Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix


  • This topic is locked This topic is locked
5 replies to this topic

#1 Roger44110

Roger44110

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 December 2010 - 09:55 AM

I installed and ran ComboFix,on a machine with winxp pro sp3. It removed the virus, however, it moved msconfig to Qoobox as a virus file. How can I restore msconfig? Furthmore, how can I have the log viewed by somone in the community, and have advice if I use combofix in the future? Thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:39 AM

Posted 16 December 2010 - 02:16 PM

How can I restore msconfig? ...

As part of its routine ComboFix creates a folder named Qoobox in C:\QooBox\Quarantine\ to keep various files inside it. Files listed in the ComboFix-quarantined-files.txt are those removed by ComboFix, copied and renamed so they are no longer a threat. The path to the removed file in the C:\QooBox\Quarantine folder shows the location where it was removed from. There are several ways to restore a file, but if CF removed a common file like msconfig, a closer look at your system is probably warranted.


how can I have the log viewed by somone in the community...


Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

:step2: ComboFix logs, where should I post them?

ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.

If you ran ComboFix on your own due to malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.


....and have advice if I use combofix in the future?

Just read the entire "ComboFix usage, Questions, Help? - Look here" topic and that will answer your question about using it on your own in the future..
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jcgoldy

jcgoldy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 December 2010 - 05:40 PM

I was able to add back the tcpip registry. Now I can not reconnect network drives and device manager shows nothing in the device manager view.

this was posted in the wrong thread I apologize.

Edited by jcgoldy, 16 December 2010 - 05:42 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:39 AM

Posted 16 December 2010 - 05:45 PM

this was posted in the wrong thread I apologize.

That can happen now and then so I understand.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:39 AM

Posted 16 December 2010 - 09:02 PM

Hello jcgoldy,

Because you have posted a log here: http://www.bleepingcomputer.com/forums/topic367688.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:39 AM

Posted 17 December 2010 - 05:09 AM

Hello Roger44110,

To state part of what Quietman7 in a different way, please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users