Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo fix question?


  • Please log in to reply
3 replies to this topic

#1 Eslie

Eslie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 13 July 2011 - 10:17 PM

Hi All,

I was infected yesterday by a rootkit. It all started after my wife searched some children doll websites,
and Microsoft Security Essentials shut down on me. I tried to restart MSE and I got a Access Denied message.

MSE stated that my system was at HIGH RISK. So I tried again, same result. I deleted MSE and re-installed it.

I got the same result. So I tried again..now with Malwarebytes. It ran for 4 seconds before it closed down.

After I noticed it was gone I opened Malwarebytes again and got an Access Denied message. OH NO IM INFECTED!

FREAKED out I went online to Microsoft and the only support offered is through e-mail and response is 24-48 hrs

I decided to send them an e-mail regarding the issue and to see If I can do it on my own.


Found Malwarebytes forum and read the thread of a similar case. It was recommended to use COMBOFIX...witch did help!

It found "rootkit.zeroaccess: and to delete it to use TDSSKILLER.

I ran TDSSKILLER and deleted the bad file. Rebooted the system and after it loaded...re-ran Combofix again to make
sure. Combofix scanned and still found the rootkit! Note: Its 3:00AM..Went to bed!

7-13-11 Microsoft responded and allowed a chat session with tech department. "Renuka" was very helpful, she remote PC to my
system and Ran a few diagnostics and in safe mode with networking on she downloaded SuperAntiSpyware and scanned the system.

After she did all that the infection was found and remedied. Now I showed her the Combofix log and she said that Combofix
might be corrupted because System 32 was found to be infected and that was not the case.

I just want to delete Combofix and TDSSKILLER from my system. How can this be done without harming my computer.

I appreciate your help.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:36 AM

Posted 13 July 2011 - 10:21 PM

Please note: ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

You may find this topic informative - ComboFix usage, Questions, Help? - Look here

***************************************************

To answer your question, you may remove Combofix as follows.

  • Click on Start>Run
  • Now type combofix /Uninstall in the runbox and click OK. Notice the space between the "x" and "/".
  • You will then recieve a message letting you know that Combofix was uninstalled Successfully.
This will remove files/folders assoicated with combofix and uninstall it.

***************************************************

You may simply delete TDSSKiller.

Hope that helps.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Eslie

Eslie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 13 July 2011 - 10:46 PM

Thanks Blade! Your awesome! :thumbup2:

It removed it fast.

Had to delete MSE to allow it to process,
did not know how to turn off MSE.... :crazy:

Also deleted Tdsskiller no problems! :busy:

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:36 AM

Posted 13 July 2011 - 11:12 PM

Glad I could help :)

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users