Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Perfection with a mini hiccup


  • This topic is locked This topic is locked
11 replies to this topic

#1 hkb

hkb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 08 April 2013 - 03:53 PM

Hi,

 

Been using Combofix for years. It works, it's unbelievable. But there's a hitch. 

 

- I contracted a browser hijack, effectively detouring Chrome, IE, and Firefox. 

- My copy of Combofix was outdated by a few day and could not get to a url to download. 

- I click yes to run in minimal mode and it doesn't. It hasn't run in minimal mode on several

  pc's in a very long time...

 

Not running in minimal mode is a real problem with any hijack/redirect malware running.

 

Regardless, got the latest version using an old notebook and it cleaned the items responsible.

11 minute scan on 1TB drive

 

This is the only issue that can make things worry some. 

==============

 

1 other question.

 

Can anyone tell me why Wordaizer Pro and Textaizer Pro are considered malware? I've had textaizer on my computer since the XP days and it never was considered malware by anything other then Combofix. Can someone tell me what I'm missing? (mosaizer.com/Textaizer)

 

Thanks,

hkb

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 13 April 2013 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/491122 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 AM

Posted 19 April 2013 - 08:05 PM

Are you still there?


Posted Image
m0le is a proud member of UNITE

#4 hkb

hkb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 19 April 2013 - 09:53 PM

I'm here!

 

The problem is that if I have an outdated Combofix and can't access the internet Combofix won't run in it's lesser capacity mode.

 

I did get it to run one time by erasing all old data it placed in the root directory from a prior run. But that didn't work the last time.

 

Also, I err'd. What I catch every long while is more like a LAN misdirect, A clean computer could not wifi connect through the modem either, it got the same events in any browser, hence my LAN assumption. I'd get familiar looking AT&T network pages saying problem with connection, and the url's have \aha at the end. That's the worst thing has happened for years. For that I'm lucky.

 

PC is clean again/now and still have the files Combofix removed. 

 

So my problem isn't truly malware related, it's just about combofix runner it's lesser mode if most recent can't be had.

 

This problem existed for me only with Win 7.

 

Thanks



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 AM

Posted 20 April 2013 - 05:17 AM

it's just about combofix runner it's lesser mode if most recent can't be had.

 

Can you explain this a bit more, I'm not sure I understand the problem


Posted Image
m0le is a proud member of UNITE

#6 hkb

hkb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 April 2013 - 01:48 PM

When you run Combofix it checks to see if it's outdated. If it is it asks if you want to download the latest version or in a more restricted mode. I forgot the exact wording. Take a 36 day old version of Combofix, run it and you'll see exactly what it says. The problem has been that it starts this alternate mode, but then just stops with no notification. Really.

 

If the internet cannot be accessed for the download of a recent version (the connection is connected but accessing almost anything through a browser is not possible) then a person would be crippled. That would be the malware at work. I saved copies if you wanted to see that particular malware's files.

 

So the problem is when infected with that type malware, and I'm only equiped with a 35 day old copy of Combofix (outdated), Combofix will not run as it should (and has in the past prior to Win 7).



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 AM

Posted 20 April 2013 - 08:37 PM

I understand Combofix I just didn't understand what you said. Really, you should not be using this program without support.

If you had access to a clean machine then you can transfer the a new copy of Combofix to the infected machine via a flashdrive. You would uninstall the old version first, of course. So it's not disabled just because you have no internet access.
Posted Image
m0le is a proud member of UNITE

#8 hkb

hkb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 April 2013 - 11:12 PM

Appreciate the answer. After near 30 years of fixing, building and more, do you think I don't have copies of copies on flash drives back up certian things). Also had a clean old notebook.

 

Which only I just realized you helped me come up with exactly what I DIDN'T do and should have. Even though the NB was clean, I just plugged it into the back of the modem so the local network was for all intents still being controlled by The Win 7 machine and the same bad result occurred on the clean machine.... If I had disconnected the modem from the infected pc it would have had a clean connection with no local problems. 

 

That's a large 'what was I thinking', I should have thought of that in the first place. And thanks for that!

 

Regardless, an outdated version of Combofix should run and didn't. Seeing how it sometimes does work in it's outdated mode I can only assume it's a once in a while version specific issue.

 

So I have 2 simple question that I can't figure, yet would help avoid future issues... How often does Combofix update? I'd say once a month but I see updated versions 10 and 15 days later, sometimes.

 

Thanks,

hkb



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 AM

Posted 21 April 2013 - 06:40 PM

There's a time limit on each version of ten days but you're right that older versions should run, though in reduced functionality mode. Looks like a one-off issue that could be caused by any number of things which the developer would, understandably, rather keep quiet.
Posted Image
m0le is a proud member of UNITE

#10 hkb

hkb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 21 April 2013 - 10:22 PM

Well he can keep quiet all he wants cause what he does is brilliant. He does, without elaborate hoopla and UI does what no other app is quite capable of, Removing malware. bugs, virii, whatever.

 

I one time did a test to see what antivirus and malware programs could remove 2 different virus's (malware). No surprise, none could remove them. Combofix did without a hitch... I can't imagine how many repair guys do a format when they don't have to...

 

Anyways thank you for the info. I guess I'll just have to check for updates more often. If I could put that on auto-pilot I would.

 

Thanks again.

Keith



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 AM

Posted 22 April 2013 - 02:12 PM

You're welcome, Keith :)
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 AM

Posted 28 April 2013 - 07:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users