Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help analyzing ComboFix log file


  • This topic is locked This topic is locked
8 replies to this topic

#1 jsjohnson

jsjohnson

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 16 February 2010 - 12:49 PM

Hello,

I recently ran ComboFix on a machine under my care and now I would like to understand what ComboFix found and the corrective action taken.

Thank you,

Jim

I have posted this question on another forum on this site more closely relating to my question. Thank you

Attached Files


Edited by Orange Blossom, 16 February 2010 - 08:01 PM.


BC AdBot (Login to Remove)

 


#2 jsjohnson

jsjohnson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 17 February 2010 - 04:29 PM

Thank you Orange Blossom for editing my post and adding the log file. I was waiting until someone responded and requested it per the instructions. I am a new member and still learning how to use the forum correctly.

Jim

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:43 AM

Posted 19 February 2010 - 09:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 jsjohnson

jsjohnson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 22 February 2010 - 04:32 PM

Hello m0le,

Thank you for assisting me. I have subscribed to the topic as directed. I am on Central time and will monitor this forun for your next response until 530ish. I will respond tomorrow if you reply later than that.

Jim

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:43 AM

Posted 22 February 2010 - 05:37 PM

Okay, jsjohnson, firstly Combofix should not be being run without expert supervision.

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


The next thing to say is that Combofix found nothing to remove and I have taken a second look and nothing is malicious from any of the sections of the log at all.

My question therefore is why did you decide that your PC was so infected that you needed to run a powerful tool?
Posted Image
m0le is a proud member of UNITE

#6 jsjohnson

jsjohnson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 23 February 2010 - 02:03 PM

Thank you m0le,

Your admonishment is received. To answer your question why I used ComboFix, I had blindly accepted the advice of another without researching the proper use of the tool. I am quite new to battling virus and malware infections and was looking for a good tool to do so. After I ran it I was very curious about the log file and what if any issues were addressed. Hence I went looking for the source of the tool and found BleepingComputer. Of course the first thing I saw was "DO NOT USE COMBOFIX UNLESS TOLD TO DO SO...."

I have since been reviewing many of the resources on this site and look forward to gleaning as much as possible from generous contibutions of people such as yourself (and in time I might be able to give back something too). I have found there are many tools and techniques to try before resorting to ComboFix (when directed to do so....).

Thank you again for your time.

Jim

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:43 AM

Posted 23 February 2010 - 06:32 PM

Okay, no problem. smile.gif

First thing we should do is take a look at a couple of logs and see if there is anything lurking. Let me know also if you are getting any symptoms at all.

First DDS,

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Then a rootkit scanner

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:43 AM

Posted 25 February 2010 - 07:52 PM

You still there, jsjohnson?
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:43 AM

Posted 01 March 2010 - 06:47 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users