Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix stalling during install?


  • This topic is locked This topic is locked
8 replies to this topic

#1 netrate

netrate

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 July 2011 - 09:56 AM

I have been following instructions on Major Geeks to try and get rid of a malware virus that redirects my google and also opens up a browser (Maxthon IE shell) during bootup. I have had to go through quite a few of the steps and now I am at the point of using ComboFix :

http://forums.majorgeeks.com/showthread.php?t=139313

Last night, I was on the Combo Fix stage and found it stops installing at outfolder folder C:\32788R22FWDIN (I know this because I clicked on DETAIL in the installation box and it shows me the progress bar along with which part it is working on).

When it stopped installing the first time, it sat for 30 minutes (uninterrupted) and then the computer froze. I rebooted and tried again, this time it sat again (same place installation - if you click on details) and sat for another 25 minutes, but this time it did not freeze at all. I did read that you are not supposed to touch anything or click on anything during this time, but I thought at 25 minutes and it being 1:00am, that I would try again the next day (being on the computer for 2 days straight is starting to wear me down).

I noticed this morning that there is a new file folder called :

32788R22FWJFW on my hard drive. Should I delete this before trying to start combofix again?
What is in this file folder? It looks like an exact copy of my hard drive...

Thanks in advance

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:00 AM

Posted 07 July 2011 - 09:58 AM

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

What specific issues are you having that requires using ComboFix?

Compliments of QuietMan7

With that said:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#3 netrate

netrate
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 July 2011 - 10:19 AM

i have been instructed by the nice people at Major Geeks to follow this route.

Brief synopsis of the problem:

computer crashed 2 weeks ago, rebooted with XP repair virus. Ran all of the Malware, Rkill and SuperAnti Virus programs. Computer now reboots fine, but google is redirected and Maxthon (browser built on IE) opens on it's own to some spam webpage without me even touching the computer or even loading a program. So I followed all of the steps here :

http://forums.majorgeeks.com/showthread.php?t=230267

http://forums.majorgeeks.com/showthread.php?t=35407

It didn't fix the problem. Was told to go here:

http://forums.majorgeeks.com/showthread.php?t=139313

And now, as my OP said, I am stuck at the ComboFix part. It won't install for some reason.

Edited by netrate, 07 July 2011 - 10:19 AM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:00 AM

Posted 07 July 2011 - 10:22 AM

You should not be downloading malware removal tools and running them unless specifically told to do so by a Malware Removal Expert from the sites that have trained people to so. Please show me a link on a forum where you are currently being told to run combofix to solve your issue.

#5 netrate

netrate
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 July 2011 - 10:25 AM

http://forums.majorgeeks.com/showthread.php?t=240417

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:00 AM

Posted 07 July 2011 - 10:33 AM

Continue seeking help there. Having multiple threads open on various websites will add to confusion and possibly make things worse for you.

#7 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:09:00 PM

Posted 07 July 2011 - 10:40 AM

Based on what you've posted so far, it sounds like they've made you jump through a lot of hoops without much result. I can personally say that I am confident that if you follow the instructions provided by CryptoDan for preparing the info we need to help you as well as posting it in the correct place, the users on this forum will be able to help you resolve your issue. Your logs will be reviewed by someone who has been trained in malware removal and interpreting the logs you provide, and they will help you find the correct direction to take in removing your infection.

Best of luck!

*Edit: ...and CryptoDan has a good point, if you really want the issue resolved, I would pick this website and stick with its advice only. Everything is done methodically and another website's instructions may stop the fixes from working.

Edited by whoabuddy, 07 July 2011 - 10:41 AM.

Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#8 netrate

netrate
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 July 2011 - 10:49 AM

Thanks. The reason I posted here was because COMBOFIX.exe came from your site where I downloaded it, so I figured you would have the best chance at telling me what was going on when it wouldn't install. I wasn't going to ask any malware or virus questions beyond figuring out how to get Combofix working and whether I should delete the files it created.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:00 AM

Posted 07 July 2011 - 08:55 PM

Since you are receiving assistance from chaslang I am closing this thread to avoid confusion.

Should you have any questions, please PM me or another Moderator.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users