Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix appears hung


  • Please log in to reply
5 replies to this topic

#1 JerryPD

JerryPD

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 13 January 2010 - 09:30 AM

Hi all,
yes, I have read the warnings, and yes I ran ComboFix.
This was done as a last resort to try and find a mass-mailer that is infecting one of my users and causing us to be blacklisted on some RBLs.
That being said:
1) I am disconnected from the internet for this process, since I cannot have this machine emailing out.
2) Ran Combofix, and it installed the system recovery manager (needed a connection for a brief time here).
3) Combofix started its scan and automatically removed some registry settings from my computer. I did not write these down since I would be getting a logfile.
4) Combofix stated that it needed to reboot my system, and it in fact did that.
5) I logged back in as the same user that I ran Combofix from originally.
6) Combofix restarted itself with a dos-based box titled "Find3M", and inside it says "Preparing log report." "Do not run any programs until ComboFix has finished"
7) That has been on screen for 25 minutes at this point and I see absolutely NO ACTIVITY on the hard drive light.

So, i need to know if this is normal behaviour? If so, how long can I expect to wait? If not, what can I do at this point?

Thank you,
Jerry

BC AdBot (Login to Remove)

 


#2 JerryPD

JerryPD
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 13 January 2010 - 11:59 AM

I waited until 11:30 and restarted the computer.
Reran Combofix and it ran to completion this time.
All seems well - the mass mailer is not longer running.
I am a little discouraged that in 2 1/2 hours 12 ppl viewed this, yet noone answered. This was a pseudo-emergency, yet nobody responded. And this is a site that was listed on the Combofix website as where to go for help!

#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:10 AM

Posted 13 January 2010 - 12:22 PM

Combofix is a specialized tool. Most of us don't have a clue as to why it exhibited the behavior you described.
Explanations, if there are any to be made, are better left to those who are trained in it's use.
We can alert someone who has the knowledge to your post.
Then sit back and wait for someone to respond.
Those "someones" are volunteers here at BC. As volunteers, they help when they are not consumed by the demands of "real life".
In the 2 1/2 hours that 12 people viewed this, I'm betting that those 12 are NOT familiar with Combofix.
Would you rather have an explanation from someone who has no clue and may be wrong or one from someone who actually knows what is going on? Your question is basically a simple one, but problems could arise if someone untrained offers advice and it is wrong. We're here to help, not make things worse.

Those who are familiar with Combofix and how it works are members of the HJT team.
Some moderators, global mods, and site admins may also know something about it and can answer your questions.

Waiting for answers also applies to other issues. While many people view the posts, they may not have the answers. Again, it's best to be patient and wait for someone who can provide the RIGHT things to do and try. It's all a matter of when that person or people are online and are here at BC to read the topics.

Edited by Queen-Evie, 13 January 2010 - 12:54 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:10 AM

Posted 13 January 2010 - 01:11 PM

Had you read the disclaimer you would have seen that there is no official Combofix website
It is a rouge site that is not affiliated in any way

Everyone that reads a post does not know the answers

This was a pseudo-emergency,

You said it yourself

yes, I have read the warnings, and yes I ran ComboFix.


Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,529 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:10 AM

Posted 13 January 2010 - 01:39 PM

I am a little discouraged that in 2 1/2 hours 12 ppl viewed this, yet noone answered. This was a pseudo-emergency, yet nobody responded. And this is a site that was listed on the Combofix website as where to go for help!

I understand your issues, however allow me to give some background to what you observed. You say in 1 1/2 hour 12 people viewed you topic. Let me fill in what 'viewed' means. Any one of the over potentially 1000+ people on the site during that time could have 'viewed' your topic. Likely just out of curiosity. While the reality is that small percentage of our staff have the qualifications and expertise to respond to your topic subject matter. You post can and would be viewed by anyone who happens to pass over it, qualified or not. Views are not quantifiable as potential assistance, only that someone looked at the topic.

You would be more upset if you had gotten a bogus answer by someone not qualified to respond. Forums by their nature are not the place for [Emergency] topics to be posted.

As has been mentioned there is not a legitimate 'ComboFix' website which would direct you here. I don't know where you saw it. But it is erroneous information.

More information regarding ComboFix here: ComboFix usage, Questions, Help? - Look here

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:10 AM

Posted 14 January 2010 - 11:38 AM

There are circumstances CF will hang or stall at various stages. While that is not normal behavior, it is not unusual. In most cases it is helpful to know at what stage CF stalled. If it has gotten struck or froze, then rebooting is the next step as you already have done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users