Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why Does Combofix Remove Wpcap.dll And Packet.dll?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Gengiskhan

Gengiskhan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Shanghai
  • Local time:11:43 AM

Posted 15 October 2007 - 08:52 AM

Does anyone know why ComboFix removes wpcap.dll and packet.dll. I don't think these dll's are viruses or malware. Have they a kind of vulnerability making them dangerous? Anyhow without them I cannot use Ethereal.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 15 October 2007 - 09:10 AM

Who asked you to download and run Combofix? What problems are you having that you needed to use it? You should not be using Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could adversely impact your system and prevent it from ever starting again.

Anytime you come across a suspicious file or one you cannot find any information on, submit the file to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Edited by quietman7, 15 October 2007 - 09:13 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Gengiskhan

Gengiskhan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Shanghai
  • Local time:11:43 AM

Posted 15 October 2007 - 09:49 AM

Marckie a Moderator of the http://www.nucia.nl/forum asked me to download and run this tool. I suppose that should be OK :thumbsup:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 15 October 2007 - 10:31 AM

If your getting assistance under the guidance of Marckie thats fine but you should be following up there. By coming to another site and just posting what you did, does not give us any background about the problems and issues you are dealing with. Further, if several helpers become involved with assisting you, no one knows what the other is doing which becomes confusing and can result in a delay to resolve your malware problems.

However, if Marckie told you to come here and post so that sUBs could follow up on why those files are being removed, then please let us know as that changes the scenario.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Gengiskhan

Gengiskhan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Shanghai
  • Local time:11:43 AM

Posted 15 October 2007 - 11:01 AM

Marckie did not ask me to follow up with sUBs about why these files are removed, that is my own initiative.

Because I do not want to mess up I did not ask on this forum to solve my current problem neither I gave any information about my current problem. I am just curious why these files were removed (I could not find on the internet why) and sUBs the author of ComboFix is here member.

Do you mind that I ask these questions?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 15 October 2007 - 11:14 AM

We don't mind you asking questions. We just needed some background and a little more specific info than you provided. We are cautious about folks running specialized tools without guidance because they are so powerful and can result in system damage if not used properly.

I have posed your question about the files to sUBs.

It still would be helpful for you to state what specific problems your having.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:43 PM

Posted 15 October 2007 - 11:19 AM

Also, to fix the deletions, you can go ahead and reinstall WinPcap. It will allow ethereal to work again.

#8 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 15 October 2007 - 11:39 AM

Ethereal is not the only program that uses wpcap.dll / packet.dll. They are also the favorite tools of bots/worms.

There's no way for ComboFix to accurately determine if a bot brought those files into your machine or if they were brought in by some 3rd program like Ethereal. ComboFix will recognise those files as legitimate ONLY if WinPCap is installed. Rather than leave some bot tool lying around the machine, ComboFix will remove such files.

ComboFix's disclaimer clearly states that this is a private tool. If you have problems with that, please don't use ComboFix.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:43 PM

Posted 15 October 2007 - 11:57 AM

We found that you have posted a hijackthis log here and that you are in the process of receiving help.

You should refrain from asking for help from others while you are being instructed by someone helping you with a hijackthis log elsewhere. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the Helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

If you followed any other advice already, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusing, I am closing this topic. If you still need assistance after your log has been reviewed and you have been cleared, please start a new topic. If you have any questions, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users