Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMBOFIX.exe not effective


  • Please log in to reply
5 replies to this topic

#1 nrjks

nrjks

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 06 July 2009 - 09:19 AM

hi friends.
i'm new to this forum :inlove: and this is my first post.
combofix is not workin with KHATRA.exe. Why so?

yester day one autorun.inf was detected on my pc and after two hrs of efforts to remove the virus i was made user and system was password protected.i've formated :lmao: today. the content of this inf is pasted below(remember combofix was also not able to remove the virus)


[AutoRun]
;kkLS IJrpuu cXNWaaSsyO MgbPjlTewssgwbx
;YJptaktqx
oPEn=unfb.cmd
;
sHElL\opeN\cOmmaND=unfb.cmd
;weJWitqis
shELL\ExPlore\CommAnd= unfb.cmd
;
ShElL\oPen\DefAuLT=1
;pfxjgv
shelL\AuTOplaY\comMaNd = unfb.cmd
;

look for this link

http://icrontic.com/forum/showthread.php?t=54508

IS IT TRUE?
this is pst for not a solution but for seeking limitations of combofix.
thanks

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:27 AM

Posted 06 July 2009 - 12:39 PM

That link was for a problem over a year ago, which has been resolved
It is also a good reason why the disclaimer is present and should be read


ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 nrjks

nrjks
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 07 July 2009 - 06:23 AM

That link was for a problem over a year ago, which has been resolved
It is also a good reason why the disclaimer is present and should be read


ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.




this is not a log of combofix bit it is the content of one autorun.inf on my pc. and why combofix is not working with KHATRA.exe

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:27 AM

Posted 07 July 2009 - 10:38 PM

We are aware that you have not posted a Combofix log which is why this topic is still open. However, we still provide the warning about using it and for very good reason.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014


As garmanma stated in post 2:

That link was for a problem over a year ago, which has been resolved


which means that everything in that topic is outdated including the tools. Malware constantly changes, because of this the tools must also change.

Also, the author of the tool does not want information on how Combofix works in public forums.

The only public information that is available can be found at this guide:

How to use ComboFix

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 nrjks

nrjks
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 July 2009 - 02:09 AM

which means that everything in that topic is outdated including the tools. Malware constantly changes, because of this the tools must also change.

Also, the author of the tool does not want information on how Combofix works in public forums.

The only public information that is available can be found at this guide:


Dear Orange Blossom
thanks for your rsponce.
i know that autor dont want to release informations and truely i am not interested in that. i have also gone through the procedure how to use this tool. now you said everything in that topic is outdated including the tools

how come?

have you tell me why COMBOFIX is not removing KHATRA.exe?????????

Edited by nrjks, 10 July 2009 - 02:10 AM.


#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:27 AM

Posted 10 July 2009 - 04:32 PM

how come?

have you tell me why COMBOFIX is not removing KHATRA.exe?????????

Why is it outdated? because you pointed to an old thread. As has been stated malware and the tools to combat malware evolves and changes to maintain the fight. This is fact.

I think the better question is, why do you think Combofix is supposed to remove KHATRA.exe?

We will at the request of the author of Combofix not get into specifics of the tool and it's operation. This is why your question is not being answerd directly.

The tool is as current as the author has made it. It is by no means the only tool used for every form of malware. There are other tools for dealing with malware too.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users