Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Devastating Deletion Log


  • Please log in to reply
4 replies to this topic

#1 goldenjosh

goldenjosh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fayetteville, GA
  • Local time:11:59 AM

Posted 10 April 2011 - 11:17 AM

I have attached a combofix.txt log from a few days ago from a XP Home PC.
Attached File  ComboFix.txt   51.81KB   20 downloads

I work as a level 1-2 technician for a local computer helpdesk/repair company. I have used combofix 1000s of times, but last week, I was completely speechless as I watched combofix delete...c:\windows\system, system32, .dll's, and other system files. I have heard horror stories that Combofix can completely devastate a computer, but seeing it do it right in front of your eyes on-site was horrifying.

Setting: A customer called in to schedule a virus removal on site. I went on-site and did my normal routine. Safemode > Malwarebytes > (rename avg)> reboot > normal boot > combofix. MBAM found and removed 3 trojans and some adware which included the infection that I was sent out there for. But to be safe, I always run combofix. To my amazement, combofix started deleting... well check the log. I was able to reboot fine afterwards, but that's the only normal thing that happened. Drivers were missing, programs failed, errors everywhere.

Is there any input on this log? Maybe some explanation as to what happened here?

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:59 AM

Posted 10 April 2011 - 12:20 PM

I just notified malware team.
Someone will post back here shortly.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:59 AM

Posted 10 April 2011 - 01:28 PM

goldenjosh, there was a bug in CF that caused this. This bug has since been fixed. Unfortunately, I cannot go into any more details without compromising the internals of the program.

Is this computer still having issues or have you since resolved it?

#4 goldenjosh

goldenjosh
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fayetteville, GA
  • Local time:11:59 AM

Posted 10 April 2011 - 02:48 PM

Well, after Combofix finished and said files were deleted, I was able to recover most of the OS features with a combination of System Restore and Repair Install. However, some of the programs were still bugged out, and the owner of the computer just decided to purchase a new machine and have his personal data transfered off. Unfortunately I do not have any additional information regarding this computer because owner of the computer took it home with him.

This bug has been fixed correct? I have to admit that I have scared to use Combofix since Thursday when this happened. I rely on Combofix every day as part of my arsenal to clean up computers; however, it is one of the most dangerous programs we use because it deletes whatever it marks without prejudice, without user intervention.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:59 AM

Posted 10 April 2011 - 08:42 PM

Yes, it was quickly 100% diagnosed and fixed when the author was alerted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users