Malware infection
System is infected by malware jcdrive.exe its located C:\Windows\ folder
jcdrive.exe process automatically starts after sometime after windows starts.
Tried deleting jcdrive.exe many time, i comes back again.
Cleaned system with Symantec Endpoint and Malware bytes, but its still still jcdrive.exe keeps on generating.
How do i fix it??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok i'll run comboxfix and post back the results.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the .exe still persists try this live cd to scan your system
Kaspersky live cd http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
Kaspersky live cd http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
ASKER
@ antony_kibble&
Ran combo fix as said, seems to be issue resolved. But I'll keep issue under observation for a day.
@ edbedb
Posting combofix log...kindly have look...if any nasties
@ optoma
But will that be updated Kaspersky??
log.txt
Ran combo fix as said, seems to be issue resolved. But I'll keep issue under observation for a day.
@ edbedb
Posting combofix log...kindly have look...if any nasties
@ optoma
But will that be updated Kaspersky??
log.txt
When you create Kaspersky live cd and boot to it, there is an update option within the live cd.
Run the update and then scan your system.
Run the update and then scan your system.
Im not one to analyze combofix's log fully but it does mention that you dont have the recovery console installed.
Have your machine connected to the internet and rerun combofix and install the recovery console when combofix's prompts you to.
Then attach the revised combofix log.
Have your machine connected to the internet and rerun combofix and install the recovery console when combofix's prompts you to.
Then attach the revised combofix log.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@ rpggamergirl
It looks my issue is resolved, shall i do this??
It looks my issue is resolved, shall i do this??
If combofix has removed the root kit and your problem, just a standard antivirus scan to pick up and stragglers will do the job.
<<<"It looks my issue is resolved, shall i do this??">>>
Most often the issue or the symptoms of the infection is gone but some files and reg entries are left behind that better get cleaned up.
It's up to you... the files may or may no longer exist eventhough still listed in the CF log(that happens sometimes),
but the reg entries are still there. It's all up to you of course whether to remove them or not.
Most often the issue or the symptoms of the infection is gone but some files and reg entries are left behind that better get cleaned up.
It's up to you... the files may or may no longer exist eventhough still listed in the CF log(that happens sometimes),
but the reg entries are still there. It's all up to you of course whether to remove them or not.
ASKER
Thanks issue resolved.
When you're done with Combofix please uninstall it. System Restore will be reset, combofix files and backup will be deleted and one restore point will be created.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
Thanks!
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
Thanks!
ASKER