Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange hijack of Combofix Folder on drive


  • Please log in to reply
3 replies to this topic

#1 Dibleyman

Dibleyman

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 01 April 2012 - 05:28 AM

Not sure If I have a continued problem.

Had an issue a couple days ago. Rainmeter started using 100% CPU for no apparent reason. After running both Malwarebytes and SuperAntiSpyware, I found "pup.bundleinstaller.dl" and successfully removed it.

Today, had continued trouble. Taking these extra steps...
1. Ran Marwarebytes again...pup.bundleinstaller was back...it had hidden in a system restore file.
2. Deleted all system restore points
3. Uninstalled rainmeter and deleted all associated files
4. Ran both Malwarebytes and Antispyware...caught one remaining copy.

Everything seems fine, although Windows Explorer is very sluggish, but that's been coming on for weeks. Could be related? All this raises my suspicions of something else.

I had a copy of Combofix in a folder on my C Drive from an issue over a year ago. While searching through the files, I noticed that the Combofix folder no longer registers as a folder by Windows Explorer, and it's view duplicates the "My Computer" view (C Drive, My Documents, etc). TO BE CLEAR..I did not run Combofix (couldn't get to it, even if I wanted to). I've attached a screenshot.

I would guess that a virus or malware of some kind would be responsible for "hiding" the Combofix files, but can't find anything. I have run the DDS and GMER in preparation, and to see if I could spot anything.

Does this alarm anyone else or is there a simple explanation?

IBM Pentium D 2.88GHz
2.98 Gb Ram
Windows XP v.2002
SP3
Picture URL: https://ssl-proxy-updated.herokuapp.com/ffa02d6d6abe998fd3e7e65eb5075c3383e60ee1/687474703a2f2f646c2e64726f70626f782e636f6d2f752f32333730333337302f5468656d65732f4578706c6f726572253230342e312e6a7067/
Posted Image
Thank You

Edited by Dibleyman, 01 April 2012 - 05:29 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:33 AM

Posted 01 April 2012 - 02:27 PM

Hello ,please repost this here.... Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the DDS and GMER logs you have.

Let me know if that went well.

Edited by boopme, 01 April 2012 - 02:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dibleyman

Dibleyman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 01 April 2012 - 02:53 PM

I was just going to edit the post.

I was wrong about having a GMER report, and attempted to complete one 4 times. Each attempt would successfully scan for 1 to 2 hours (30% of files) then would suddenly shut down and reboot.

I figured a few things out overnight, and managed to get the computer booted into safe mode. I'm 3 hours into. GMER scan of the files, so far so good. Did get one complete last night for everything but the files.

HOWEVER... if I'm reading the report correctly, I have multiple issues, trojans, etc. I will post to the other forum as soon as GMER completes.

(on a frustrating side note... I've always been very careful, scanned every download, only visited trustworthy sites, have a good firewall and ran one of three different anti-virus scans every week. This has been an ugly revelation)

thank you

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:33 AM

Posted 01 April 2012 - 04:34 PM

If GMER fails,just post the rest and mention it wouldn't run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users