Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using Combofix with multiple Users


  • Please log in to reply
5 replies to this topic

#1 RobinHoodSnr

RobinHoodSnr

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:01:27 AM

Posted 09 October 2012 - 07:33 AM

When an infected pc has more than 1 user, should ComboFix be run on EACH user, or can you just use the ADMINISTRATOR account?
...tia

...We all know something...but we will NEVER know everything :grinner:

 

Cryptlocker "Process" remover...will NOT delete Cryptolocker, only the processes...( a "safety precaution" I took for those who still want to "try" paying the ransom to get their files back. DON'T FORGET TO MONITOR YOUR TIME LEFT BEFORE PAYMENT! )

 

("KillCrypt" will automaticly open %appdatadir%...just guide this to Cryptolocker-Virus and double-click on it. Remember...if you "restart" your system, the processes will be back...use this only for emergencies if you want to create a quick document. While this processes is killed, your docs wont get infected, but WILL be encrypted (unusable) when you restart the PC/Laptop OR clicking on the Virus again!!!)


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:27 AM

Posted 09 October 2012 - 11:38 PM

Hello -
If the question is not fully answered in the general Combofix text, I would leave that to a Malware Removal Expert in the Malware Removal Forum area.
General discussion on the use of Combofix, and the reasons for running the program, are not permitted on the open forum - Personal use can be dangerous
Is your computer currently infected ?? Please do not try any steps if unsure, just follow these directions >>

Please follow the instructions in ==>This Guide<== do steps 6-9

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Thank You -

Edited by noknojon, 09 October 2012 - 11:38 PM.


#3 RobinHoodSnr

RobinHoodSnr
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:01:27 AM

Posted 10 October 2012 - 12:35 AM

Hello -
If the question is not fully answered in the general Combofix text, I would leave that to a Malware Removal Expert in the Malware Removal Forum area.
General discussion on the use of Combofix, and the reasons for running the program, are not permitted on the open forum - Personal use can be dangerous
Is your computer currently infected ?? Please do not try any steps if unsure, just follow these directions >>

Please follow the instructions in ==>This Guide<== do steps 6-9

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Thank You -


Thanks noknojon

...We all know something...but we will NEVER know everything :grinner:

 

Cryptlocker "Process" remover...will NOT delete Cryptolocker, only the processes...( a "safety precaution" I took for those who still want to "try" paying the ransom to get their files back. DON'T FORGET TO MONITOR YOUR TIME LEFT BEFORE PAYMENT! )

 

("KillCrypt" will automaticly open %appdatadir%...just guide this to Cryptolocker-Virus and double-click on it. Remember...if you "restart" your system, the processes will be back...use this only for emergencies if you want to create a quick document. While this processes is killed, your docs wont get infected, but WILL be encrypted (unusable) when you restart the PC/Laptop OR clicking on the Virus again!!!)


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 11 October 2012 - 06:04 AM

There is no need to run CF for each user account.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 RobinHoodSnr

RobinHoodSnr
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:01:27 AM

Posted 23 October 2013 - 01:03 PM

There is no need to run CF for each user account.

...thanks quietman7


...We all know something...but we will NEVER know everything :grinner:

 

Cryptlocker "Process" remover...will NOT delete Cryptolocker, only the processes...( a "safety precaution" I took for those who still want to "try" paying the ransom to get their files back. DON'T FORGET TO MONITOR YOUR TIME LEFT BEFORE PAYMENT! )

 

("KillCrypt" will automaticly open %appdatadir%...just guide this to Cryptolocker-Virus and double-click on it. Remember...if you "restart" your system, the processes will be back...use this only for emergencies if you want to create a quick document. While this processes is killed, your docs wont get infected, but WILL be encrypted (unusable) when you restart the PC/Laptop OR clicking on the Virus again!!!)


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 23 October 2013 - 06:55 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users