Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Gives Error Messages And Won't Run


  • Please log in to reply
3 replies to this topic

#1 Travasaurus

Travasaurus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Worth, Texas
  • Local time:01:27 AM

Posted 31 March 2011 - 08:21 PM

Mods: If this is better posted somewhere else then please feel free to move it.

I had a Dell notebook which I had worked on before and after running CCleaner, MalwareBytes, Spybot S&D, Windows Security Essentials (each of which found a lot of really nasty stuff) and updating SpywareBlaster it still had some problems which none of the previous programs would detect, and after they all gave it a clean bill of health I knew something was still wrong. I then used my trusty ComboFix program which for the first time ever refused to run and gave a variety of weird error messages about "can't run on a 64-bit system", "can't run with AVG installed" and other similar things.

Well, since the computer had the Vista Home Premium SP2 32-bit OS on it and didn't have AVG installed I knew something was Rotten in Denmark so I went back to the BC forums and found the TDSSKiller, which I downloaded and ran. See the log below for the results:

2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0961 3400 Scan finished
2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0977 4188 Detected object count: 1
2011/03/31 17:53:34.0646 4188 mouclass (0e6be2ddff3e98f92e465a4cdc886e5a) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 17:53:34.0646 4188 Suspicious file (Forged): C:\Windows\system32\DRIVERS\mouclass.sys. Real md5: 0e6be2ddff3e98f92e465a4cdc886e5a, Fake md5: 5bf6a1326a335c5298477754a506d263
2011/03/31 17:53:41.0416 4188 Backup copy not found, trying to cure infected file..
2011/03/31 17:53:41.0416 4188 Cure success, using it..
2011/03/31 17:53:41.0416 4188 C:\Windows\system32\DRIVERS\mouclass.sys - will be cured after reboot
2011/03/31 17:53:41.0416 4188 Rootkit.Win32.TDSS.tdl3(mouclass) - User select action: Cure
2011/03/31 17:55:18.0512 1584 Deinitialize success

Needless to say this nailed down the problem but I decided to run ComboFix once again just for the Heck of it and guess what? It ran flawlessly and did not detect any additional malware. I have used ComboFix on numerous occasions without any problem whatsoever, so the moral of this story is that if it doesn't work then try some other tool. It is still a great program but this shows that it can be suppressed by at least one other piece of nasty malware lurking around out there.

I hope this is of some help to someone else who may have a similar problem with ComboFix...

Edited by Travasaurus, 31 March 2011 - 08:22 PM.


BC AdBot (Login to Remove)

 


#2 Travasaurus

Travasaurus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Worth, Texas
  • Local time:01:27 AM

Posted 31 March 2011 - 08:27 PM

This is not a ComboFix log and the small portion of it I posted is for illustrative purposes only; I am not asking for any help, just sharing my experience. I hope that is not a violation of the rules...

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 AM

Posted 31 March 2011 - 08:43 PM

That is a TDSS Killer log to remove a Tdl3 Rootkit infection. It is never recommended to run ComboFix on your own without someone trained in its use' supervision. This is the Writer's recommendation. It is not a cure all nor a toy.

ComboFix usage, Questions, Help? - Look here


Edit moved topic to AntiVirus, Firewall and Privacy Products and Protection Methods

Edited by boopme, 31 March 2011 - 08:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:27 AM

Posted 01 April 2011 - 09:38 AM

This is the pertinent section of the log which indicates a TDSS rootkit infection as noted by boopme. The forged file was identified and will be cured after reboot.

2011/03/31 17:52:53.0977 4188 Detected object count: 1
2011/03/31 17:53:34.0646 4188 mouclass (0e6be2ddff3e98f92e465a4cdc886e5a) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 17:53:34.0646 4188 Suspicious file (Forged): C:\Windows\system32\DRIVERS\mouclass.sys. Real md5: 0e6be2ddff3e98f92e465a4cdc886e5a, Fake md5: 5bf6a1326a335c5298477754a506d263
2011/03/31 17:53:41.0416 4188 Backup copy not found, trying to cure infected file..
2011/03/31 17:53:41.0416 4188 Cure success, using it..
2011/03/31 17:53:41.0416 4188 C:\Windows\system32\DRIVERS\mouclass.sys - will be cured after reboot
2011/03/31 17:53:41.0416 4188 Rootkit.Win32.TDSS.tdl3(mouclass) - User select action: Cure

To learn more about this infection please refer to:Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users