Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


File Replicators and deleted good files

  • Please log in to reply
2 replies to this topic

#1 nodnolse1


  • Members
  • 2 posts
  • Local time:11:22 AM

Posted 16 June 2010 - 01:30 PM

After the scan Combofix told me: ----- File Replicators ----- and a list of my documents i many different volumes. Then i searched a system restore point to undo, but surprise, Comofix does not provide a system restore point before to start, only a registry backup to use in case a pc becomes unbootable. I refer just un example, Opera web browser makes alone and silently a system restore point before install or uninstall it. This a part, I cant understand why Combofix deletes filels like "vmnat.exe" (part of Vmware), "install.exe" (part of Microsoft® Visual Studio® 2008) and the worst of all imho it is that in the "C:\Qoobox\Quarantine\Replicators" folder there is a file, I imagine it is a sort of archive of the quarantineted/replicated files. At this point I find very grave that inside the file located in "C:\Qoobox\Quarantine\Replicators\Replicator_6.txt" there is not instructions how to restore the files archived in my case into a single file w/o extension of 2 MB named using hexadecimal values. I agree that an error can happen, but I can't accept that you hide the way to repair at the error. I lost my data, time to write because it is not my first language. All that I get should be avoided simply making at first a system restore point, at second when quarantined, all files stored on a zip for instance protect by a passphrase witten into the log. Last to do should be an easy batch to restore files an folders exaclty where they where. In the wile, I woul like suggest to add the ability to use Combofix by command line switches, or if you don't like it for some reason, should be very appreciate a dialog box when double clicking on Combofix.exe that lets configure the entiere cleaning process. For instance, accept the Eula, skip the download of ms restore machine, skip if it is not updated, or skip updating. A command to clean Combofix.exe and all its tracks should be te minimum that a person ask to a cleaning tolls, do you agree?

I used the search in the forum and I get this responce ... http://www.bleepingcomputer.com/forums/ind...t&p=1026101

Another useful answer http://www.bleepingcomputer.com/forums/ind...t&p=1026186

Se you soon, Paolo

Edited by nodnolse1, 16 June 2010 - 01:51 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:05:22 AM

Posted 16 June 2010 - 02:34 PM

Hello, We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the ComboFix log.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hamluis



  • Moderator
  • 56,565 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:22 AM

Posted 16 June 2010 - 02:43 PM

I think that you missed some very important words that users ought to be aware of...in regard to ComboFix.

At http://www.combofix.org/, there is a button marked ComboFix's Disclaimer. Clicking on that...brings up these words...that you and all who would use this specialized tool...would do well to read:

"This tool is meant for private use. It should never be used in an unsupervised environment."

"This software is provided "as is", without warranty of any kind."

Here at BC...ComboFix is used by trained personnel...to partially assist in the overcoming of malware situations. It is NOT the only tool used, it is in fact...one of several different tools used by...personnel trained in dealing with malware situations.

It was not developed for any reasons other than those stated by the developer, it was developed as a tool to be used by trained personnel. It is not an AV program developed for the purpose of providing continuous protection for your system. It is not developed for unknowing, untrained users.

The Bleeping Computer policy regarding use of ComboFix is very plain, very literate...and can be found at http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/.

The most prominent words from that link follow:

ComboFix is an Anti-Malware tool used by advanced malware technicians specifically trained in its use.

Please DO NOT USE COMBOFIX on your own without supervision!!!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users