Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Issue with XP PRO


  • Please log in to reply
8 replies to this topic

#1 Swederell

Swederell

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 21 March 2011 - 04:54 AM

Hey.

Trying to remove a nasty rootkit from an XP machine with ComboFix, but when it gets through the initial loading bar it comes up with the message "ComboFix is only for use with Windows 2000 and XP machines". It is the latest version of ComboFix, downloaded straight from BleepingComputer. My thoughts are that the rootkit has corrupted the registry so much that ComboFix doesn't recognise Windows XP, Any way to force ComboFix to act like it is an XP machine?

Would really hate to have to completely reinstall the machine. Have already tried to repair XP but the setup utility doesn't recognise Windows either and just asks which partition to install on.

Edited by hamluis, 21 March 2011 - 06:39 AM.
Moved from XP forum to AV, Firewall, etc.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:19 AM

Posted 21 March 2011 - 06:38 AM

FWIW: ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/topic273628.html

Since ComboFix is a specialized malware tool...it is not a proper topic for discussion/analysis in the XP forum.

I will move your post to a forum where someone may be better able to respond/guide.

Louis

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:19 AM

Posted 21 March 2011 - 12:57 PM

Hello Swederell, and welcome to BleepingComputer!

Am I correct to assume that you did not actually manage to run Combofix?

What rootkit are you infected with?

As a general note: I do not recommend anyone to run Combofix unsupervised; this is a very powerful tool and can cause quite some damage in some cases.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Swederell

Swederell
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 24 March 2011 - 09:20 AM

Thanks for the help.

Turns out the rootkit had recognised ComboFix and had changed the compatibility settings to run as if it was running on a Win98 machine, hence why it wouldn't recognise it was an XP machine.

Found it because was going to use the Compatibility settings to run as W2K and see if that would work.

oh well, lesson learned for next time.

btw, not my first time of using ComboFix.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:19 AM

Posted 25 March 2011 - 11:08 AM

Thank you for sharing your solution and glad to hear things are fine now. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Swizzler

Swizzler

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 28 March 2011 - 02:16 PM

I am running into the same issue, but changing the compatibility settings fix didn't work. Other symptoms of the infections on this computer are URL search redirection and antivirus programs not being able to update correctly. I've run Malwarebytes & Spybot S&D scans that were successful in running (used offline definition files) and curiously enough I was able to install MSE and update that program and run a scan, but on other antivirus programs I haven't been able to use their definition updates.

system is a win XP Pro SP3 32bit machine.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:19 AM

Posted 28 March 2011 - 02:27 PM

Hello, I strongly recommend you follow the steps in the Preparation guide and post your logs for review of one of our malware experts.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Swizzler

Swizzler

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 29 March 2011 - 11:25 AM

isn't there just a way to force combofix to run? its obvious that its getting this error due to interference by an infection so it cannot run the scan and possibly remove the infection. I understand that if something goes wrong I have myself to blame.

Edited by Swizzler, 29 March 2011 - 11:26 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:19 AM

Posted 29 March 2011 - 12:16 PM

Yes, but doing that on your own could lead to complications like your computer not booting properly anymore, which is exactly why we recommend not to use Combofix without guidance.

If you post in the Malware Removal forum you're assured you'll be assisted by someone trained in the usage of Combofix. In case something goes wrong, they know how to help you get things back in working order.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users