Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to extract files from combofix to run it from a read-only media


  • Please log in to reply
7 replies to this topic

#1 3dholly-windows

3dholly-windows

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 12 September 2011 - 02:04 PM

Hello users,

I have a windows xp pro sp3 that was infected overnight with a rootkit virus and I fear that running combofix from the hd can infect the cleaner itself not allowing it to detect the virus to its fullest.

I use to run combofix from a read-only media but now it fails it says it can't extract all the files. Plus I found out, it uses to run from the HD anyway after decompressing it.

So to have extra protection I've like get to help so I can extract all files to a read-only media such us a zip disk or a sd card and load it from there, so that I can be sure the files are loaded into memory straight from the media avoiding other risks.

Hope this is clear.
Have a Good Day

Edited by hamluis, 12 September 2011 - 02:44 PM.
Moved from XP to AV, Firewall, Privacy.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:49 PM

Posted 12 September 2011 - 02:10 PM

First:

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

What specific issues are you having that requires using ComboFix?

Compliments of QuietMan7

Second:

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.

#3 3dholly-windows

3dholly-windows
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 13 September 2011 - 04:33 PM

I only want to know how to extract the files to a protected media then the hard disk. So I can always be sure I have a virus free tool... unless you can tell me there is no risk in running combofix off the HD even if windows has a root kit on it.

So far I tried running combofix off a 100mb zip on a 750 drive that can only read from it but that doesn't work anymore as it did a year ago.

Edited by peruano1947, 13 September 2011 - 04:36 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:49 PM

Posted 13 September 2011 - 05:38 PM

If you think you are infected then in the future I would highly recommend using combofix in a supervised environment regardless of how much you may think you know about computers. The use of combofix can make a system into a very expensive paper weight, and of which could result in the total loss of data. Please read the first thing I mentioned in my post above.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 AM

Posted 14 September 2011 - 12:12 PM

I only want to know how to extract the files to a protected media then the hard disk. So I can always be sure I have a virus free tool.

ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses.

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it. This is because people should not be using ComboFix without being advised to do so by a trained expert (i.e. Malware Response Team) who is assisting a member deal a malware issue on that system. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

Further, using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 3dholly-windows

3dholly-windows
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 15 September 2011 - 03:29 PM

god

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:49 AM

Posted 15 September 2011 - 11:00 PM

Yes
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 AM

Posted 16 September 2011 - 06:29 AM

No...just a Bleepin' Janitor who sweeps and mops as needed around here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users