Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combo fix?


  • Please log in to reply
12 replies to this topic

#1 CherHill

CherHill

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 17 February 2010 - 11:37 AM

I'm a bit confused...can I or can't I use/DL combo fix? and what about the older one I have on my desktop?
Thanks much

Edited by Orange Blossom, 17 February 2010 - 07:38 PM.
Move to AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 17 February 2010 - 09:16 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

Delete the old version as CF is updated frequently. If you have already run that old version, you can remove as follows:

Press the WINKEY + R keys on your keyboard or go to Posted Image > Run... and in the Open dialog box, type:
ComboFix /Uninstall
  • Posted Image
  • Press OK.
  • Doing this will:[list]
  • Delete ComboFix's related folders and files.
  • Reset the clock settings.
  • Hide file extensions.
  • Hide System/Hidden files.
  • Clear the System Restore cache to prevent possible reinfection.
  • Create a new Restore point.
-- Vista users, users can refer to these instructions: How to Enable Run Command in Vista
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 08:13 AM

OK, thanks, I'll uninstall but my computer guy is the one who gave me the link to DL in the first place :thumbsup: ..and i just triedd the uninstall you suggested and i get an error that says cannot be found...but its sitting on my desktop
Thanks

Edited by CherHill, 25 February 2010 - 08:14 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 25 February 2010 - 09:14 AM

Please download OTC by OldTimer and save to your Desktop.
  • Connect to the Internet and double-click on OTC.exe to start the program.
  • Click on the green CleanUp! button.
  • If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.
  • When it has finished, OTC will ask you to reboot so it can remove itself.
-- Doing this will remove any specialized tools (including this one) downloaded and used.

What specific problems are you having that required someone provide you with a link to download and use ComboFix?

Although the tool can be downloaded from many sites, not all of them can be trusted as they are not authorized to be hosting CF. In many cases they may be hosting outdated versions which should never be run. The tool is frequently updated and downloading the most current version from an authorized site such as BC when directed by an expert is the safest thing to do. Doing otherwise puts your system at risk.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 10:45 AM

I could just tell something was wrong...some kind of bug...My desktop icons blink...I'm on dial up and know what I can run and how MANY things I can run at one time before it gets sluggish...well, i had nothing but email going and it was acting like I had alot more than that running....I read somewhere that under 'processes' in task manager, nothing should be more than 15, 000 k? some are 50, 70, 90 k....don't know if that means anything or not....anyways, I emailed my computer guy and he sent me the combofix link..sent him the log and said there was nothing that awful on it....about a month later told him it still wasnt right and he told me to go to bleeping comp.com and re download combofix again....so I did....
and in case you couldn't figure, I'm pretty computer illiterate :thumbsup:
thanks

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 25 February 2010 - 11:02 AM

Most of the processes in Task Manager will be legitimate as shown in these links.Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted. Keep in mind that a legitmate file can also be infected by some types of malware such as Virut which is a dangerous polymorphic file infector. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

It is not uncommon to have a lot of running processes showing in Task Manager and utilzing system resources. I have 35 showing in my system at the moment including five instances of svchost.exe which are using over 550 MB.

For instance, Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs) and can run other services underneath itself. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual for multiple instances of Svchost.exe running at the same time in Task Manager in order to optimize the running of the various services. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.

System Idle process is used for measuring how much idle time the CPU is having at any particular time (100% minus the sum of all tasks CPU usage). It accounts for processor time when the system is not processing other threads and will display how much CPU resources, as a percentage are 'idle' and available for use. One instance of this process operates per CPU, and runs to occupy the processor when other threads are not running. System Idle process also issues HLT commands which put unused parts of the CPU into a suspend mode, thereby cooling the processor. Normally this process should take up at least 90%+ of processor time on average (this is the value in the CPU column). In non-technical terms, this figure represents how much CPU time has not been requested by anything else on your system.

System is a process in NT "kernel mode" that contains most of the system threads and handles various basic system functions. When Windows loads, the Windows kernel starts and runs in kernel mode to set up paging and virtual memory. It then creates some system processes and allows them to run in "user mode" but restricts their access to critical areas of the operation system. The User mode processes must request use of the kernel by means of a system call in order to perform privileged operations on their behalf. Kernel mode has full access to system resources and controls scheduling, thread prioritization, interrupt handlers, memory management and the interaction with hardware. The system process cannot be terminated. For more detailed information, refer to:Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.

Or search the following databases:If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Edited by quietman7, 25 February 2010 - 01:06 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 11:22 AM

OK, thank you....I'll check these links in order you sent...I'll DL one or 2 of those tolls to investigate processes...although I really have no clue which ones are 'suspicious' I dont know what any of them are lol. I too, have many svchosts running...sometimes thy're so big I click 'end process' in hopes of the computer runs a bit faster...I had anVir a couple years ago, but another computer place removed it and said it was malware? Thanks again and I'll give all this a try

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 25 February 2010 - 11:26 AM

An effective tool that you should be using (if not already) is Malwarebytes' Anti-Malware <- instructions for scanning are in that link.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 11:31 AM

I clicked on svchost viewer and it brought me to MP3 quality modifier?

#10 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 12:14 PM

I have malwarebytes installed...it never finds anything though...I also have ESET AV and spybot and just installed adaware

#11 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 12:26 PM

I have malwarebytes installed...it never finds anything though...I also have ESET AV and spybot and just installed adaware

PS-I downloaded that otc and it did remove combofix but not itself...also i have 3 files on my desktop that i cannot delete? when I saved them they didnt seem to save right(they are suppose to be PSP tubes) thats when the probelms seem to get worse
thanks

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 25 February 2010 - 01:09 PM

I fixed the broken link for svchostViewer.

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

You should be able to right-click on OTC and just delete it.

Malwarebytes Anti-Malware has a built-in FileAssassin feature for removing stubborn malware or other malicious files that it did not detect.
  • Go to the "More Tools" tab and click on the "Run Tool" button
  • Browse to the location of the file(s) to remove using the drop down box next to "Look in:" at the top.
  • When you find the file, click on it to highlight, then select Open.
  • You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
  • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully.
  • Click Ok and exit MBAM.
  • If prompted to reboot, then do so immediately.
-- If the file returns, then you probably have other malware on your system which is protecting or regenerating it.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 CherHill

CherHill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 February 2010 - 01:51 PM

when I first got spybot, I followed the instructions on majorgeeks.com to disable the teatimer...unless it put itself back?....and I tried the run tool on Malwarebytes...it said it deleted it, but it didnt(theres 3 of them)
thanks!

Edited by CherHill, 25 February 2010 - 01:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users