Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vundo Virus And Combofix

  • Please log in to reply
2 replies to this topic

#1 askmeetoday


  • Members
  • 1 posts
  • Local time:05:35 AM

Posted 02 September 2008 - 08:51 PM

I was facing virus problems on my computer from the last 3 days. I clicked on some link which ended up running some application and the problem started. I had Norton 360 installed but still I ended up getting a virus. The symptoms were
1. Couldnt open webpages (specially ones where I had to login)
2. Computer became very slow
3. While using IE, once in a while (every 2-10 mins) a new IE window popped up pointing me to various sites like msvirusscan.com(or something similiar, i dont remember exactly).
4. Automatic updates were turned off

Ran Norton Antivirus and it did not detect any virus. And I was virtually not able to use the internet. I had an earlier downloaded version of AVG and I installed it. AVG found the Vundo virus and Win32/Heur virus. While it would clean some instances, others would pop up. It would also RUN32 some file from the windows/system32 folder. Deleted the RUN32 file also but no help. New files kept popping up. However with AVG I was atleast able to use the internet even though the other problems continued to persist. I tried updating WinXP SP3. It installed but got stuck during the cleanup process. Same thing happened in both Safe and Normal Mode. I cleaned up the IE temp files but no help. I even tried installing IE7 again but it would not run and ask me to restart PC and try installing IE7 again. Kept happening in all the tries.I also installed Ad-aware and it did not help much. Both Norton and AVG were installed on the pc but did not help much. AVG did catch a virus file once in a while. I ran FixVundo from the Symantec website but it did not help. It did not find any virus and I was fighting with this virus problem the whole labor day weekend until I chanced up this site and got a reference to Combofix. I had also tried fixes/scans from some other sites too but did not help.

I just finished running the Combofix and after that I have not got the above 2 errors in the last over 25 mins.

Excuse me for the long description but I put it as it might help some other guys in similar positions. I am attaching the Combofix log and would appreciate if someone went through it and let me know if there is something more that has to be done.


Mod Edit~ attachment removed until further investigation calls for a ComboFix log, at which time it will be requested. Also, moved to the proper forum~ Pandy

Edited by Pandy, 02 September 2008 - 11:11 PM.

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,763 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:35 AM

Posted 02 September 2008 - 10:00 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#3 DaChew


    Visiting Alien

  • Members
  • 10,317 posts
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:35 AM

Posted 02 September 2008 - 11:24 PM

if I might add to that or rather quote from an expert

Combofix by sUBs was never intended to be used in the way that that software such as SuperAntispyware or Malwarebytes Antimalware is done. There are several excellent reasons for this Disclaimer shown when you start the program:
Some that I have observed:

About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.

There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the deletion of the folder C:\Windows\System32, requiring a clean install to repair.

Combofix makes some rather significant changes to the internals of XP and Vista in order to work. It has to be removed with special instructions to fully and safely revert these changes. Experienced Helpers are aware of how to accomplish the uninstallation of Combofix.

The real power of Combofix comes not as a general purposed malware remover. It is rather modest in that capacity. Combofix is powerful because it provides to the experienced Helper a convenient and powerful front-end to Scripts. It is because of its scripting strengths, and its unique reporting capabilities, that you see Combofix often recommended. But not because of its abilities as a general malware scanner.

Many malware removal experts will not respond to a request for help if they see that Combofix was run by the end-user without supervision. You might find after running Combofix that your system problems are worse, and nobody is willing to help you.

There are several general purpose anti-malware utilities where the Author(s) intended the application for general use by end-users without Supervision. Combofix is not one of them, and you would be advised to honor that position taken by its Author.

Best regards,
Bill Castner
MS-MVP 2004 - -2008, ASAP Member


No. Try not. Do... or do not. There is no try.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users