BleepingComputer.com: Combofix bug had deleted & quarantined my program files

Elise,
I searched my computer and no combofix.txt. file was created or can be found.

But! I did find a file that was created called C:\DeQuarantine.txt.

But now when I attempt to attach and upload this file (and it's winzipped), I get a message-

"Upload Skipped (This file was too big to upload)"
"Used 389.97K of your 512K global upload quota (Max. single file size: 122.03K)".

The file size is 237kb - after winzipping it.

What should I do?

Dan.

This post has been edited by deernad123: 05 May 2011 - 03:51 AM

Can you copy/paste a few lines (say ten) from that log? Did it restore the files/folders?

Ok Elise, here you go.

Below is the first lines copied and pasted from the file: C:\DeQuarantine.txt:

C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\BVS Solitaire Collection on the Web.URL -> C:\Program Files\1st Free Solitaire\BVS Solitaire Collection on the Web.URL
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\CARDS.CHM -> C:\Program Files\1st Free Solitaire\CARDS.CHM
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\CARDS.CNT -> C:\Program Files\1st Free Solitaire\CARDS.CNT
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\CARDS.EXE -> C:\Program Files\1st Free Solitaire\CARDS.EXE
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\CARDS.HLP -> C:\Program Files\1st Free Solitaire\CARDS.HLP
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\FILE_ID.DIZ -> C:\Program Files\1st Free Solitaire\FILE_ID.DIZ
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\README.TXT -> C:\Program Files\1st Free Solitaire\README.TXT
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\sdeck.dll -> C:\Program Files\1st Free Solitaire\sdeck.dll
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\unins000.dat -> C:\Program Files\1st Free Solitaire\unins000.dat
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\unins000.exe -> C:\Program Files\1st Free Solitaire\unins000.exe
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\Decks\books.jpg -> C:\Program Files\1st Free Solitaire\Decks\books.jpg
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\Decks\house.jpg -> C:\Program Files\1st Free Solitaire\Decks\house.jpg
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\Decks\Joker.jpg -> C:\Program Files\1st Free Solitaire\Decks\Joker.jpg
C:\Qoobox\Quarantine\C\Program Files\1st Free Solitaire\Decks\Moulin Rouge.jpg -> C:\Program Files\1st Free Solitaire\Decks\Moulin Rouge.jpg
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acad.exe -> C:\Program Files\ACAD2000\acad.exe
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acad.tlb -> C:\Program Files\ACAD2000\acad.tlb
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acad.xmx -> C:\Program Files\ACAD2000\acad.xmx
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acad2000.cfg -> C:\Program Files\ACAD2000\acad2000.cfg
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acadabout.avi -> C:\Program Files\ACAD2000\acadabout.avi
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acadapp.arx -> C:\Program Files\ACAD2000\acadapp.arx
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acadaut.reg -> C:\Program Files\ACAD2000\acadaut.reg
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acadbtn.dll -> C:\Program Files\ACAD2000\acadbtn.dll
C:\Qoobox\Quarantine\C\Program Files\ACAD2000\acadinet.dll -> C:\Program Files\ACAD2000\acadinet.dll

Then, at the very end of this very lengthy log, it reads:
24723 File(s) copied
(Yikes!)

But from what I can tell - it worked! At first I didn't think it did, because I first checked the C:\QooBox folder and when viewing the contents, no changes were evident at all, as all the files and folders were still there, as well as the .VIR extensions.

Then I checked my C:\Program Files Folder, and was so very pleased to see the files (and their folders) were indeed `DeQuarantined' and copied back into the C:\Program Files Folder, and the .VIR extensions were gone! AND, my AutoCAD drawing documents were also restored back. Yay! (and whew!).

Thank you Elise!

So ok, can you recommend how I should proceed next? I feel that my computer is almost back to where it was before this mishap all started. Or am I wrong in my thinking?
Do you think I should still have to reinstall all my programs, which if that was the case, I may as well reformat the harddrive first. Or, is there now another smaller and easier step towards restoring the remaining `system' and `registry' back-ups?

Dan.

This post has been edited by deernad123: 05 May 2011 - 04:52 AM

Hi again, glad to hear at least the files are back. What you can try next, is see what programs work correctly and what not (just by starting them and using them for a bit).

There are still individual registry backups made, which we can restore manually for each program. These are located in the quarantine subdirectory of qoobox.

The qoobox folder itself and all its contents will be deleted after uninstalling combofix, which we will do after you have confirmed everything is back to normal.

Hey Elise,

I wanted to let you know that since my files were restored, I've been going at it on my computer and checking my programs - like Office 2007 - Word, Outlook and Excel, my Windows Media player and Real Player, my AutoCAD, Adobe Reader, etc. etc. Everything seems to be working fine. Wow, what's up with that? (Kidding). I expected to have a couple problems somewhere, but it hasn't happened yet. And even If it does, I have no problem reinstalling the program to correct it.

Again thanks for saving me. So should I proceed with uninstalling Combofix or is it too soon?

Also, Now that this issue is resolved, I can go to the other problem my computer has been throwing at me, which I've been dealing with well before this last major bummer deal occurred.

(Microsoft) Windows Updates, especially non-critical updates will not install successfully anymore, and it's been a while now since I have been able to get any non-critical updates. I will go to Microsoft/ Windows Update website, and it scans my computer, then lists the updates available, to which I will then download them. But then (and this is where the problem lies), after they are done downloading and begin the installation process of the updates, it fails. I get no error message as to why or what the heck the problem is, except that it will list all the updates in the end as failed.

Do I need to take this problem elsewhere or can you advise me on this?

Dan

Hi Dan, try to resolve to solve the update problem by following the steps here: http://support.microsoft.com/kb/971058

If you are sure everything is running fine and you have ensured all important files are where they should be, you can safely uninstall Combofix. Press Windows key + R, type combofix /uninstall and press enter. If you have the combofix.exe no longer, you'll need to redownload it and then run the command.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.