Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

starting combofix on corupted disk


  • Please log in to reply
3 replies to this topic

#1 cujza47

cujza47

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 22 August 2009 - 03:20 AM

How I can start combofix application on hard disk which is corrupted with virus and therefore is not possible to boot OS from there? Can combofix make inspection on disk connected to another system via usb port?

BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:32 AM

Posted 22 August 2009 - 08:38 AM

Provide some basic information. What version/edition of Windows this has? What antivirus program is installed? Has it ever been without antivirus?
No, Combofix will not do the proper job of inspecting the system if you slave (or connect to another pc).
It would need to be started from within the "problem pc's" Windows.

But much more important, Combofix should never be run without guidance from an experienced antimalware expert.
Never run it on your own !

Advise if you have tried to restart your system in Safe mode with Networking ?
As the pc is restarted, tap & retap F8
Get Advanced Bootup Options.
Use the Up or Down arrows on your keyboard and select Safe mode with Networking

What is the virus or corruption you refer to? Filenames / details would help. What anti-malware tools have you tried?

Edited by Maurice Naggar, 22 August 2009 - 08:39 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 cujza47

cujza47
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 August 2009 - 06:37 AM

Thanks for your replay.
It is xp version 5600, not sure about sp (1 or 2).
In the beginning OS was completely unusable. When i tried boot, ChipAwayVirus on BIOS detected virus and refused to boot. Than I was repair MBR and after then BIOS is silent and finally is possible to see microsoft logo on black screen. After that, instead of logo "Password Creation" window taken the place on black screen, asking me to enter the password for administrator's account. I haven't got any password ewer. Than I tried to get "Recovery Console" but after choosing Windows OS I was asked again to enter password. Than I changed SAM file, and after there is no demand for password and I was finally in "Recovery Console", where I checked another system existing other system files (system, software, security and default), than exit. After rebooting "Password Creation" window appeared again and now I'm again step behind. I assume, there is some application called at the beginning of booting process which purpose is to prevent OS to boot. I've got UBCD4Win and there found two very useful tools (Windows Registry Analyzer and EzPcFix) but I don't know much about registry and how to find "stranger" in system.
Analyzing disk with Bit Defender, it's found "Backdoor.Sinowal.CB" on, but Bit Defender wasn't able to clean it. Everything begun using Nod 32 which let passed Backdoor and around tree hundred another viruses detected later by Bit Defender.
I've taken all my data from disk but still will to find place where reside this seducer.
I appreciate any help. Thanks in advance

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:32 AM

Posted 23 August 2009 - 08:11 AM

You might try these boot cd(linux based) virus scanners

http://www.free-av.com/en/tools/12/avira_a...cue_system.html

http://www.f-secure.com/en_EMEA/security/s...e-cd/index.html

Good luck and happy hunting
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users