Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix removes "WebServer" folder


  • This topic is locked This topic is locked
2 replies to this topic

#1 UrosG

UrosG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 04 April 2012 - 07:29 AM

Hi,

I'd just like to post a warning maybe that ComboFix removes any "WebServer" folder it finds.
I had installed AMPPS on my computer in %PROGRAMFILES%\WebServer folder and ComboFix deleted it.

I am just curious why is the "webserver" folder an unlegitimate thing for ComboFix?

Now I have a chance to test my backup solution if it works ;)

Re, Uros

EDIT: Sorry - posted in wrong forum if possible please move to Security\AntiVirus, Firewall and Privacy Products and Protection Methods

Edited by UrosG, 04 April 2012 - 07:30 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 05 April 2012 - 10:15 AM

Hi

I suspect that you did not respect the warning the the tool should not be used unless suggested by a qualified helper.

Having said that ComboFix can restore any item that it removes.

If you still have the ComboFix log please post it here.

In the event that you still have the ComboFix tool and that the quarantined folder is still available I'm sure that we can restore it.

I will then refer the matter to the owner of the tool.

If ComboFix was removed please run this tool.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image


Identify the item(s) that were removed by ComboFix for our review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 11 April 2012 - 09:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users