Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Can I restore what ComboFix deleted?


  • Please log in to reply
5 replies to this topic

#1 AnakiMana

AnakiMana

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 20 October 2008 - 09:16 PM

I ran ComboFix on a doctor's PC to check for infections. It deleted a big program that was used for patient records and tracking. I let it finish the scan thinking it would allow me to restore deleted stuff later. Is that possible? I can't see any functionality for restoring or undoing deletions. I think I might be in hot water!

Thanks for any help/suggestions!

:thumbsup:

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 22 October 2008 - 07:30 AM

I ran ComboFix on a doctor's PC to check for infections. It deleted a big program that was used for patient records and tracking. I let it finish the scan thinking it would allow me to restore deleted stuff later. Is that possible? I can't see any functionality for restoring or undoing deletions. I think I might be in hot water!

Thanks for any help/suggestions!

:flowers:

:thumbsup: ooppsss :trumpet: May one ask who suggested you use the ComboFix tool ?

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer


What antivirus and other protection programs does (did) it have and when were they all last fully updated and run on deep scans ?

As to the lost information, one might ask who actually owns the computer ; is it in a surgery or in a person's home?and is it used for sensitive information holding?

#3 AnakiMana

AnakiMana
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 22 October 2008 - 02:41 PM

First of all, I should explain that I am a professional computer technician. I have been cleaning up/tuning up/repairing/networking, etc., full time for over 5 years, working for a small business that provides on-site service to other small businesses and homes. I've been an enthusiast for a long time and have certifications, etc. In other words, I'm not a noob. Of course, working with computers, we are all humbled at times...and hindsight is 20/20. I try not to get cocky, like is so common in our field. I admit I don't know everything, but try to learn everything I can.

That being said... I am relatively new at ComboFix, only using it for 4-8 weeks. I've used SDFix for about 5 months and HijackThis as a daily analysis & cleanup tool for several years. My policy is to only run these cleanup tools (minus HijackThis of course) when I see a need for them. In this case the PC didn't need it, but I ran ComboFix because I wanted to be extra thorough and figured it couldn't hurt. It often finds discrete malware I wouldn't have noticed. This was the first time I had seen a false positive with it.

I was called back to the Doctor's office today because their program wouldn't work. Luckily they backed up onto a thumb drive the night before I came. Once they find their install CD, I'll come back and get everything straightened out.

So, the moral of the story is this: When working on a system with critical data, be sure it is backed up before you do anything. Don't trust yourself or your tools too much - accidents and unexpected results are possible.

It still would be nice if ComboFix had some sort of selective restore feature like HijackThis.

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 23 October 2008 - 07:44 AM

Pleased to hear that they have Back Ups to reinstall :thumbsup:

But also please be aware that the ComboFix tool should only be used when so instructed by a Malaware Expert who has been trained in its use; to use it 'unsupervised' CAN wipe off an OS :flowers:

#5 AnakiMana

AnakiMana
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 25 October 2008 - 04:11 PM

That's good advice that I would echo to anyone else using these kinds of tools. I happen to be a malware expert myself. I just hadn't come across this situation with ComboFix before.

I went back to the doctor's office again. They lost their install CD. I recommended they get a replacement install disc. I also noticed their shortcut was now pointing to C:\Qoobox\Quarantine\C\Program Files\xxxxx\xxxxx.exe.vir instead of C:\Program Files\xxxxx\xxxxx.exe. I was able to copy the entire program back to its original location, perform a batch rename to drop the .vir extension from all files, and get the program and data running.

I can't help feeling frustrated with the "help" I received here. I do appreciate you, Ruby1, for responding to me... but... was my plea for help poorly phrased? Or is the Qoobox folder something that nobody knows about? Or did I come across in such a way that repulsed people from helping me? haha

Anyway, maybe this thread will help somebody down the road.

Cheers!

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 08 November 2008 - 06:05 PM

I can't help feeling frustrated with the "help" I received here. I do appreciate you, Ruby1, for responding to me... but... was my plea for help poorly phrased? Or is the Qoobox folder something that nobody knows about? Or did I come across in such a way that repulsed people from helping me? haha


I am sorry if you felt you received abrupt advise; however, the point to be gained from this is that, however well or highly -trained an I.T. person one thinks one is, the ComboFix tool is NOT intended for use unless you have been trained IN its use which will only occur within a recognised Malaware Training program (such (eg.) as in the Study Hall here) ; there is a LOT that is known about the tool but, due to the nature OF it , discussions ON the tool are only available in 'private'( or more accurately 'hidden' ) sections of forums on a strictly need-to -know basis , at sUB's request




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users