Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Deleted EVERYTHING, Even IE & System Restore


  • Please log in to reply
7 replies to this topic

#1 MajorHelpNeeded

MajorHelpNeeded

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 July 2012 - 10:54 AM

I've used Combofix on multiple different computers, but when I used it last night, it deleted EVERYTHING. The only thing it seemed to keep were my music and pictures. Everything that's considered an application has been marked for deletion. Every time I try to open something, a box comes up that says "[Insert file location here] Illegal operation attempted on a registry key that has been marked for deletion". I can't even get on the internet because IE, Chrome, and Firefox have all been marked for deletion as well. I panicked a bit, and then decided the safest thing I could do would be to back up everything I absolutely could on a flash drive and do a system restore. However, when I went to click on the "System Restore" application, it had been deleted as well! I'm stuck! My laptop is absolutely useless right now. I'm currently using a friend's computer to type this topic. Please help me, my whole life is on that laptop. I CANNOT lose everything! I'm running Windows 7 Home Premium.

Edited by hamluis, 19 July 2012 - 12:26 PM.
Moved from Am I infected to AV, Firewall, etc. - Hamluis.


BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:40 AM

Posted 19 July 2012 - 10:59 AM

Since you used Combofix:

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

#3 MajorHelpNeeded

MajorHelpNeeded
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 July 2012 - 11:04 AM

Thanks Jimbob85, but I think you're missing one important factor: I'm not using the computer I ran Combofix on. I'm using a friend's. The computer that I've messed up cannot even get onto the internet. However, I've found a way to run System Restore. Should I just do that? I really don't mind losing everything I have.. as long as my pictures and things I can't ever get back are backed up (which they are).

#4 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:03:40 AM

Posted 19 July 2012 - 11:13 AM

restart the computer. do not do anything else.
Posted Image

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 AM

Posted 19 July 2012 - 11:28 AM

If you think the items were deleted because you get this message "Illegal operation attempted on a registry key that has been marked for deletion", then as herg62123 said, all you have to do is reboot your computer and it will work properly.

#6 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:40 AM

Posted 19 July 2012 - 12:03 PM

Let us know what a restart does. I was tempted to give the same advice but since CF is not allowed in this forum I decided against it. <_< Hope that helps get you back up and running!

#7 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:03:40 AM

Posted 19 July 2012 - 12:43 PM

According to the rules ComboFix is not to be used here but since it has been used and the marked for deletion is showing the only way to fix the issue is to restart the computer. Now if he posted the results we (non malware team members) can not help fix the issue. That is for the malware team only to do.
Posted Image

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:40 AM

Posted 19 July 2012 - 08:35 PM

FYI: The "Illegal operation attempted on a registry key that has been marked for deletion" message happens from time to time on Vista and Windows 7 machines. This is not a ComboFix specific problem as the message has also been reported when using other tools and sometimes when an Antivirus deletes files & registry entries that require a forced reboot.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users