Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Sality?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Sidelines

Sidelines

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 26 February 2013 - 01:41 PM

I ran ComboFix today and when I did iexplorer.exe popped up multiple times not responding. Is ComboFix still infected with Sality, or was it possibly already on the machine?

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 28 February 2013 - 08:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


Posted Image
m0le is a proud member of UNITE

#3 Sidelines

Sidelines
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 28 February 2013 - 08:21 PM

Hey m0le. Thanks for the reply. What are these first instructions then?:)

Thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 01 March 2013 - 08:27 PM

The first instruction is to not run Combofix unless you are being supervised.

Second, why do you think you are infected by Sality?
Posted Image
m0le is a proud member of UNITE

#5 Sidelines

Sidelines
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 March 2013 - 08:30 PM

ComboFix was used under supervision, and also when it was run after extracting files iexplorer.exe came up multiple times not responding. (No iexplorer was running at the time) I know sality goes for .executable files, so I put 2 and 2 together.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 01 March 2013 - 08:33 PM

Okay, can you link to where Combofix was run under supervision. That will give me some clues as to what's happening on your mmachine
Posted Image
m0le is a proud member of UNITE

#7 Sidelines

Sidelines
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 March 2013 - 08:40 PM

This hasn't answered my question, my question was is ComboFix clean now? The computer in question was fixed. Since I work fixing computers regularly it would be nice to know whether ComboFix is actually clean, is there a chance ComboFix could still be infected?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 01 March 2013 - 08:50 PM

The infected Combofix on here was fixed. If you downloaded from elsewhere or from here before 29 January 2013 then it could still be infected.

However, I am unsure as to why you felt it necessary to lie about it being run under supervision. The warning is there for a good reason.
Posted Image
m0le is a proud member of UNITE

#9 Sidelines

Sidelines
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 March 2013 - 08:57 PM

Well, it was ran by a computer engineer who's been working fine with it for years, no lies were told here, m0le. It was downloaded after the 29th, it's a useful tool to have so it's good to keep updated, but if you're adamant that it was clean from after then I'll have to look at the pen it was run off. It only happened after ComboFix was run so alarm bells rang, but as I say. If you're 100% sure then that's all I need. But thanks for your help on this matter anyway:)

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 01 March 2013 - 09:12 PM

Here's the full post from the site owner, Grinler. It should help you to confirm that it is clean. :thumbup2:


Posted Image
m0le is a proud member of UNITE

#11 Sidelines

Sidelines
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 March 2013 - 09:16 PM

Thanks for the link:) It's good to know that it is fully clean and useable again. It's a very good tool for a person with the right knowledge. Thanks again m0le.:)

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 02 March 2013 - 04:59 AM

You're welcome, Sidelines :)
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:58 PM

Posted 07 March 2013 - 08:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users