Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Minor leftovers from Combofix


  • Please log in to reply
3 replies to this topic

#1 jimbthree

jimbthree

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 11 July 2009 - 04:36 AM

Hello, I've used Combofix a few different times in the past to resolve some malware related issues. Today when working on fixing a rather tame infection compared to the last, I noticed there was a newer version of Combofix available, and grabbed that and let it have a pass. The infection's now gone and anything suspicious in the log's been properly handled.

However, the Windows XP login screen at startup now shows both the administrator and primary account, and logging in presents only a command prompt window and no automated execution of anything afterwards. I do not remember this behaviour from Combofix in the past, or I'm remembering wrong. Is this some new side effect of the newer version, or did I overlook something? If there's a new "final step" I'm missing to no longer perform this limited minimal startup, let me know. Thanks.

Edited by jimbthree, 11 July 2009 - 04:37 AM.


BC AdBot (Login to Remove)

 


#2 D_N_M

D_N_M

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 11 July 2009 - 08:05 AM

Hello jimbthree

QUOTE(Papakid @ Mar 1 2009, 09:30 PM) *

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two.

What antivirus do you use? what firewall? Please give us some info on this. Thank you

D_N_M

#3 jimbthree

jimbthree
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 11 July 2009 - 10:05 PM

The issue's actually resolved now after a small change and a reboot, but thanks.

I use Spybot S&D and Avast, and let the Win XP defender/firewall do their thing too (with everything kept up to date). I know I said it was "tame compared to the last" but this was still something I know had placed a rootkit, keylogging, and all sorts of self protections, etc. etc. that manual removal attempts and things like killbox just couldn't handle on their own.

#4 D_N_M

D_N_M

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 11 July 2009 - 11:31 PM

Hello jimbthree

Glad you got it worked out :thumbsup:
Thank you or letting us know

D_N_M




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users