goombawaho
MIS
Had Internet Security 2010 and other trojans on a friend's PC. MalwareByte's got rid of almost everything EXCEPT a Google search redirection problem. Couldn't find any trace of the source using Process Explorer, HijackThis or GMER.
I decided to run Combofix. When I ran it, it said "ComboFix has detected the following real time scanner(s) to be active: Antivirus Live".
So I canceled the Combofix scan and tried RKill to kill the process, but it still said the same thing. So, I ran Combofix despite the warning. It ran, completed successfully and fixed some items.
C:\s
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
The redirection issue is GONE, but I launched ComboFix again and it still said "ComboFix has detected the following real time scanner(s) to be active: Antivirus Live" and AVG 9.0" (because I had re-enabled AVG). I did NOT run ComboFix for a second time, but I launched it to see if that first warning had gone away.
]So, here's my question - redirection is gone, but yet Combofix still detects some running process belonging to Antivirus Live. So what to do????
I don't have physical access to the PC, but I can give you HijackThis logs from before and after combofix as well as the combofix log itself unless you have another suggestion or just say not to worry about the message.
I decided to run Combofix. When I ran it, it said "ComboFix has detected the following real time scanner(s) to be active: Antivirus Live".
So I canceled the Combofix scan and tried RKill to kill the process, but it still said the same thing. So, I ran Combofix despite the warning. It ran, completed successfully and fixed some items.
C:\s
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
The redirection issue is GONE, but I launched ComboFix again and it still said "ComboFix has detected the following real time scanner(s) to be active: Antivirus Live" and AVG 9.0" (because I had re-enabled AVG). I did NOT run ComboFix for a second time, but I launched it to see if that first warning had gone away.
]So, here's my question - redirection is gone, but yet Combofix still detects some running process belonging to Antivirus Live. So what to do????
I don't have physical access to the PC, but I can give you HijackThis logs from before and after combofix as well as the combofix log itself unless you have another suggestion or just say not to worry about the message.