Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix hangs


  • This topic is locked This topic is locked
9 replies to this topic

#1 maxe

maxe

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 18 February 2011 - 06:23 AM

This is my first post, so please forgive any mistakes.

I'm running Windows XP (SP3) and began to suspect a malware issue. I came to ComboFix via MajorGeeks' Windows XP Malware Removal/Cleaning Procedure page, which linked to you for a download of ComboFix to my desktop. Following their instructions I first ran SUPERAntiSpyware, then Malwarebytes Anti-Malware before proceeding to run ComboFix according to your instructions (and taking note of all your caveats).

My problem is this: the AutoScan window has stayed with the following message for over 90 minutes:

'Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double'

The cursor line is blinking below that; and the time on the clock in the XP bar has been altered to - and stuck at - 09:45. But apart from that, the whole thing seems to have frozen.

Is there any happy solution to this - any way, for instance, to abort ComboFix?

Please let me know if you need further information; and thank you in advance for your help.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:29 AM

Posted 18 February 2011 - 06:25 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#3 maxe

maxe
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 18 February 2011 - 06:56 AM

Thank you for your reply. I will happily do as you say, but first I need to stop ComboFix running - it is still hanging at the same screen described in my post. How should I do this? Would you recommend pressing the power button, or is there another preferred method?

Thanks again.

#4 Guest_RadioNorthsea_*

Guest_RadioNorthsea_*

  • Guests
  • OFFLINE
  •  

Posted 18 February 2011 - 07:20 AM

Hello Maxe,

First ask I, why did you run Combofix without help from a Hijackthis Expert\Helper?
Than can I saying, I think on the HD. Volume.
When the Volume is bad, than get you troubles with programs, just like Mbam, Spybots & Destroy also Combofix.
My suggestion for you is: Run chkdsk /p after that, chkdsk /r via C:\> prompted.
When you don't have a repair partition, than can you run this via the CMD-box in Windows.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 18 February 2011 - 08:13 AM

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. This is because people should not be using ComboFix without being advised to do so by a trained expert (i.e. Malware Response Team) who is assisting a member deal a malware issue on that system. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

Further, using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

With that said, there are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual. In such cases, it is helpful to know at what stage CF stalled and to provide that information to the Helper who is assisting you so they can investigate. This is just another reason why you should only use ComboFix under supervision. If you don't know and it still appears to be struck, frozen or failed to reboot, then try this:

Open Task Manager and look for the following ComboFix related processes (some have a .cfxxe extension):
  • PEV.exe
  • NirCmd.cfxxe
  • PEV.cfxxe
One at a time, right-click and select End Process.
If doing that did not free ComboFix and allow it to continue, then you will need to reboot the computer manually.

Afterwards, please follow cryptodan's instructions.

Edited by quietman7, 18 February 2011 - 08:16 AM.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 maxe

maxe
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 18 February 2011 - 12:45 PM

Thank you, quietman7. Task Manager would not open so I have rebooted the computer manually and will follow cryptodan's instructions.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:29 AM

Posted 18 February 2011 - 01:38 PM

You're welcome.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#8 Guest_RadioNorthsea_*

Guest_RadioNorthsea_*

  • Guests
  • OFFLINE
  •  

Posted 18 February 2011 - 02:33 PM

As add on message from Quietman7: People without training thinking, the Hijackthis Tools just like Combo Fix and Otm are easy programs, what the Hijackthis people can do, can we also to do.
Yes, of course, but the Hijackthis Experts do know what they must to do, when a program just Combo Fix do something what it must not to do and an user get by this, big troubles with his\her machine, than do know the Hijackthis Experts how must they fix the problem.

In an earlier message told I, that I do know how Hijackthis does working and I do know how I can fix that when I have a problem, but I can tell everyone: Dear people, when I have a Trojan or other vulnerable and I must using a Hijackthis Tool, than I asking for help.
Why doing I this? I do this because, I have a little education enjoined with that, but the education what I did got is not enough for help other people.
Last year was I testing the Hijackthis Tools and I got a big problem.
It was not so worse, when I had not a Muck Buck Virus.
Alright, I had testing out Combo Fix, Otm and Rootkit program, everything will been fine, :whistle: yes, I took a look in my system and I didn't seen unregulated.
Okay :thumbup2: yes, I removed a good backup and after a while, <_< I had troubles you know.
I lost my Cd\Dvd-drivers and repairing was not possible.
The Muck Buck is a very nasty Virus, you know.
For this Virus, there is no Virus scan, belief me.
For people they don't know what a Muck Buck Virus is: The Muck Buck is inside the human; you doing something without thinking.
I must saying, people when you haven't a Hijackthis education, than you must be smart and don't use a Hijackthis Tool without help from a Hijackthis Expert or Helper.
Now can you thinking, Radio Northsea, this will not be happening with me, no.? Are your sure? I can tell you, we are all humans and we are not perfect, but it is true that someone that got an education with one or other job, is better than the person without an education.

#9 maxe

maxe
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 20 February 2011 - 05:38 AM

I have followed cryptodan's instructions and created a new topic here.

Thank you for your help.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 20 February 2011 - 07:33 AM

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic until you are cleared by the Malware Response Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Good luck with your log.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users