Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hanging Combofix


  • This topic is locked This topic is locked
13 replies to this topic

#1 rabadoo

rabadoo

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 01:50 PM

Good Morning- Ran C-Fix last night without an internet connection so didn't get the registry console. Continued with the scan and almost immediately came up with a "rootbit" error and C-Fix rebooted. Showed my background without any bars or icons, ie no desktop, just the background. After a few minutes it carried on with the scan through stage 50, created the log and the world was good. Windows booted without a hitch and I had internet access, Explorer and Outlook both ran fine. Just to be safe I ran malwarebite ONE MORE TIME and went home. This AM malware advised that there was nothing malicious anywhere. Wunnnerful, wunnerful. Thot since C-Fix had done such a good job I would rerun and with the internet connected and Trend Micro turned off, I would install the registry console for future use. Started C-Fix and got the registry installed and started the scan. Immediately I got the same "rootbit" error and C-Fix said it needed to reboot, which it did and is now once again back at my desktop-less background and has been there for nearly an hour with no blue screen in sight. I did a ctrl-alt-del to check for cpu activity and it shows no applications running and the only process is the "System idle process". How long do I wait before I power down and start over? Thx for your time. Steve

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:13 AM

Posted 02 October 2010 - 02:01 PM

Combofix Usage and other disclaimers?

Who instructed you to run Combofix?

#3 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 02:39 PM

The tech support people at my ISP.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:13 AM

Posted 02 October 2010 - 02:44 PM

Is your computer functional at all?

#5 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 02:47 PM

Yes, it responds to the ctrl-alt-del with the task manager and the pointer is functional, as I say it appears to just be hanging at the background point of booting. I will get a random momentary hour-glass next to my pointer for just a half-second sporadically.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:13 AM

Posted 02 October 2010 - 02:47 PM

I have asked more experienced people to take a look at this issue for you.

#7 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 02:49 PM

Thank you much. I'm an old DOS dog and reeeeeally hate powering down......

#8 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 03:06 PM

PS-We're now at about 3 hours and I failed to mention that I did print out and have available the log that was created last night after the scan without the recovery console.

#9 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 05:09 PM

An update. I finally shut down through my task manager. Gave it a minute and then powered up. All was as usual til we got to my background and immediately upon it we see a dos screen with C-Fix picking up at ".....preparing to run". It then continued on without reference to the recovery console that I managed to install this AM. We then went through the 50 stages, prepared a log and took me to my desktop as though nothing untoward ever happened. While I was previously waiting I read the guide for using malware and became aware that I was misreading "rootkit" as "rootbit". I then read the wikipedia def for rootkit and after I quit trembling I started reading the log from last night's scan (w/o registry console) and found under "Stealth MBR rootkit etc etc" that "MBR rootkit hooks" were located in 4 drivers and one device, with the final line being "user & kernel MBR OK". I then reviewed this latest log in the same area and found that the 5 "hooks" remained with the same final line. My question is: Do I have something nasty living in these "rootkit hooks" that's going to run out and grab info from my hard drive? "Harddisk0" is the sub-directory off the device with the rootkit hook. All else at this time appears to be running along just fine. Which means I must be missing something. Thanks to all for their time and support.

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:13 PM

Posted 02 October 2010 - 05:58 PM

If...you had read the link provided previous about the website policies concerning ComboFix...you probably should have realized that there is no one in the XP forum who can assist you.

We don't do malware...we are not qualified.

If you have questions about ComboFix...please read the link and give some credibility to what is stated...please.

Louis

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:13 AM

Posted 02 October 2010 - 06:06 PM

Hi rabadoo. Glad it was just a hiccup in the CF process and not any lasting damage. The helpers in the XP forum are not qualified to help with your problem.

If you have malware issue I suggest that you follow this guide and submit a malware removal topic:

http://www.bleepingcomputer.com/forums/topic34773.html

If you are unsure if you are infected then you can ask for help determining that in this forum:

http://www.bleepingcomputer.com/forums/forum103.html

#12 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 06:07 PM

Louis, Thank you so much for your assistance. I can't begin to tell you how much credibility you have lent to the situation. Thank you for your time and consideration.

#13 rabadoo

rabadoo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 02 October 2010 - 06:12 PM

Grinler- Thank you much for the links, I shall follow them. Again, thank you as I must have been typing as you were.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:13 AM

Posted 02 October 2010 - 10:49 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic351239.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users