Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidentally used ComboFix, having problems


  • This topic is locked This topic is locked
14 replies to this topic

#1 CatInTrouble

CatInTrouble

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 02:44 PM

Hi,

I'm not sure I have posted this in the correct location...please let me know if it is not in the correct place.

I hope that someone will be willing to help me out, in spite of me being a dummy when it comes to computer issues!

The beginning of my issue started when my computer picked up backdoor.generic14.cbjj a Trojan, yesterday. My free AVG detected it but was not able to get rid of it, so I started investigating other options. A google search of "Best Malware Removal" brought up a site, lifehacker.com, which listed their top five picks for malware removal. Combofix was recommended on the list. It didn't mention anything about the need for a helper while using Combofix, so I thought it was something I could do myself.

When I got to bleepingcomputer.com, I saw the section entitled, "Using Combofix". Unfortunately, I somehow missed the introduction, and the words You should not run ComboFix unless you are specifically asked to by a helper. I honestly did not realize the risk in using the program and most definitely would not have used it alone had I seen this warning. I am not a person with much computer knowledge and would not have risked the health of my computer had I known the seriousness involved with Combofix. (I take responsibility for not seeing the warning, I don't know how I missed it.)

Continuing, I uninstalled AVG so Combofix would work. A textbox kept coming up that CF detected AVG even though I had uninstalled it, but I continued on with Combofix. Following the instructions on bleepingcomputer, Combofix ran and produced a log. The log had identified the Trojan and cleaned it, so I thought it was fine. I then decided to get a new antivirus program, so I bought Bitdefender Total Security and installed it on my computer. Everything seemed to be going smoothly until I tried to uninstall Combofix. Following the directions, I noticed that CF seemed to be running again instead of uninstalling so I X'd out of it. No text box had come up stating the Combofix was in fact uninstalled, and I'm not sure that it is.

The biggest problem at the moment is that I am unable to connect to the Internet on that computer. I followed the instructions on the Combofix page on how to manually restore the connection, but it didn't work.

I am currently doing a full scan with Bitdefender and am awaiting the results to see if I still have the virus and if it picks up anything else being wrong with the system.

I am humbly asking for help in figuring out what is going on with everything. I definitely will not run Combofix again without proper guidance. I understand that if my computer gets messed up it's my own fault for not noticing the warning. Nonetheless, I hope you would try to help me.

Thank you,

CatInTrouble

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 AM

Posted 11 December 2011 - 02:48 PM

Hello having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 03:06 PM

Thank you for your prompt reply. However, I am unable to connect that computer to the Internet in order to send the logs you have requested. (I am using a different one for this forum.) Is there anything I can do from here?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 AM

Posted 11 December 2011 - 04:17 PM

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns


WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.

Edited by boopme, 11 December 2011 - 04:17 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 07:30 PM

Hi,

I tried all three methods you listed, but none seem to be restoring the internet connection. It seems that each of them deny the commands with the following statement "The requested operation requires elevation (Run as administrator)."

The ipconfig /flushdns command did the following "Successfully flushed the DNS Resolver Cache." However, still no internet connection.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 AM

Posted 11 December 2011 - 07:46 PM

Are you using Vista?

After clicking Start ... and type in cmd ,,,right click on the cmd.exe that comes up and select Run as Administrator.
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 07:55 PM

I am using Windows 7 Starter, which is what came on my netbook. I figured out the cmd and "Run as Administrator" thing, now I am just waiting for it to restart.

#8 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 07:58 PM

Shoot, I did all of those things, yet the internet connection has not been restored. Hmmm.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 AM

Posted 11 December 2011 - 08:13 PM

ICan you try doing a Do a System Restore ti a date before this all started and see if the Internet comes back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 08:21 PM

I have my netbook and this computer networked. The internet is working fine for this computer. I even unplugged the modem, waited 10 seconds, then plugged it back in and while this computer connected back to the internet rather quickly, the netbook did not connect at all. The Windows troubleshooter is also stumped since unplugging the modem did not help the problem.

Sorry, didn't see your last post before posting the above. I will attempt a System Restore.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 AM

Posted 11 December 2011 - 08:28 PM

Ok, it is probably te malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 08:33 PM

Whilst trying to temporarily disable my Bitdefender Total Security 2012, as per system restore instructions, I investigated the numerous settings on the program and found the switch for the "Internet connection sharing" was set to "OFF", probably a default setting from when I bought it earlier today. The internet seems to be working now. It seems I won't need System Restore, then?

#13 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 08:41 PM

OK, so I am now looking at the Preparation Guide, steps 6 to 9 as your instructions. I see that Step 6 is "Disable your CD Emulation Software." Now, since my netbook has no CD drive, does that mean I don't do this step? Or is CD referring to something else?

#14 CatInTrouble

CatInTrouble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 December 2011 - 09:15 PM

Hi boopme,

I posted the DDS and Combofix logs in the Virus, Trojan, Spyware, and Malware Removal Logs as you instructed. I didn't post a detailed description of my issue because I figured you knew that was here on this thread. I hope you stick with me through this--I feel like much progress has already been made.

Thank you again,

CatInTrouble

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:19 AM

Posted 11 December 2011 - 10:04 PM

I see that Step 6 is "Disable your CD Emulation Software." Now, since my netbook has no CD drive, does that mean I don't do this step? Or is CD referring to something else?

CD Emulators are utilities like Daemon Tools, Alchohol 120%, Astroburn, AnyDVD. See Why we request you disable CD Emulation when receiving Malware Removal Advice.

I posted the DDS and Combofix logs in the Virus, Trojan, Spyware, and Malware Removal Logs

Your log(s) is posted here.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic until you are cleared by the Malware Response Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users