Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Using Combo fix as of 12/09/10 created false deletions

  • This topic is locked This topic is locked
4 replies to this topic

#1 hdowns


  • Members
  • 4 posts
  • Local time:08:10 AM

Posted 09 December 2010 - 11:47 PM

Hi I am wondering how I can post either through this forum topic or another forum what occurred in use of ComboFix tonight. I had an isue with hitting a site on Google which was for parts information on a laserjet and I can't remember the site nmae as it was removed quickly after I got a security alret from Symantec Endpointprotection of a http redirect. At that point I disabled LAN connection and on quickly ran CC Cleaner, and then did a Malwarebytes A/M quick scan. I was not surprised to see a bunch of Trojan.bho that were loaded. On cleanup, I sent Symantec a report that of the items that which SEP proported to filter out, damage from these were still implemented. Malwarebytes A/M did trap all 17 items of which all were deleted from system. I then flushed system restore and then emptied my Recovery Console, not Recycle bin of which Executive Software's package manages that now. What I am concerned about though is that when I followed up with use of ComboFix, this time and only for the first time, tonight, ComboFix automatically deleted several items which are safe and needed for various programs. First of all here is a text copy of direct deletions : "
2010-09-30 02:40:50 . 2010-07-31 00:53:11 9,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Harry Downs\My Documents\Readiris.DUS.vir
2010-09-30 02:32:08 . 2009-09-04 06:39:43 12,393 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Harry Downs\Favorites\HP_Chat_Session_4_Sep_2009_2_39.html.vir
2010-09-30 02:28:13 . 2005-05-26 21:58:33 6,144 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Harry Downs\Favorites\Thumbs.db.vir
2009-10-13 06:32:23 . 2005-01-27 00:11:52 53,248 ----a-w- C:\Qoobox\Quarantine\C\Undelete.exe.vir
2001-10-04 15:24:52 . 2001-10-04 15:24:52 1,272,320 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\System\msxml4.dll.vir
2001-10-04 15:20:54 . 2001-10-04 15:20:54 82,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\System\msxml4r.dll.vir

I had to restore the files, Readirus is a control file for ReadIris scanner aoftware package, then the chat log file link I had with an HP tech on a business issue, then a program undelete.exe which is a DOS based undelete program which I still use from time to time, and then the two msxml14 and 14r dll files which are used by Norton Password Manager 2004. Without the respective files in place, my startup was out of whack and thus for the immediate need, Read iris did not function, nor did the startup of Norton Password Manager producing Visual C++ runtime errors. I restore thes, but how can I report this so proper feedback can get to the developers of the great program ComboFix. One more thing, it is a great tool to use and has helped me as well as my business clients ot from time to time. Once I put those files back in and removed the .vir extension, next immediate re-boot was cured and everything working again. Thank you very much.!!!

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,714 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:10 AM

Posted 09 December 2010 - 11:49 PM

ComboFix logs should not to be posted outside the Virus, Trojan, Spyware, and Malware Removal Logs forum. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#3 hdowns

  • Topic Starter

  • Members
  • 4 posts
  • Local time:08:10 AM

Posted 10 December 2010 - 05:55 AM

I will re-post this to the appropriate forum. Not knowing which forum was the liely repository, I posted it here. Sorry to disturb your mindset and activate the arrogance in your response in a non-professional way. If it was that you are so inclined to demonstrate your authrotiy or technical prowess in your response, all you tended to do was inflame the confidence that someone would of taken note and reviewed the aforementioned post as a real item of concern. You should take a moment of pause and refrain from irritating people whom are seeking help herein. Folks like you with a chip on the shoulder tend to give forums a bad name. If you had read, I have used ComboFix on this same PC for the last four years when on occassion there has been further need for resolution and without any false positive removal of known good programs and settings. And in this instance, Combo Fix had tripped up removing files that for the last four years had never been filtered out as a potential issue. I do hope by posting this program in the right forum, someone of concern will review this post as a real need for review. Don't worry, I won't ruffle your feathers any longer. Go back to your own little safe kingdom.

#4 ThunderZ


  • Deactivated
  • 4,454 posts
  • Gender:Male
  • Local time:08:10 AM

Posted 10 December 2010 - 09:03 AM

@ hdowns. That is a standard canned response that all Posters get when they chose to use ComboFix without proper instruction.

According to your first post, you have now experienced why the warning was given and should have been heeded prior to it`s usage.

#5 hamluis



  • Moderator
  • 56,272 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:10 AM

Posted 10 December 2010 - 10:08 AM

Members of the XP forum (or any other forum save those which deal with malware issues here at BC) are not qualified to answer ComboFix questions...other than in the manner which has previously been presented.

If you want to take offense at "seeing the proper doctor for the proper treatment, analysis, etc.", that's your right. No offense was intended or conveyed, in my perception.

Following is a paraphrased quote which is recognized as basic re inquiries about ComboFix:

"No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/topic273628.html .

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or there is a problem with the computer caused by running it. This is because people should not be using ComboFix without being advised to do so by a trained expert who is assisting a member deal a malware issue on that system. Further, more information is needed by using tools like DDS, OTL, RSIT which create comprehensive logs with specific details about a computer's system, files, folders and registry keys which may have been modified by malware infection BEFORE deciding if ComboFix should be used.

If you need assistance with a malware infection, please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts."

This post is now closed.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users