Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How shall I put this...Posted Image DO NOT RUN ComboFix unless requested to".


  • This topic is locked This topic is locked
2 replies to this topic

#1 raf96

raf96

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:59 PM

Posted 29 November 2011 - 05:48 AM

:whistle:

He he he.... As you can probably already tell... I'm not exactly what one might call.... a patient man :lol:

If anyone could fairly quickly assist me, that would be so great... It's not a full assist, just a nudge in the right direction :wink: ...

So you know what I did right? I bet I'm not the first one either...

Curiosity got better of me and I've decided to run Combofix.
I thought, that as most malware removal utilities show results before taking any action, as I shall do it as it might benefit me.


:P boy was I wrong... Bottom line is it removed a lot of my basic, and I'm quite positive for the most part, clean legit software.

But it did find something that I would never have notice though...
C:\desktop.ini
c:\users\Rafal\AppData\Local\Temp\aimemb.dll
c:\users\Rafal\AppData\Local\Temp\aimemb64.dll
c:\windows\SysWow64\system


desktop.ini I'm confident, was not related to any virus, as I often check those. That particular one was specifying a directory for a folder background img.

The other stuff, I have no clue about...

...so I'm not really that pissed about the whole thing, it's just my last backup IMG was done over a month ago, and during that time I've been intensely customizing all of my setting, just the way I like it... it was really a lot of work, and I figured I'm just gonna clean my system up and I'll run a back up... not my proudest moment mind you :crazy:...

... so what I'd like to ask you is how do you restore that img created by combofix. Since my drive didn't loose any "weight" that means, everything is right there on the C:\ drive, only all of it is in .dat format.

Is there a way to attach it as a virtual partition like you would regular .vhd?

The thing is, I did have some issues there, which I could not resolve... like locked registry files.( most like because of taking ownership of some high security files from damn zonealarm firewall, and I'd like to remove those viruses as well of course... if it's possible... as I look thru the list I recognize 99 percent of the files there so I would just go thru them one by one if I had to... JUST HOW?Actually if it's possible to restore it as it was before, works for me too. Since now I know about some of those issues I'll fix'em later.


BTW... I didn't do the suggested pre .logs either... so the only thing I can offer you is combofix.TXT (in attachment)

... oh and as a side note... I'm kind of concerned about one thing... you see...forums such as this one are amazing... the help you guys provide for others is just incredible, but there is one issue...
As you guys are advising to copy and paste bunch of logs, from hijackThis and... all of the others, it is becoming harder and harder to find specific information thru the search.

When I'm trying to learn something about a particular process, or software issue, and I type that name into a search... I get floaded with thousands of posts,where hijackThis logs are, but they have nothing to do with my actual interest... because everyone has that software installed, and once they post a log, their post comes up in a quarry. And you can't just (minus) hijackthis either, because that could eliminate a potential bullseye hit on the inquiry, only because someone there mentioned hijackthis while talking about their issue.

You know what I mean, right? Hey you guys are great either way, but I'm curious what's gonna happen in a few years... That's why I'm attaching my .log. The issue is still visible to everyone, but this way we do not trash our search "environment". Think about it.


Take care.

Attached Files


Edited by raf96, 29 November 2011 - 06:50 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 04 December 2011 - 05:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429831 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 09 December 2011 - 05:55 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users