Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Combofix scan registry in Boot environment?


  • Please log in to reply
8 replies to this topic

#1 Techdude1

Techdude1

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 26 March 2011 - 01:10 PM

Hello! I recently downloaded the Hiren's Boot CD and it contains Combofix amongst many other fine programs. Question: Can Combofix scan/fix a registry problem? I already ran Kaspersky Boot CD and it removed the doggone PLAYSUSHI.EXE file that has rendered the PC unbootable. Still, it won't boot into windows. Methinks this is a registry issue. Will running Combofix repair what I suspect is a skunked registry?
And by the way, I am 100% certain that there is NO other malware besides this darned playsushi game.

Thanks.

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:24 AM

Posted 26 March 2011 - 01:51 PM

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

What specific issues are you having that requires using ComboFix?

Compliments of QuietMan7

#3 Techdude1

Techdude1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 28 March 2011 - 12:38 PM

The PC in question was just reformatted with Win 7 and tested for 2 days. Everything was perfect. I told the teen-aged owner NOT to download PLAYSUSHI.EXE again as it was the cause of the first crash. She did it anyway. Two days after I left, she called me and said it wouldn't boot into windows anymore. I ran a Kaspershy Boot cd and it found and deleted the playsushi.exe file. However, the pc still won't boot into windows.
It must be the registry files that playsushi left behind.
QUESTION: Since Combofix is on the Hiren's Boot CD, can Combofix run in the boot environment and effectively scan and fix any registry issues?
This machine was JUST reformatted recently. Playsushi is the ONLY CULPRIT.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:24 AM

Posted 28 March 2011 - 04:29 PM

Combofix should not be used unsupervised. Is the machine you are working on infected?

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:24 PM

Posted 28 March 2011 - 06:11 PM

Hi,

It is unlikely that playsushi should have rendered your PC unbootable. What happened before the PC machine became unbootable. How is it unbootable?

Do you get a BSOD? Do you see the BIOS information show up? Can you still get to the Windows loading screen? Can you still get to the Windows login screen?

Since you have Windows7 and your Windows CD available you have the option to use startup repair or system restore from recovery console to trouble shoot and likely fix the issue.

ComboFix is not made to be used on a live-cd. In addition the version used by Hiren's is very old and outdated, so even if it were to work, it would be of no use because the tool is too old.
I definitely advise against running ComboFix from Hiren's live-cd. Anybody that has had training to handle the tool, would also never advise you to run it from a Live-CD.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Techdude1

Techdude1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 March 2011 - 11:33 PM

I don't know exactly what was done after I left the PC with the teen-aged owner. I can say that it had just been reformatted with 7 and thoroughly tested and was fine. 2 days later it would no longer boot into windows. It says "Windows failed to start. A recent hardware or software change might be the cause". Then it tries to start and blue screens in 1 second and just keeps doing that in a continuous loop. Start,crash,start,crash.

It feels to me like it could be a rootkit, but i have scanned the heck out of the PC and found nothing but Playsushi. That was already deleted. The machine is not infected. BTW, I suspected that Combofix could not effectively be run from a bootable environment. That is why I asked first before attempting. This is perplexing to me. I'm beginning to run out of speculation as to what is causing this. I can always just reformat again.
It angers me to do that. I really want to SOLVE this for my own satisfaction rather than take the easy way out. Any advice you have would be greatly appreciated.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:24 PM

Posted 30 March 2011 - 05:49 AM

Hi,

have you noted down the BSOD? You can disable automatic reboot through the advanced boot menu.
Have you tried to enable boot logging to see what is causing the problem?

If this is a rootkit you definitely have more on board han playsushi.

We can definitely help you, however in that case I'd ask you to post in the malware removal forums. Do you have the Windows CD that goes with the install? If so a simple "startup repair" may fix the boot issue and you could check for malware from inside the running OS later, which gives you higher chance of finding what the problem is.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Techdude1

Techdude1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 02 April 2011 - 12:52 PM

Thanks for your replies. I am new to bleepingcomputer and I thought this WAS the malware removal forum. Sorry. Please spell out for me which is the proper forum for me to post to.

Also, I will try some of your solutions with startup repair etc. I think its also possible that a setting was changed somewhere and maybe that is what is causing this problem. I will investigate all avenues and hopefully come up with an answer soon.

#9 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:24 AM

Posted 02 April 2011 - 01:10 PM

I am new to bleepingcomputer and I thought this WAS the malware removal forum. Sorry. Please spell out for me which is the proper forum for me to post to.


The proper forum for posting Malware removal logs is: Virus, Trojan, Spyware, and Malware Removal Logs

Thank you for asking for clarification. :thumbup2:

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users