Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help I'm Stupid. I Used Combofix On My Own.


  • Please log in to reply
15 replies to this topic

#1 ozymandius

ozymandius

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 04:23 PM

Please help. I'm in deep doo doo.

My wife's computer is/was horribly infected with several varieties of adware, trojans, and downloaders. Foolishly, i downloaded the latest copies of AVG antispyware, ComboFix, and HijactThis intending to run them and post the logs asking for help.

Ran AVG antispyware in safemode and removed lots of stuff that Norton and Ad Aware didn't detect including a trojan, adware, and downloaders. I dont remember what varieties and I cannot access the log at present. Next, I ran ComboFix without first installing Windows XP Recovery Console.

ComboFix ran and identified a number of items. At the end of the process, ComboFix said that it had to reboot the PC. Upon rebooting, I had a blue screen on the monitor with nothing on. I waited for 5 minutes but no changes.

I rebooted and still no changes

Rebooted once again selecting the option to return to the previous system restore point. The PC booted up to the blank blue screen.

Rebooted once again using safe mode. The PC booted up to a blank black screen stating it was in safe mode.

What are my options. When I boot up in either regular mode or safe mode, I can still CTR-ALT-DEL to get the Task Manager which does allow me to start other processes or open a DOS command screen.

Any help would be appreciated.

Ozzy.

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 April 2008 - 04:34 PM

what a 'welcome' to this forum for you :thumbsup:


I am sure one of the Team who can prescribe combofix will be along to see how to dig you out of this hole

BUT to ask ; if you need it do you have your computer cd and licence key to hand if you need them ?

#3 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 04:42 PM

I do have my windows cd and license handy. Also went and bought an additional hard drive which I wanted anyway.

If all else fails, I can install the new hard drive with a fresh install of the operating system. Don't want to do that to the old hard drive since my wife hasn't backed up all off her files on it. Thought that I would selectively copy some of her files from the My Documents folder. I noticed that some of the adware was in some folders located in My Documents so I don't want to copy the whole thing.

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:37 AM

Posted 24 April 2008 - 04:52 PM

combofix says in the first warning when it's run that 1 in 100 computers won't boot

I would say that would be a pretty bad infection and probably fairly new

If you are pressed for time I would just do the clean install, make sure the infected drive is disconnected, your data should be safe but I would take a lot of extra precautions before hooking that drive up

assume the worst and if the computer has been used for any confidental online financial transactions those security measures have been breached
Chewy

No. Try not. Do... or do not. There is no try.

#5 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 05:02 PM

Not in a rush and I would like to clean up the old drive particularly since you mentioned that I should take a lot of extra precautions before hooking it back up. Would you mind elaborating on what type of precautions. I would appreciate the guidance.

Also, I realized that I didn't disable the antivirus and firewall before using ComboFix. Should I try and restore the backed up registry keys and try again? I would need a little help on restoring the registry keys. I know the name of the backed up file but not what it should be renamed to.

Thanks.

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 April 2008 - 05:11 PM

maybe Dachew can help you with the backing up buit a BIG warning DO NOT try using Combofix again unless you are so instructed by a TRAINED malware expert

there are other tools you CAN run to find out what is infecting you

also; be aware that any thing you save to a cd or similar needs to be thoroughly checked for infections :thumbsup:

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:37 AM

Posted 24 April 2008 - 05:17 PM

I don't think restoring the registry will help, a few weeks ago I was fighting a bad infection and simply removing one of the system 32 files left me in the same boat, that file had been well hidden thru several scans and reboots. It's almost as if the malware said if I die I am taking windows with me.

And MBAM was the last scan I ran

If you have a standard microsoft xp disk I would run windows as a repair disk, that's far more likely to get you back booting than command console

I still did a clean install in the end

Edited by DaChew, 24 April 2008 - 05:21 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#8 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 05:23 PM

Have to go out to dinner. I'll try using the windows disk to repair late tonight. Thanks.

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:37 AM

Posted 24 April 2008 - 05:26 PM

don't connect it to the internet and immunize any usb drives used if you get that far
Chewy

No. Try not. Do... or do not. There is no try.

#10 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 09:19 PM

Slight problem here. I can't boot from CD to either repair or do a fresh install.

System screen only shows the floppy and hard drive as being installed. Both the CD and DVD drives seem to have disappeared. Also the boot sequence has changed and booting from hard drive has moved above booting from CD.

I'm ready to do a fresh install of the operating system but how do I do it now?

Ozzy

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:37 AM

Posted 24 April 2008 - 09:24 PM

go into bios and change the boot sequence back but insert the cd before you save changes and exit
Chewy

No. Try not. Do... or do not. There is no try.

#12 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 09:41 PM

No luck. It's still booting from the hard drive.

Went back and selected the boot menu during startup and selected start from CD and I get a message that says the selected boot device is not available. Then I get a choice to retry or to go to the setup utility.

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:37 AM

Posted 24 April 2008 - 11:00 PM

what's the motherboard?

did you try the cd in both drives?

Edited by DaChew, 24 April 2008 - 11:00 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#14 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 April 2008 - 11:17 PM

Dont know the motherboard. It's a Dell Dimension 8400.

Dell supplied Windows XP Media Edition DVD.

The DVD wont run in the CD drive which is the master drive. The DVD drive is the slave drive. I don't know if the problem if you can only boot from the primary drive.

Edit comment:

Decided to swap the CD and DVD drives to see if that makes a difference and to place the new hard drive in place. Any comments would be appreciated.

Edited by ozymandius, 25 April 2008 - 11:02 AM.


#15 ozymandius

ozymandius
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 25 April 2008 - 05:07 PM

Switching the DVD and CD drives allowed me to boot from disc.

Fresh install on new hard drive. There's nothing like starting over from scratch.

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users