Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Problem


  • Please log in to reply
1 reply to this topic

#1 GeekJD

GeekJD

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 11 September 2009 - 09:40 AM

Thank you in advance with help regarding my question. Let me start by stating I'm NOT a novice with respect to using ComboFix, and love it's effectiveness at removing rootkits and other malware. That said, I incorrectly ran ComboFix on a machine running Windows Vista Home Premium 64-Bit.

Of course, I received an error letting me know that combofix doesn't run in that environment. However, it left behind a new file and two new folders. The typical uninstall command, combofix /u, abends as well. The file/folders left behind are:

Bug.txt
\Combofix
\Qoobox

I'm very familiar with Qoobox being left behind prior to the uninstall process, but the bug.txt and \combofix folders are alien to me. The bug.txt folder contains a lot of information that I don't fully understand. So, my questions are these:

1) What changes did combofix actually make to the system (besides the obvious files/folders)?
2) How do I cancel any changes made to my system? I know combofix is very poweful, but can I just delete the files and folders referenced above? If so, will that nullify all changes combofix made? Since combofix didn't create a restore point, I don't want to unnecessarily use a previously existing restore point from a Vista Update.

Thanks to all who read and reply to this post!

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 PM

Posted 13 September 2009 - 04:39 PM

Hello.

You should know that Combofix is not meant for private uses but I'm not going to say anymore as I think you already know.

Combofix as you know now doesn't support any 64-bit machines.

1) What changes did combofix actually make to the system (besides the obvious files/folders)?

Combofix didn't make any changes other than the files/folders it created and perhaps it may have dropped a few files that it uses to the system however that doesn't do anything. So, Combofix didn't make any changes really other than the files/folders as you stated.

2) How do I cancel any changes made to my system? I know combofix is very poweful, but can I just delete the files and folders referenced above? If so, will that nullify all changes combofix made? Since combofix didn't create a restore point, I don't want to unnecessarily use a previously existing restore point from a Vista Update.

Yes. Removing those folders you mentioned above will do. As long as Combofix didn't run (which it shouldn't have) then it wouldn't of remove or modified any files or the condition of your machine. All it did was drop a few files/folders. Deleting them should be fine.

Alternatively you can run the tool below which will help remove components of Combofix as well...

Download and Run OTC
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users