Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Qoobox folder!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Addammer

Addammer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 27 February 2009 - 11:08 AM

I've managed to completly hose my machine.
I'm in the recovery console and I desparatly need to get into the Combo fix quarantine folder to get back my Explorer.exe, svchost.exe, lsass.exe, winlogon.exe, and spoolsv.exe

c:\>cd Qoobox
Access is denied.

I'm about to pull my hair out. Windows won't boot. Any help would be appriciated.

I was told to feed the following txt into Combo Fix and that's when everything went haywire

Driver::
5738137
e164f576
FCopy::
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe | c:\windows\system32\svchost.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe | c:\windows\explorer.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe | c:\windows\system32\services.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe | c:\windows\system32\lsass.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe | c:\windows\system32\spoolsv.exe
File::
c:\windows\system32\drivers\e164f576.sys
C:\1155048582
c:\windows\system32\drivers\5738137.sys

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:54 AM

Posted 27 February 2009 - 11:39 AM

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

About the best you are going to be able to do from the Recovery Console will be to run chkdsk /r. You may need to run a repair installation to replace these files.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Addammer

Addammer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 27 February 2009 - 11:45 AM

Thanks for the help.

I actually found out that you can do quite a bit through the recovery console, but you won't be able to get to any other folders other that the root partition and %systemfolder%.

I was able to use BartPE to get to the folder and get the files out of the quarantine.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:54 AM

Posted 27 February 2009 - 12:09 PM

I was told to feed the following txt into Combo Fix and that's when everything went haywire


who told you to run that script?

You have an open HJT log, you should wait for trained help
Chewy

No. Try not. Do... or do not. There is no try.

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:54 AM

Posted 27 February 2009 - 12:20 PM

I see that you have a open HJT Log

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working on logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled haven't received an answer in five days.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:54 AM

Posted 27 February 2009 - 12:30 PM

http://www.security-forums.com/viewtopic.php?t=55461

Since you are already receiving help in another HJT forum
Chewy

No. Try not. Do... or do not. There is no try.

#7 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:54 AM

Posted 27 February 2009 - 12:39 PM

http://www.security-forums.com/viewtopic.php?t=55461

Since you are already receiving help in another HJT forum

I see that you are already recieving assistance elsewhere.

Please refrain from asking for help from others while you are being instructed by someone helping you with a hijackthis log elsewhere. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the Helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. If you had posted your log here, similar rules would apply. We would ask that you refrain from asking for help elsewhere.

If you followed any other advice already, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusion, I am closing this topic. If you still need assistance after your log has been reviewed and you have been cleared, please start a new topic. If you have any questions, please PM me or another moderator.

Thanks for your cooperation.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users