading it just to avoid a potential problem) temp.exe instead of ComboFix.exe and I was able to run it and clean the computer.

Note also that I had booted into Windows XP “Safe Mode with Network” by pressing the F8 key just after the system powered up, thus activating the Windows XP boot menu.

When ComboFix Does Not Completely Clean Your PC

When I wrote about Cleaning Your PC With ComboFix a short time ago, I had not run into a problem that ComboFix did not fix.

Well, that changed over the weekend. I had a REALLY infected PC to clean, it had rootkits and all.

First problem was that it would not boot into Windows Safe mode so I could run ComboFix. The malware had attached itself to iastor.sys, the Intel hard disk subsystem file.

So I had to do a Windows Repair Install, then run ComboFix.

ComboFix reported that the file “ACCWTROL.DLL” was trying to attach itself to ComboFix and that it would be disabled and that I should write down the name of that file in case we needed it later.

I was never informed by ComboFix that we needed it, but some things still were NOT working right.

After searching around a little, I finally renamed ACCWTROL.DLL in C:\Windows\System32 and gave it an extension of  “.suspect” to disable it.

Voila, PC fixed.

So, yes ComboFix tipped me off, but no, it did not clean the PC completely by itself. But, hey, whaddaya want for free?

How To Clean Your PC From Malware When Nothing Else Works

Ordinarily when I go to clean a PC infected with malware I will head over to malwarebytes.org and grab the free version of their software.

Many malware infections will prevent you from going to their site so you may have to download on a different PC or do so in safe mode with networking. If using a different PC, then transfer the malwarebytes setup file via USB stick.

Then you need to boot Windows in “safe mode with networking” so that you can install malware bytes and download updates.

The other day, though, I had a real badly infected PC where malwarebytes cleaned and fixed over 1000 problems but the machine was still infected. It was easy to determine it was still infected because it would not allow me to go to Windows update.

So I called out the big gun – ComboFix.

ComboFix comes from a website named bleepingcomputer, whose name might scare away the uninitiated.

I ran ComboFix on the malware infected PC, it cleaned the last remaining malware and the customer has been happy ever since.

The good news is that both of these PC infection cleaning utilities are FREE.

Once your PC is clean, protect it with one of my recommended internet security suites.

Here is a video I did highlighting these utilities:

ComboFix download & tutorial

Here is a link to Spyware Doctor with AntiVirus as seen on BleepingComputer.com