Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did virus mask ComboFix folder?


  • Please log in to reply
4 replies to this topic

#1 535678

535678

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 14 August 2010 - 12:08 AM

I downloaded ComboFix this afternoon on my desktop. Either this site or another like it had a script to paste into a text file to remove files in C:\Windows\Temp named $67we.$ and $$$dq3e. Per the instructions, I dropped the text file on top of the ComboFix.exe (on the desktop).

ComboFix started up and had me download the Recovery Console. I did. Then it appeared to start scanning except that ComboFix froze up and did nothing for hours. It stuck on the initial greeting saying the scan typically takes 10 minutes. No more information was displayed by ComboFix. The computer was not frozen.

After about 4 hours my patience ran out and I tried to close ComboFix. Wouldn't close. Tried Ctrl-Alt-Del and that wouldn't work. Finally rebooted the computer manually.

The computer boots up fine, I still have web browser redirects (as before) and I can't uninstall ComboFix which is in the C:\ directory. The ComboFix folder has the same icon as "My Computer" and when I click on it, I am routed to My Computer showing all the drives, but the address bar says C:\ComboFix. Did a virus do this?

I ran AVG Free 9.0, Malware Bytes, SuperAntiSpyware and none of them can find an infection. I have disconnected from the internet just to be safe.

I'm contemplating whether to buy a new hard drive, then copy all of my user files over. The current drive is 80% full as it is. What would you recommend at this point? If nothing else I could use help removing ComboFix.

Edited by Orange Blossom, 14 August 2010 - 11:31 PM.
Moved topic to log forum on helper's request. ~ OB


BC AdBot (Login to Remove)

 


#2 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 14 August 2010 - 10:55 PM

Hello 535678,

No, a virus did not alter that, and now you see why it's not a good idea to follow instructions you see in another thread. smile.gif

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool) Going forward, I highly recommend you heed such instructions. The reason why we don't ask or advise anyone to run ComboFix from the onset is because we first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

Please do not run it again until I advise you. First, I need more information. Please follow our pre-posting process outlined here http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ and post the requested logs so we can begin the cleaning process.

Edited by Ried, 14 August 2010 - 11:32 PM.
fixed open bb code

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#3 535678

535678
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 16 August 2010 - 08:03 PM

I've decided to install a new hard drive now, to kill two birds with one stone. Then move my documents to the new drive and wipe/reformat the old one. Does this sound like a good idea?

If not, I will post my logs ASAP.

Edited by 535678, 16 August 2010 - 08:04 PM.


#4 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 16 August 2010 - 08:40 PM

Without seeing any logs, I have no idea how infected the system is. Without knowing that, I really couldn't advise you if reformatting is a 'must-do'.

However, if it would ease your mind to reformat and install Windows fresh, then that is what's best for you. smile.gif

It's up to you. You can post logs and we can in all likelihood clean the system. Or you can format and reinstall - or - you could do both. Post the logs, get it cleaned up and buy yourself some time to backup the data without feeling rushed.

Please let me know how you wish to proceed.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#5 535678

535678
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 18 August 2010 - 04:11 PM

I decided to do a complete reinstall. Thanks for your time. I appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users