Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran combofix without following instructions...


  • This topic is locked This topic is locked
7 replies to this topic

#1 yonsterr

yonsterr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:05:35 AM

Posted 17 April 2011 - 03:15 PM

Hi!

Below please see my original post and boopme's response. Basically - my bro ran combofix without any prep/instructions and I'm trying to finish it up the right way.

I attached the three documents boopme requested and skipped the GMER step completely.

Thanks for your help! I really appreciate anyone taking the time to look at this.

yonsterr

Posted Today, 11:27 AM

Hi everyone!

I was having a google redirect issue that none of my programs could fix. My brother tried to fix my laptop and he ran combofix, and made it worse. He didn't follow any instructions (just ran it) and afterwards I couldn't open anything. Everything I tried (programs or files) came up with an error message saying that the registry keys were marked for deletion.

I found a few threads and the advice given to other people with the same problem was to open in safe mode and run sfc /scannow. I couldn't get into safe mode (windows start up repair launched and then froze...the second time I started windows normally and it worked). I ran sfc /scannow and it seemed to fix the registry key problem. The google redirect issue seems to be gone also.

My question is - now what do I do? Should I follow the instructions and run combofix again? Should I post the log from combofix in the log forum? Or just leave everything alone?

I'm not familiar with combofix but it seems like a pretty powerful tool, and I want to make sure there aren't huge steps I need to take now that it has been run on my pc.

Thank you!

*Using a Compaq laptop with Vista Home Premium.


#2 boopme

To INSANITY and BEYOND !!


Group: Moderator Posts: 38,222 Joined: 10-September 04 Gender:Male Location:NJ USA Posted Today, 02:43 PM

Let me first quote our quietman7's response

Quote

Combofix's disclaimer clearly says it is meant for for private use. The developer did not intend for his tool to be used any other way and it certainly was not intended for those running a computer business or for use in a business/corporate environment.

When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.



Having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you posted earlier.

Let me know if that went well.

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:35 AM

Posted 26 April 2011 - 02:56 PM

Hello yonsterr ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 yonsterr

yonsterr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:05:35 AM

Posted 26 April 2011 - 04:25 PM

Hi tea!

Thank you so much for getting back to me...and don't worry about the delay.

I'm attaching a new DDS log and hopefully I can muddle my way through HiJackThis to get you a log from there, too.

The google redirect virus seems to be gone, but I don't know what else I need to do (because my brother ran combofix without any prep/directions).

Thanks so much!

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:35 AM

Posted 26 April 2011 - 07:09 PM

Hi there Posted Image

That doesn't really look too bad. :) There are some things I'd like to tidy up, and I'd like to have another scan to be sure there aren't any nasties lurking that we can't see. How is it running?

I see bits of Norton running, and you seem to be using Avast! for your AntiVirus. I'd like to get rid of those bits.....Norton never uninstalls cleanly. <_< The Norton uninstall tool uninstalls ALL Norton 2004-present products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 yonsterr

yonsterr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:05:35 AM

Posted 26 April 2011 - 07:58 PM

Hey tea

I used the Norton uninstall tool and ran Malware Bytes.

Here are the results from Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6451

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

4/26/2011 8:47:08 PM
mbam-log-2011-04-26 (20-47-08).txt

Scan type: Quick scan
Objects scanned: 164791
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*Edit* - If everything is fine and dandy now, do I have to do anything else about combofix? I know I used a defogger and I think that disabled the cd drive - so do I use that again? Delete combofix? You've been such a huge help!

Edited by yonsterr, 26 April 2011 - 08:15 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:35 AM

Posted 26 April 2011 - 08:29 PM

Hello,

Yes, now that all looks to be well, we need to uninstall ComboFix. You can't just delete it because it does a little clean up routine of its own. Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

Re enable your CD drive, yes. You can keep DDS and/or HijackThis for just in cases. :wink:

If you have any questions or concerns, please feel free to ask. Otherwise..........

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 yonsterr

yonsterr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:05:35 AM

Posted 27 April 2011 - 06:48 AM

Thank you so much for your help! Have a good one!

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:35 AM

Posted 12 June 2011 - 01:43 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users