Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix System Date Issue


  • Please log in to reply
8 replies to this topic

#1 fsiracusa

fsiracusa

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 October 2007 - 10:00 AM

Used Combofix to assess a possible virus/worm issue (I now know it should ONLY be used by a trained malware person). It apparently changes the date and then changes it back. Well, the date is changed back but one program that I use (application/server) now on launch produces an error: "12-30-1899 is not a valid date and time". This is the only program that seems to be affected. Also, the time in the right lower corner was in military time after running the program. No viruses or malware was apparently found with Combofix, Ad Aware, SpyBot or the always running Kapersky. Reinstalling the application did not remedy the situation. I have a call in to the application support personal also but thought someone here might know about the inner workings of Combofix.

fsiracusa

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:01 AM

Posted 16 October 2007 - 01:15 AM

Hi fsiracusa and welcome to BleepingComputer.

Are you using FarPoint?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 fsiracusa

fsiracusa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 October 2007 - 05:02 AM

No, I'm not using Farpoint. The application is a medical records program called e-MDs.

fsiracusa

#4 fsiracusa

fsiracusa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 October 2007 - 02:44 PM

This application uses a SQL 2000 database. I understand that the "base date" is 1/1/1900 for SQL. Is there a registry entry on my desktop where this was affected causing 12-30-1899? A simple registry edit?

fsiracusa

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:01 AM

Posted 16 October 2007 - 03:34 PM

I found one other reference to that date associated with combofix, I PMed one of our HJT coaches to see if they can help you out as this is one of the tools I've seen them use. Hopefully I'll be able to get more information on this for you.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 17 October 2007 - 03:33 AM

Hi fsiracusa,

Can you click "Start", "Control Panel", "Regional And Language Options". On the "Regional Options" tab click on "Advanced". A new window opens up with a tab called "Date". There you should be able to change the display to your liking.
Posted Image

#7 fsiracusa

fsiracusa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 17 October 2007 - 10:06 AM

Found that...thanks. But changing the format doesn't seem to affect whether or not the application can open and access the database...

#8 fsiracusa

fsiracusa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 17 October 2007 - 10:53 AM

Further playing with the date as suggested above...I was able to fix the problem. Apparently there is a specific format that SQL needs/uses or was programed into the application. That format was changed by Combofix and not put back exactly as it was. Thanks for the leads on how to fix this.
Case closed...I hope.
fsiracusa

#9 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 21 October 2007 - 09:53 AM

Ok :thumbsup:

If it returns, just post here. In the meantime I consider this case closed.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users