Posted 09 December 2010 - 11:47 PM
Hi I am wondering how I can post either through this forum topic or another forum what occurred in use of ComboFix tonight. I had an isue with hitting a site on Google which was for parts information on a laserjet and I can't remember the site nmae as it was removed quickly after I got a security alret from Symantec Endpointprotection of a http redirect. At that point I disabled LAN connection and on quickly ran CC Cleaner, and then did a Malwarebytes A/M quick scan. I was not surprised to see a bunch of Trojan.bho that were loaded. On cleanup, I sent Symantec a report that of the items that which SEP proported to filter out, damage from these were still implemented. Malwarebytes A/M did trap all 17 items of which all were deleted from system. I then flushed system restore and then emptied my Recovery Console, not Recycle bin of which Executive Software's package manages that now. What I am concerned about though is that when I followed up with use of ComboFix, this time and only for the first time, tonight, ComboFix automatically deleted several items which are safe and needed for various programs. First of all here is a text copy of direct deletions : "
2010-09-30 02:40:50 . 2010-07-31 00:53:11 9,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Harry Downs\My Documents\Readiris.DUS.vir
2010-09-30 02:32:08 . 2009-09-04 06:39:43 12,393 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Harry Downs\Favorites\HP_Chat_Session_4_Sep_2009_2_39.html.vir
2010-09-30 02:28:13 . 2005-05-26 21:58:33 6,144 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Harry Downs\Favorites\Thumbs.db.vir
2009-10-13 06:32:23 . 2005-01-27 00:11:52 53,248 ----a-w- C:\Qoobox\Quarantine\C\Undelete.exe.vir
2001-10-04 15:24:52 . 2001-10-04 15:24:52 1,272,320 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\System\msxml4.dll.vir
2001-10-04 15:20:54 . 2001-10-04 15:20:54 82,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\System\msxml4r.dll.vir
I had to restore the files, Readirus is a control file for ReadIris scanner aoftware package, then the chat log file link I had with an HP tech on a business issue, then a program undelete.exe which is a DOS based undelete program which I still use from time to time, and then the two msxml14 and 14r dll files which are used by Norton Password Manager 2004. Without the respective files in place, my startup was out of whack and thus for the immediate need, Read iris did not function, nor did the startup of Norton Password Manager producing Visual C++ runtime errors. I restore thes, but how can I report this so proper feedback can get to the developers of the great program ComboFix. One more thing, it is a great tool to use and has helped me as well as my business clients ot from time to time. Once I put those files back in and removed the .vir extension, next immediate re-boot was cured and everything working again. Thank you very much.!!!