Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Deleted all my Files


  • Please log in to reply
6 replies to this topic

#1 rajiananth

rajiananth

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 21 July 2010 - 08:21 AM

I used to run Combofix to fix any viruses and it worked fine till couple of days back.
I got Fake Anti-Virus scan in my machine.
To remove that, I ran Combofix in my system.

I got rootactivity error and it asked me to reboot my system.
When i rebooted, I got Safeboot is not installed error.

This is for my office laptop.
I have taken help from my companies help desk and they are able to login by connecting external drive and
unlocking the Safeboot password.

The idea is to take backup and re-image my laptop.
When he went C and D Drives, there are no files.
It just says 0 Bytes.

I have lot of valuable information.
Please suggest..

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 rajiananth

rajiananth
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 21 July 2010 - 02:56 PM

Can someone please respond..
I lost all of my data(including System files).
My C and D Drive is empty.

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 21 July 2010 - 03:03 PM

Hi,

I'm sorry to hear what misfortune happened to you. However let me point out that this is precisely the reason why we ask people not to run ComboFix on their own. ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

It can do a lot of damage if used improperly as you sadly have had to experience.

Since you mention that this is a business PC can I ask you if they have a backup plan and how much of your data has been backed up.

Could you please tell me a couple more things about your laptop: What operating system was used? What did you do before running ComboFix? Did you write down the exact messages ComboFix gave you? Did you create any logs prior to running ComboFix which could give us an idea of what was happening on the PC?

When you mount the drive in another PC do you see both partitions? What size do they have? Finally have you tried data recovery tools to get to your files? (For example with Recuva or PCInspector)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 rajiananth

rajiananth
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 21 July 2010 - 03:19 PM

Thanks for your response.

My company doesn't do the backup's of employee's laptop.
It is my responsibility and i did the last back one year back.

Operating system is Windows XP.

I got the virus and I ran Anti-Malware from Malwarebytes. It didn't detect any virus.
After that, i submitted Combofix..It ran for few minutes and then gave a message 'Root Activity detected, need to restart'(not the exact message..but it is close)
When i restarted, i got 'Safeboot is not installed' message and i couldn't login to my machine.

Then, I contacted helpdesk and they connected external drive(like USB drive) to my laptop and unlocked the machine(by using some safeboot password file)
The main idea is to get the data from my laptop and then re image my laptop.
When they went, there is no data in C and D Drive.

It shows 0 Bytes in C and D Drive.
I didn't try any recovery tools.
If you believe that recovery tools will help in getting my data back, i can suggest to them.
Thanks in advance.

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 21 July 2010 - 03:24 PM

Hi,

what anti virus program are you using?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 rajiananth

rajiananth
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 21 July 2010 - 03:37 PM

Norton Antivirus..
I ran combofix couple of times before and it fixed the issue and i never encountered like this.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 21 July 2010 - 03:40 PM

Hi,

the only reference I have found to the error message you gave me points to McAfee: https://kc.mcafee.com/corporate/index?page=...S&actp=LIST

Do you have any McAfee software installed on the PC?

A plausible explanation for the issue you are experiencing is that an encryption program which used to be working on your PC was disturbed/removed. This means that even though the data is still present on your PC it is encrypted and you can't access at the moment. We need to find out which program was used to encrypt and how to decrypt the data.
This would be easier if we had the logs, as would usually be the case when you are getting helped by a malware remover.

regards myrti

Edited by myrti, 21 July 2010 - 03:43 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users