Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop combo fix from doing MBR check


  • Please log in to reply
12 replies to this topic

#1 leexgx

leexgx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 May 2012 - 12:12 PM

any tool that i run an MBR check on this system i am trying to fix after fake HDD scareware (sets all files to system hidden and says you got bad sectors and asks for money to fix it)

but any tool that looks at the MBR results in the HDD disk stopping i done the FIXMBR and FIXBOOT command and they worked but still does not allow me to run any MBR tools (mbr.exe combofix)

i just want combofix to run with out checking the MBR as i want to to fix the broken desktop, i am not getting any google redirect issues that norm happens when you have TDS serv rootkit on the system

Edited by leexgx, 13 May 2012 - 12:15 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:10 PM

Posted 13 May 2012 - 12:42 PM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#3 leexgx

leexgx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 May 2012 - 12:48 PM

just do not want the MBR part of combofix not to run(just the nombr flag), as there is no MBR rootkit issue more likely issue with system and combofix

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:10 PM

Posted 13 May 2012 - 01:04 PM

Please follow the guide and post your malware topic.

Also:

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

What specific issues are you having that requires using ComboFix?

Compliments of QuietMan7

#5 leexgx

leexgx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 May 2012 - 01:19 PM

I will be leaving this pc in an short time (next 10 mins ) I am perfectly fine running combo fix on pcs that have this issue with fake virus scanners

why I was wanting the no mbr part as it normally an mbr rootkit that stops combofix from checking it, I have manually removed the fake hdd error software and used attrib -h -s to unhideing files and malware bytes to correct group policy that was preventing desktop and start emule from showing (but I did not want to as it shows files that should not be hidden)

I get an i/o error when the mbr tool runs then hdd stops and combo fix uses the same tool so it hangs the hdd

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:10 PM

Posted 13 May 2012 - 01:22 PM

Unfortunately the author of the tool does not want information on how Combofix works on public forums. This is in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. That's the decision by the creator and we will abide by that decision.

The only public information that is available can be found at this guide:

How to use ComboFix

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#7 leexgx

leexgx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 May 2012 - 01:32 PM

The issue with the mbr on this system is not affecting pc (no malware/virus or Google redirect ) as the other tools have corrected the other issues, just I did not want use the attrib on the whole disk as it unhides all system files (that I have had to do

I just tell the customer to use Google Chrome so not to get automated installs again (ie 8 + bad site = viruses pc)

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:10 PM

Posted 13 May 2012 - 01:40 PM

Anything + bad site = Infected PC using another browser doesn't immune you from infection. Good computing practices is about the only way to prevent infections of any kind.

Also with Fake HDD and other infections like it usually a rootkit is accompanied with it so the author can control the PC from a remote location and gather data such as usernames and passwords to bank accounts and credit card's.

Edited by cryptodan, 13 May 2012 - 01:41 PM.


#9 leexgx

leexgx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 May 2012 - 01:45 PM

But in this case it was an automated install via of bad fake sector malware via IE user landed on the site user did no action to install it

at least on Google Chrome the user has to download it and install it, then it becomes his own fault

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:10 PM

Posted 13 May 2012 - 01:52 PM

Not entirely true, malware can be installed via any means and can be done stealthfully without the users intervention. It can download and self execute regardless of the browser used.

#11 leexgx

leexgx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 May 2012 - 02:14 PM

I would say by many means not any means and most exploits under FireFox, opera and Chrome required user action to run it (or out of date flash or java that I mostly mitigate by having click to play enabled under Chrome and opera)

But that's more unlikely under Google Chrome compared to IE to get automated stuff running (but not impossible)

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:10 PM

Posted 14 May 2012 - 06:23 PM

Users don't have to do anything but visit a site to become infected. It doesn't matter what browser is used.

One of the sneakiest scams among cybercrooks these days involves malicious advertisements that can infect a computer with nasty software even if a person merely happens onto a website where the ads appear and doesn't click on them.


The above quote from Malicious online ads target consumers By Steve Johnson of MercuryNews.com on 05/14/2012

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 leexgx

leexgx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 14 May 2012 - 09:20 PM

just in my line of of work fixing pcs and removing malware off pcs (that i am quite good at) the issue is and still is IE allowing an automated install to happen, if the user was using Chrome, Opera or Firefox i never see these issues happen Unless they Download it and then run it, I ask them how there pc got infected so I know they did the action to run the bad program (then its the users own fault for running it) or if it was an page view using IE that in most if not all cases viewing the site was that did it

the news link is an interesting read but most of it is related to IE users and out of date flash or java, i have yet found an bad site that works under chrome or Opera (with out user action to run it)

google was dishing out there search ads some months ago that was leading to crafty set-up pages that install stuff on users pcs (that got me a lot of customers that month removing loads of fake antivirus software 98% of it was quite simple stuff (to me any way), the worst one was the UK Police one was an nuance to remove)

any way only asked for the flag that stops combofix from doing an MBR.exe tool check as it has happened before that i have been unable to get combo fix past the MBR check (not how combofix works from the ground up) as it was making the disk stop dead when the MBR was accessed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users