BleepingComputer.com: Minor leftovers from Combofix

Hello, I've used Combofix a few different times in the past to resolve some malware related issues. Today when working on fixing a rather tame infection compared to the last, I noticed there was a newer version of Combofix available, and grabbed that and let it have a pass. The infection's now gone and anything suspicious in the log's been properly handled.

However, the Windows XP login screen at startup now shows both the administrator and primary account, and logging in presents only a command prompt window and no automated execution of anything afterwards. I do not remember this behaviour from Combofix in the past, or I'm remembering wrong. Is this some new side effect of the newer version, or did I overlook something? If there's a new "final step" I'm missing to no longer perform this limited minimal startup, let me know. Thanks.

This post has been edited by jimbthree: 11 July 2009 - 04:37 AM

Hello jimbthree

QUOTE(Papakid @ Mar 1 2009, 09:30 PM) *

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two.

What antivirus do you use? what firewall? Please give us some info on this. Thank you

D_N_M

The issue's actually resolved now after a small change and a reboot, but thanks.

I use Spybot S&D and Avast, and let the Win XP defender/firewall do their thing too (with everything kept up to date). I know I said it was "tame compared to the last" but this was still something I know had placed a rootkit, keylogging, and all sorts of self protections, etc. etc. that manual removal attempts and things like killbox just couldn't handle on their own.

Hello jimbthree

Glad you got it worked out
Thank you or letting us know

D_N_M