Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Deleting Files From Soundcard


  • Please log in to reply
15 replies to this topic

#1 colormebad

colormebad

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 14 April 2011 - 05:34 PM

I been using combofix for a long time with no problems...Just over the last few weeks' everytime i run combofix' it deletes something in the santacruz soundcard folder..I have to go back and reinstall my drivers....Have a friend also that everytime he runs combofix ' his dvd roms doesnt work right....

Edit: Moved topic from General Chat to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 todai

todai

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 15 April 2011 - 10:37 AM

it it true?

#3 Tim55253

Tim55253

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 15 April 2011 - 05:24 PM

I really don't think you should be running Combofix that often.

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


I mean, it might sound a bit extreme, but it still seems like something you should really consider.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 15 April 2011 - 11:30 PM

Can you provide the name of the specific file name and I will advise the developer?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Jessica R

Jessica R

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:07:43 AM

Posted 26 May 2011 - 11:12 AM

When I ran ComboFix (which fixed things right up, by the way), it deleted an entire program and its database. This program is certainly not malware or anything close to such. Having to reinstall my program wasn't too big of a deal and getting rid of the malware was worth the trouble and loss of data, but I am wondering if there is a way to tell ComboFix to ignore certain files and/or folders - for future reference, just in case I ever need to run ComboFix again, which I hope I won't ever have to do.

Thank you!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 26 May 2011 - 12:29 PM

Welcome to BC.

We would need to know the specific file/program and submit a sample to the developer so he can investigate.

This is just another reason why you should only use ComboFix under supervision. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Jessica R

Jessica R

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:07:43 AM

Posted 26 May 2011 - 03:00 PM

Heh, yeah, I am guilty of "performing open heart surgery on [my]self." But I read so much about how to do it and I'm no slouch with computery stuff that I figured I'd be okay without supervision. For the most part, it went well. Losing that program and its data was the only "aw, man!" thing that happened. I suppose I got lucky and I'm glad of that.

The program is called Messenger Stationery Builder. It is used to print information onto pages for guestbooks for funeral services. The file types are mostly .xml and .png from what I can tell. I'm guessing the way the program names things is why they looked suspicious - for example: 0cce7cb2-0a22-4b7a-9328-11316ef01d55.xml

Would this be a good place to upload a file sample? If not here then where/how should I go about doing that?

Thank you.

~ Jessica

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 26 May 2011 - 04:36 PM

Please submit (upload) a copy of the file to this Submit Malware Sample page.
  • Fill in the requested information.
  • Zip the file using a zipping program (i.e. 7-zip, WinRAR).
  • Click the Browse... button and navigate to the location of the file.
  • Click on the file to highlight it and choose Open.
  • Click the Send File button.
  • You will not be able to view the files that have been uploaded as they only show to the authorized users who can download them.
  • sUBs will be able to collect the file from there and examine it.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Jessica R

Jessica R

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:07:43 AM

Posted 26 May 2011 - 04:55 PM

One file is submitted. Thanks for those great instructions.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 26 May 2011 - 05:15 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 28 May 2011 - 06:58 AM

Jessica R

sUBs wants to know the file path. He said the xml file is not much help and he would like you to upload the program's installer and the ComboFix log of the deletions. This would allow him a better understanding as to what happened.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Jessica R

Jessica R

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:07:43 AM

Posted 01 June 2011 - 08:31 AM

Ok. I don't remember exactly which of the files I submitted, but pretty sure it was this one located at this filepath:
C:\Documents and Settings\owner\Application Data\Messenger\StationeryBuilder\Stationery\357ec3d8-e851-41e9-be51-4026cd67d328\0cce7cb2-0a22-4b7a-9328-11316ef01d55.xml

The log and the installer will be uploaded momentarily.

Update: The files have been submitted.

Edited by Jessica R, 01 June 2011 - 08:40 AM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 01 June 2011 - 08:39 AM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 AM

Posted 02 June 2011 - 06:07 AM

sUBs received the information and will delist the folder CF targeted so this shouldn't happen again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Jessica R

Jessica R

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oklahoma
  • Local time:07:43 AM

Posted 02 June 2011 - 11:03 AM

That is great. Thank you! And please forward my thanks to the sUBs. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users