Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix removal


  • Please log in to reply
8 replies to this topic

#1 Eltanin

Eltanin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 27 January 2010 - 05:48 PM

Hello,

I recently cleaned a client's machine using ComboFix. It seems to have worked splendidly, as it has the many other times that I have used it. It found an infected atapi.sys file and cleaned it up. Nice!

The machine seems to be running normally and MBAM reports nothing to be found. However, I am unable to remove ComboFix properly. When using the Run command and typing any of the following variants, all that happens is that Combofix wants to run another scan: combofix /uninstall; ComboFix /uninstall; ComboFix /u; combofix /u.

I downloaded ComboFix from here yesterday, the 26th of January. I've searched forums here and to some extent elsewhere and found that other people have used tools like otcleanit.exe but none of the links seem to be valid anymore and a google search for otcleanit.exe doesn't yield a trusted site from which to download it.

Therefore I am at a loss. I do not want to hand the computer back with Combofix still on it, fat and sassy on the desktop there. What to do?

Thank you for the assistance.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:06 PM

Posted 27 January 2010 - 06:23 PM

combofix /UNINSTALL

http://oldtimer.geekstogo.com/OTC.exe
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Eltanin

Eltanin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 27 January 2010 - 07:16 PM

I'm obliged for the reply.

The link has been blocked by my Sonicwall gateway AV - presumably this is just a reaction to what the tool can do and not because the link is poisoned, is that correct? It's calling it Emold.U (Worm).

Thanks again.

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:06 PM

Posted 27 January 2010 - 07:29 PM

Some programs get flagged because of how they work.
Just allow the download, it's perfectly safe.

BBPP6nz.png


#5 Eltanin

Eltanin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 27 January 2010 - 07:33 PM

If you have time, I'd still like an answer to the Gateway AV diagnosis (if you have one), but thank you "combofix /UNINSTALL" actually worked. So hopefully I don't need oldtimer after all.

Also for my edification if you have time, does the uninstall action for ComboFix do more than delete the file on the desktop? Does it clean up files elsewhere? I see the Qoobox folder is still there off the root.

Another way to put my question is, where can I learn more about the actions of ComboFix? I battle malware on computers pretty much every day among other IT type stuff that I do for a living. I'm not insensible to the warnings about using ComboFix without adult supervision though. So is there a place that I can go to learn how to be an adult, at least with this tool?


I appreciate all of your efforts in these forums and at this website. Thank you for your energy and information.

Edit: Thanks for the reply Starbuck. We cross-posted. Consider my first question answered.

Edited by Eltanin, 27 January 2010 - 07:34 PM.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:06 PM

Posted 28 January 2010 - 02:31 PM

Hi Eltanin

does the uninstall action for ComboFix do more than delete the file on the desktop?

This action will also perform the following:
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Reset System Restore.

I see the Qoobox folder is still there off the root.

If it's still there after a reboot, the folder can be safely removed manually.
If you run OT's program, this will remove the Qoobox folder.

where can I learn more about the actions of ComboFix?

Learning about ComboFix is only taught to 'Helpers' who have attained the rank of 'Senior Classman' or above.
This learning procedure isn't available to normal members.

BBPP6nz.png


#7 Eltanin

Eltanin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 28 January 2010 - 06:38 PM

Starbuck,

Thank you once again for your reply. Can you point me in the direction of information on how I can get involved and what is required of Helpers?



Cheers.


P.S. - Please don't tell me that the first step to becoming a helper is figuring out how to become a helper. :thumbsup: I have in fact looked around, but haven't found the information I sought.

Edited by Eltanin, 28 January 2010 - 06:43 PM.


#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:06 PM

Posted 28 January 2010 - 07:20 PM

http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/
Openings are first come / first served, so you must check it often
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 Eltanin

Eltanin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 28 January 2010 - 07:31 PM

Deluxe!

Thank you all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users