Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question regarding Combofix deletions


  • Please log in to reply
4 replies to this topic

#1 error_man

error_man

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 10 October 2009 - 02:41 PM

After following the tutorial from http://ni3d4888.blogspot.com/2009/10/how-t...s-ctu8rexe.html, I've successfully removed an USB trojan and, as suggested, ran ComboFix just to be sure the infection is gone(something I really shouldn't have done in the first place).
The infection is now gone but I've noticed quite a few file removals were made and would like to know exactly what these files were/were part of(besides WinPCap) and if I should really be worried(will attach ComboFix log after permission is granted).

Also, sorry for not noticing the large blue chunk of text that warned me not to post CF logs in the "Am I infected? What do I do?" forum.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:53 PM

Posted 10 October 2009 - 08:09 PM

What that blog failed to tell you is that we do not support Combofix
We do not recommend Combofix without supervision from a HJT team member. It says so in the disclaimer
One of the reasons it is not recommended to use ComboFix without supervision is because of these kinds of problems, as you already know. What hasn't been pointed out is that, if you had had supervision, your helper could have gotten in contact with CF's author to resolve the issue. He won't do that with people who ignore the disclaimer and run it on their own--he uses his time to make CF better.

Post a list of the files and see if someone will respond
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 error_man

error_man
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 12 October 2009 - 03:11 AM

Problem solved, restored files/registry from the qoobox directory. I'm still curious why they were deleted though since most look like audio/video codecs(vlc player?).



EDIT: Combofix log removed~not allowed in this forum

Edited by garmanma, 12 October 2009 - 04:57 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:53 PM

Posted 13 October 2009 - 07:13 AM

Discussion pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. That's the decision by the creator and we will abide by that decision.

The only public information that is available can be found at this guide: How to use ComboFix
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 error_man

error_man
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 14 October 2009 - 03:22 PM

Posted Image

Sorry I asked...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users