Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can only browse web in safe mode after combofix


  • This topic is locked This topic is locked
5 replies to this topic

#1 RickDrew

RickDrew

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 29 January 2009 - 11:42 AM

I had a nasty redirect trojan - nothing fixed it, so I tried combofix. That did the job. I disabled my PcCillin security and firewall before running. It ran fine, no warnings except the startup stuff.

After all was said and done, all signs of the bug were gone - the "debug" registry entry from the trojan no longer re-inserted itself (I forget the trojan name now) - but my antivrus software would not restart and I can't get on the web. I attempted to repair the connection - did not matter. I attempted to reinstall my security software (Trend Micro's) - no help there. I can't reinstall it - no explanation.

I can brose my home network, ftp, email - basically everything except use http. (or install antivirus software)

Any ideas?

Thanks

Rick

PS - this of course happened the day I was leaving for vacation - I'll be back in four days....

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,684 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:41 AM

Posted 29 January 2009 - 12:22 PM

You have just experienced why we post the following warning regarding the use of Combofix outside of the HJT Log forum.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Depending on the extent of the damage to the registry you may need to do a repair installation using the installation CD.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:41 PM

Posted 29 January 2009 - 12:43 PM

try reseting the Winsock settings:
http://support.microsoft.com/kb/811259
or
You can try Dial-a-fix:
http://www.bleepingcomputer.com/forums/t/160132/how-to-use-dial-a-fix-to-repair-windows-internals-problems/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 RickDrew

RickDrew
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 01 February 2009 - 11:14 PM

I read the istructions. I found messages with the identical problems and the identical trojan I had. Combofix was the only solution that would work, and did work.

I have been a network admin for almost 10 years. I have never had a program make changes, break things, then be unable to correct what it did. No program so be so poorly written that it can not undo what it did. Period.

That's why there are backups, log files, etc.

Just stating, basically, "Too bad. We told you it could break things." is not really a valid or helpful reply.

Rick Drew

Edited by RickDrew, 01 February 2009 - 11:16 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,095 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:41 AM

Posted 02 February 2009 - 12:05 PM

FWIW: Seems to me that a suggestion that a repair install might be necessary...is NOT equivalent to "Too bad. We told you it could break things."

A repair install is one of the generally accepted ways...of attempting (not necessarily succeeding)...attempting to overcome various system situations, including many involving malware.

http://www.microsoft.com/windowsxp/using/h...ips/doug92.mspx

http://www.google.com/search?hl=en&q=h...mp;aq=f&oq=

System files can become damaged not only by malware...it can happen anytime...and applications like ComboFix are often likely to not necessarily able to overcome the damage to system files (and may, in fact, result in such damage, IMO.

Hence...the warning about using it under trained supervision.

Good luck.

Louis

#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:41 PM

Posted 02 February 2009 - 05:41 PM

Just stating, basically, "Too bad. We told you it could break things." is not really a valid or helpful reply.


Unfortunately the author of the tool does not want information on how Combofix works on public forums.

The only public information that is available can be found at this guide:

How to use ComboFix

Edited by garmanma, 02 February 2009 - 05:41 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users