Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MY PC CRASHED BY COMBOFIX


  • This topic is locked This topic is locked
15 replies to this topic

#1 sneha@om_khatti

sneha@om_khatti

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 14 March 2010 - 09:02 AM

MY PC CRASHED BY COMBOFIX

WHY THIS HEPPEND ?????? ALL IMP FILES & EXE ARE RENAMED BY .VIR



NOW HOW I RECOVER THESE MORE THEN 5000 FILES & PROGRAMs ???

ANY SOLUTION ???

Edited by elise025, 14 March 2010 - 09:08 AM.
fixed BBcode


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 14 March 2010 - 09:05 AM

Can you please start by telling me if you ran an new or an older version of Combofix?


EDIT ~ Please refrain from using capslock, it makes reading hard and is considered yelling.

Edited by elise025, 14 March 2010 - 09:06 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 sneha@om_khatti

sneha@om_khatti
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 14 March 2010 - 09:58 PM

QUOTE(elise025 @ Mar 14 2010, 09:05 AM) View Post
Can you please start by telling me if you ran an new or an older version of Combofix?


EDIT ~ Please refrain from using capslock, it makes reading hard and is considered yelling.



tanks for replay i download combofix new virsion with microsoft recovery console & start but after few minuts it will be restrt & after that i see all files in all drives are renamed by .vir

now what i do ?????

i lost my time ,all imp software with this combofix



#4 sneha@om_khatti

sneha@om_khatti
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 14 March 2010 - 11:08 PM

any budy sugest me for this

i lost my valuable time

where modrater or any expert of this forum ???


here is log file created by combofix

Attached Files



#5 Droinds

Droinds

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 15 March 2010 - 01:27 AM

I downloaded and installed combofix and did not have any problems. But then again I have a simple panasonic cf-29 toughbook with windows XP service pack 3. You on the other hand seem to have a series of logical drives. Are you sure you followed all the instructions as stated in the users manual. you can go here (http://www.bleepingcomputer.com/combofix/) maybe you missed something.
Good luck

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 15 March 2010 - 01:50 AM

No one should ever use this tool unless they know exactly what will occur when they use it - It is one of the better diagnostic and repair tools , but only if you are aware of what it can do to your system - This thread needs to be posted as a pinned item just to show how it can destroy a computer -
It is nice to take a shotgun when you are an experienced hunter but you never leave a loaded one for your kids to play with !!!!!!!-
Sorry to be critical but I have seen the last edition tear a system apart - That is why it was removed and repaired -
I will leave this to the top experts to see if they can restore any of your system -
Sorry But - rip_1.gif
Edit - Sounds like one step short of a reinstall and just call it experience -

Edited by noknojon, 15 March 2010 - 01:55 AM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 15 March 2010 - 02:45 AM

This is easily to recover, unlike suggested by some others here, a reformat is really not necessary. However, I need to see some detailed information, so I will move this topic in the appropriate forum.

This will cause other participants in this topic not to be able to reply anymore. I just want to make this general comment: Whenever you voice your opinions, do so in a civilised manner. True, its not a good idea to run Combofix unsupervised, but we are all humans and tend to make mistakes. Thanks.

What happened to this member is exactly the reason why we do nor recommend to use Combofix unsupervised. However this does not mean we do not offer help in such cases.

Sorry to edit again: please post me the logs found at c:\qoobox\combofix2.txt and c:\qoobox\combofix3.txt

One word of warning here. I see stuff like "hacker tutorials..." was deleted. Do not except any help recovering that kind of files, because that is clearly illegal and BC does not support that in any way. Also, do not be surprised if that stuff seriously messes up your computer....

Edited by elise025, 15 March 2010 - 02:52 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 sneha@om_khatti

sneha@om_khatti
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 March 2010 - 03:23 AM

QUOTE(elise025 @ Mar 15 2010, 02:45 AM) View Post
This is easily to recover, unlike suggested by some others here, a reformat is really not necessary. However, I need to see some detailed information, so I will move this topic in the appropriate forum.

This will cause other participants in this topic not to be able to reply anymore. I just want to make this general comment: Whenever you voice your opinions, do so in a civilised manner. True, its not a good idea to run Combofix unsupervised, but we are all humans and tend to make mistakes. Thanks.

What happened to this member is exactly the reason why we do nor recommend to use Combofix unsupervised. However this does not mean we do not offer help in such cases.

Sorry to edit again: please post me the logs found at c:\qoobox\combofix2.txt and c:\qoobox\combofix3.txt

One word of warning here. I see stuff like "hacker tutorials..." was deleted. Do not except any help recovering that kind of files, because that is clearly illegal and BC does not support that in any way. Also, do not be surprised if that stuff seriously messes up your computer....



i found these 3 files in my F drive

i instaled my windows in F drive


sorry but my attchmet is more then 512kb so i cant attch here

can i upload in rapidshare ???

Edited by sneha@om_khatti, 15 March 2010 - 03:30 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 15 March 2010 - 03:37 AM

I thought they would be rather big.

Please see if you can upload them one at a time and zipped.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 sneha@om_khatti

sneha@om_khatti
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 March 2010 - 03:56 AM

here these 3 files check & post resulte

Attached Files



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 15 March 2010 - 10:31 AM

Just to let you know I am checking out what is legit and what not.

It seems you have been downloading LOTS of keygens and related stuff. Those are not false-positives deleted by Combofix but contain real malware. If you insist on getting these back, I suggest you manually copy them from the qoobox folder and rename them afterwards (right click, rename, and delete the .vir part).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 15 March 2010 - 10:50 AM

Hello, first of all lets start with uploading a few files that should be legit, to see if they are indeed infected or not.

UPLOAD A FILE
--------------------
We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

F:\Qoobox\Quarantine\F\Program Files\Mozilla Firefox\firefox.exe.vir
F:\Qoobox\Quarantine\F\Qoobox\Quarantine\F\Program Files\Messenger\msmsgs.exe.vir
F:\Qoobox\Quarantine\F\Program Files\TeamViewer\Version5\TeamViewer.exe.vir

If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.



Edited by elise025, 16 March 2010 - 02:33 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 sneha@om_khatti

sneha@om_khatti
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 March 2010 - 10:20 PM

QUOTE(elise025 @ Mar 15 2010, 10:50 AM) View Post
Hello, first of all lets start with uploading a few files that should be legit, to see if they are indeed infected or not.

UPLOAD A FILE
--------------------
We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

UPLOAD A FILE
--------------------
We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

F:\Qoobox\Quarantine\F\Program Files\Mozilla Firefox\firefox.exe.vir
F:\Qoobox\Quarantine\F\Qoobox\Quarantine\F\Program Files\Messenger\msmsgs.exe.vir
F:\Qoobox\Quarantine\F\Program Files\TeamViewer\Version5\TeamViewer.exe.vir

If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.


If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.



i am unable to open http://www.virustotal.com/

it take too long time time to open

any other site for that ?????

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 PM

Posted 16 March 2010 - 02:34 AM

Use Jotti

And sorry for the mess in my last post, I cleaned it up ohmy.gif


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 sneha@om_khatti

sneha@om_khatti
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 17 March 2010 - 11:23 PM

QUOTE(elise025 @ Mar 16 2010, 02:34 AM) View Post
Use Jotti

And sorry for the mess in my last post, I cleaned it up ohmy.gif


thanks to all for helping me

i solved my problem by renaming all files & replased woth orignal plase

but i realy give thanks to all for helping me

now may be close this thread

ps : i never use any more combofix in my whole life





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users