Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post-combo/ Moved


  • Please log in to reply
11 replies to this topic

#1 Ruprect

Ruprect

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 07 April 2009 - 05:02 AM

Ok, it seems I did a bad thing by running combofix without supervision. The trouble is, it was recommended to run it by the guys at my local computer store, I guess my problem was that I didn't read all about it first before jumping in.
Combofix sure fixed that virus attack I was having, but now IE only runs about 1/3 of the time from when I launch it, mostly I just get a blank (white) screen instead.
Can anyone help me with this?!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:39 AM

Posted 07 April 2009 - 09:02 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

The trouble is, it was recommended to run it [Combofix] by the guys at my local computer store


Groan. I wish folks wouldn't do that. For the benefit of others reading this topic, ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014

Please tell us what your operating system is: Windows XP, Vista, etc. Also, what version of IE are you using?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Ruprect

Ruprect
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 08 April 2009 - 01:22 AM

Hiya OB,

Yes if only I had researched that tool before I ran it, I would most definitely have only pursued it under expert supervision. But at least I know now!
I'm on WIn XP and I was using IE7 but upgraded to IE8 since using combofix. I had half hoped that the problem would have been resolved by doing this, but alas not.

#4 Ruprect

Ruprect
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 08 April 2009 - 03:56 AM

I just remembered something that I forgot to include with my original post. Another side-effect is that programs wwill no longer "auto run" - that is to say that a USB device like a memory key no longer has a popup box when you plug it in to give you a choice of what programs to run or how to open it etc.. and DVDs when inserted no longer have the DVD software open automatically.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 08 April 2009 - 08:50 PM

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:These types of infections usually involve malware that modifies and loads an autorun.inf (configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. In USB drives, it modifies Windows Explorer's right-click context menu and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

ComboFix automatically disables autoruns the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security applications disable this feature as well and even Microsoft recommends doing the same

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

Disabling autorun/autoplay does not prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. [b]We strongly recommend you leave the autorun feature disabled
and get into the habit of accessing your media devices manually.

[b]If you just have to have it



[b]How To Enable/Disable Autorun (Windows XP)
  • Open Windows Explorer by pressing the Windows + "e" key
  • Right-click the desired CD-ROM and select Properties from the menu.
  • Select the AutoPlay tab.
  • Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
  • Select OK.
-----------------------------------------


For your connection, go to this page:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
At the very bottom of the page it will show you how to repair your internet connection

Edited by garmanma, 08 April 2009 - 08:59 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 Ruprect

Ruprect
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 09 April 2009 - 03:54 AM

I'm afraid neither of those methods have worked for me, but thanks to everyone who replied for trying to help anyway. My frustration over this is boiling over so I'm pretty close to just reformatting and starting all over again.

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:39 AM

Posted 09 April 2009 - 04:04 PM

Here's a thought. Uninstall both IE8 and IE7, then reinstall. See if that will solve the problem with IE.

Are you having other internet connection problems? Are you using a router?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:39 AM

Posted 09 April 2009 - 04:41 PM

I'm pretty close to just reformatting and starting all over again.


Before you give up

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.

Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

And

LSP-fix

http://www.cexx.org/lspfix.htm
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:39 AM

Posted 09 April 2009 - 04:51 PM

Excuse me for butting in...

Are you also still having trouble enabling AutoPlay or did the method that Garmanma give you work?

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#10 Ruprect

Ruprect
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 09 April 2009 - 05:59 PM

Thanks again, I'll try all those things as well when I get back (will be away for 2 days FYI).
AutoPlay still doesn't work - I have the "Prompt me each time to choose an action" radio button selected, which is what I prefer to happen, but the "prompt" box doesn't appear anymore.

#11 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:39 AM

Posted 09 April 2009 - 06:40 PM

If you feel more comfortable with AutoPlay on, the easiest way to re-enable it is through the Tweak UI PowerToy.

http://www.bleepingcomputer.com/forums/ind...t&p=1087059

The easiest way to disable Autorun on a specific drive is to download and use Tweak UI PowerToy.

  • After installation, launch Tweak UI, double-click on My Computer in the tree menu on the left, then click on AutoPlay > Drives. This will allow you to change the system settings for AutoPlay/autorun.
  • Uncheck the drives you want to disable AutoPlay on and click on Apply.
  • Next, click on the Types in the left tree. This allows you to control whether Autoplay is enabled for CD and DVD drives and removable drives. You may need to restart Tweak UI if it closes after step 2.
  • Uncheck the box to disable Autoplay for a particular type of drive.
  • Click Apply.
If needed, see Disable Autorun/AutoPlay in XP with Tweak UI" for instructions with screenshots.


Instead of unchecking the boxes, put a check in the boxes and click on Apply.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#12 Ruprect

Ruprect
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 12 April 2009 - 09:11 AM

I finally gave up and formatted. It was actually quicker for me to do it that way, the whole system was back up and running again in about 30mins.
Once again, thank you all for your help. I can at least say that I'm a little wiser for the experience!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users