# Forum in English  > Malware Removal Service  >  Deeply hidden threat

## jeal61

Only Norton Security Scan has found 2 malicious objects which are still infecting my PC: 
c:\commonfiles\xhostl.cpl
c:\commonfies\xhostn.dll

----------


## Rene-gad

Close/unload all the programs excepted AVZ and Internet Explorer 

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore


- Execute following script  in Manual Healing


```
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('c:\Commonfiles\xhostn.dll','');
 DelBHO('{F89CEB6F-335E-43EC-BD6B-7F72D7801158}');
 DeleteFile('c:\Commonfiles\xhostn.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
```

After reboot:
- Execute following script in Manual Healing


```
begin
CreateQurantineArchive('C:\quarantine.zip');    
end.
```

- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=82346
- Repeat a log file.
- Attach a new log to your new post..

----------


## jeal61

Although I could not upload the quarantined Zip file, once it has not been created due to some mistake, I'm sure my PC is already disinfected. Thanks for helping me, Rene-gad.

----------


## Rene-gad

Your log seems to be clean.

----------


## jeal61

I've just performed a full scan of Norton Security and it indicates my PC still has a trojan/infostealer (c:\commonfiles\xhostl.cpl) which appears twice (Target type: Infection and Browser Cache), ie, one of the two malwares I've reported previously.

----------


## jeal61

I've discovered a removal tool that is almost a miracle: ComboFix. The malwares were found and the PC was automatically disinfected (see the attached post-disinfection report).

----------


## Rene-gad

It's good possible, that Norton and other tools found malicious files. According to AVZ they were not activated and not really harmful.

----------


## jeal61

ComboFix has quarantined 10 files in my PC (see the attached report).

Thanks again for helping me, Rene-gad.

----------


## Rene-gad

I'm not sure, that anybody advised you to make any log, e.g. Combofix  :Angry:

----------


## jeal61

Nobody asked me to do that. Sorry if I did something wrong. I was just trying to give you as much information as possible once I'd like to be 100% sure that my PC isn't infected anymore.

----------


## Rene-gad

Using of Combofix and any other tools is very risky!!!




> I'd like to be 100% sure that my PC isn't infected anymore.


Such insurance will be given ONLY to the fresh installed OS before the 1st connecting with network.

----------

