More directrdr stuff and Combofix

Well the fix below did not work but no fault of the software, which I will still use.

I tried a bunch of other stuff I saw on some tech support forums, but the common thread on these was ‘try this it may work’. None of them did any harm, but the problem was still happening.

Combofix is a utility I have not looked at till now, but had heard good things about it as a ‘last resort’ if nothing else works. Apparently it is considered an advanced tool. Figuring that I am an advanced technician I gave it a go, firstly on a machine that was not that critical, and when that turned out to be completely without drama, on the infected machine. This utilities main ‘feature’ is that it doesn’t seem to identify anything in particular, but looks at things in general, and produces copious log entries that may give an insight into what may be wrong. It does identify and remove general sorts of threats by deleting some obviously suspect files, but no indication as to why!

On the infected machine it identified and removed 3 files , a ‘windows live messenger .lnk’ file from my start menu, c:windowsmy.ini and c:windowssystem32autorun.ini. The second one looks highly suspect, but the third wouldn’t have struck me as being suspect. I think it also does stuff with registry entries. Whatever it did, the machine still works OK, and the redirect via seems to have stopped, although it is still early days.

If this doesn’t work, I read somewhere about it being connected to the IE8 update process, and by implication (on by my inferring perhaps 🙂 ) the firefox update process also. Maybe I’ll switch off the update processes and see if it stops it.

Update (two days later) – Yeah – fixed!


Dave Glover is a director of Signs of Success Ltd. married to Lynn (the other director of SOS) with 3 grown up kids. We live in Whitby, in New Zealand. After 30+ years in IT as everything from Trainee Programmer to Project Manager, Dave now runs a Computer Maintenance and Sign Making shop near his home.

Posted in Computer Stuff

Leave a Reply

Your email address will not be published. Required fields are marked *