Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OK following up from the Animal forum


  • This topic is locked This topic is locked
12 replies to this topic

#1 Destodes

Destodes

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 17 December 2010 - 10:41 PM

When Combofix runs I get a message about PEV.???? is corrupt... FYI

Attached Files



BC AdBot (Login to Remove)

 


#2 Destodes

Destodes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 17 December 2010 - 10:55 PM

OK? Did I post Poison? no responses or views?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 19 December 2010 - 04:44 PM

Hello Destodes ,

Posted Image

Nope, you didn't post poison....but there are still almost 500 unanswered logs before yours, and very few of us volunteers to take them.

Would you mind telling me what the Animal forum is? I'm not familiar with it but need to have a look so I know what you've done already. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 Destodes

Destodes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 19 December 2010 - 04:50 PM

My first post was moved into a forum titled "Animal" at the top. Someone then asked me to post some logs into this forum.. Trying to follow directions, but I wondered if that would confuse.

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 19 December 2010 - 04:58 PM

Hello,

I'm tempted......but I won't tease you about this. :wink:

I want to know what this is :

2010-12-17 22:59 . 2010-12-17 22:59 -------- d-----w- C:\$WINDOWS.~LS
2010-12-17 22:56 . 2010-12-17 23:05 -------- d-----w- C:\$UPGRADE.~OS
2010-12-17 22:55 . 2010-12-17 22:55 -------- d-----w- C:\$WINDOWS.~BT


I also want to know what this is :

Running from: h:\computer-repair-utility-kit-v2\Virus Removal\ComboFix.exe

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Destodes

Destodes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 19 December 2010 - 09:54 PM

this..

2010-12-17 22:59 . 2010-12-17 22:59 -------- d-----w- C:\$WINDOWS.~LS
2010-12-17 22:56 . 2010-12-17 23:05 -------- d-----w- C:\$UPGRADE.~OS
2010-12-17 22:55 . 2010-12-17 22:55 -------- d-----w- C:\$WINDOWS.~BT

not real sure, go ahead and tell me, tease if you must, I'm a big boy..

this..

Running from: h:\computer-repair-utility-kit-v2\Virus Removal\ComboFix.exe

is me running combofix from my thumb drive.

scott

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 20 December 2010 - 11:39 AM

Hello,

No no....I wouldn't tease you about your logs. That isn't my style. I was talking about the Animal forum. :lol: There is no Animal forum. What you saw was our Admin, whose name is Animal, stating that he moved your topic. It took me a few seconds to figure it out, and then I found your other post, with his edit in it, and understood what happened. Quite honestly it tickled me and was one of the highlights of my day. :thumbup2:

Now....you should not have been running ComboFix on your own. It's dangerous. The error you saw was a ComboFix file, and it's likely that one of your protection programs flagged it as bad, which happens often. AVG has to be uninstalled so it will run properly.

Now tell me what problems you're having. Aside from those folders I don't see any huge reason for alarm so I need to hear it from you. :thumbup2: Have a look inside one of them and tell me what's in there, would you please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Destodes

Destodes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 20 December 2010 - 02:45 PM

Haha! Animal... :thumbup2:


Just to give you a little background... I am a Network Engineer for a consulting firm, I clean viruses and malware daily.. and I have been using Combofix for years, so don't be alarmed at my "running it on my own".

Actually in my testing, I believe the problem may not be due to a virus at all. I have a good backup of the system, so I installed a new hard drive in the system, installed windows and the updated drivers, and combofix still says that regedit is infected, and I am still unable to run windows update. I believe it is a dell driver that is somehow causeing a false positive on regedit and breaking the windows update function.

Not sure if you have seen anything like that before, but I sure havent run across a situation quite like this before.

Also, those folders have to do with me attempting an in-place upgrade to try to repair the windows update functionallity, which did not help.

I would be interested to hear your thoughts on my theory.

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 20 December 2010 - 03:07 PM

Well that explains a lot....thank you. :thumbup2: So many times we see weird things and they never get explained....which makes the whole process longer by having to guess. :blink:

Do a search for regedit....where all does it show up? Replace it with a known good copy and see if it still shows up as infected after that. Dells are so hard to deal with....quirky at best. Have you tried getting updates directly from MS?

ComboFix.....there's a LOT more to it than meets the eye. Be careful.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Destodes

Destodes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 20 December 2010 - 10:26 PM

The problem was the Intel rapid storage driver.. as soon as I found an update for it and installed, Windows update is working fine, and no infected regedit!!?? curious about how regedit and rapid storage are tied together though? very weird??? Thanks for your help.

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 21 December 2010 - 05:16 PM

Excellent! :thumbsup: I knew I didn't see anything in the logs, and the few things I wondered about were explained. Sometimes troubleshooting back and forth is the best medicine. :thumbup2:

Happy holidays to you, and take care!

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Destodes

Destodes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 21 December 2010 - 05:46 PM

Thanks, And Merry Christmas to you! I don't usually have any problems removing infections (which I thought I had since it was saying regedit was infected), so this is the first time I have contacted anyone else for support. I appreciate you working with me on this, even though it turned out to not be infected. I pray you have a Blessed Christmas Season!

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:04 AM

Posted 27 December 2010 - 12:13 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users