Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i ran combofix on win 8. will i be able to fix windows?


  • Please log in to reply
9 replies to this topic

#1 BartMan__X

BartMan__X

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 28 June 2013 - 09:53 AM

like an idiot i ran combofix on windows 8 and of course it wouldnt restart afterwards.

is there any hope for getting it to boot again?

 

ive got multi boot setup : win 8 32bit , win 8 64bit and Ubuntu 12.04

the 32 bit win 8 is the one i trashed and also my preferd setup.

 

im able to boot into win 8 64bit and ubuntu and can access the files on the patrition that wont boot.

i tryed to restore but it just showed the win logo for a little over 3 hours and that was all.

 

ive used combofix many times in the past on other versions and never had any problems

but this time i guess i should have read up on combofix and win 8.

 

if anybody can help me with this let me know.


Edited by BartMan__X, 28 June 2013 - 10:00 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 28 June 2013 - 04:19 PM

How did you even get it to run in Windows 8? Did you change its compatibility mode?

Submit a copy of the combofix.txt log located in the C:\ drive to http://www.bleepingcomputer.com/submit-malware.php?channel=3 and we can see what can be done.

Also if you can submit a dir listing of C:\Qoobox that would be helpful too.

#3 slgrieb

slgrieb

  • Members
  • 270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas Panhandle
  • Local time:08:23 AM

Posted 29 June 2013 - 09:35 PM

The last time I tried running it under Win8, Combofix simply generated an error message that it wasn't compatible with the current version of Windows. BartMan_X it's very interesting that you have a system that runs both 32 bit and 64 bit versions of Windows 8. Honestly, can anyone be expected to believe you aren't running pirated software?


Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is... 
WIFFLEBALL!

 


#4 BartMan__X

BartMan__X
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 30 June 2013 - 12:47 PM

@Grinler
No i didnt run it in compatibility mode.
 
i know this is more than you asked for heres the combofix.txt file .. but it wasnt on the root of the drive it was in the combofix folder
ComboFix 13-06-27.02 - BartMan__X 06/27/2013  18:34:19.1.4 - x86
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3493.2228 [GMT -5:00]
Running from: C:\Users\BartMan__X\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
and heres the contents of the qoobox dir
 


06/30/2013  12:11 PM    <DIR>          .
06/30/2013  12:11 PM    <DIR>          ..
06/27/2013  06:33 PM    <DIR>          BackEnv
06/27/2013  06:58 PM    <DIR>          LastRun
06/10/2013  09:34 AM    <DIR>          Quarantine
06/27/2013  06:52 PM    <DIR>          Test
06/10/2013  09:32 AM    <DIR>          TestC
               1 File(s)              0 bytes
               7 Dir(s)  209,908,981,760 bytes free
ill get the contents of those dirs if needed ..
 
@ slgrieb 
 
i bought the laptop used .. it had win 8 32 bit on it .. it came with win 7 64 bit. originally.. so i created another partition, downloaded win 7 64 bit from microsoft installed it with the original  key on the laptop .. upgraded to win 8 from microsoft .. no pirated os here

Edited by Grinler, 01 July 2013 - 01:32 PM.


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 01 July 2013 - 01:34 PM

Is that the entire contents of the Combofix.txt file?

Please give a full listing of all the folders under qoobox. You can use the attached batch file as a way of generating the listing.

Attached Files

  • Attached File  qoo.bat   74bytes   4 downloads


#6 BartMan__X

BartMan__X
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2013 - 01:39 PM

 Volume in drive E has no label.
 Volume Serial Number is AEE7-5CA5

 Directory of e:\qoobox

07/01/2013  01:36 PM    <DIR>          .
07/01/2013  01:36 PM    <DIR>          ..
06/27/2013  06:33 PM    <DIR>          BackEnv
06/27/2013  06:58 PM    <DIR>          LastRun
07/01/2013  01:37 PM                74 qoo.bat
06/10/2013  09:34 AM    <DIR>          Quarantine
06/27/2013  06:52 PM    <DIR>          Test
06/10/2013  09:32 AM    <DIR>          TestC
               2 File(s)            649 bytes

 Directory of e:\qoobox\BackEnv

06/27/2013  06:33 PM    <DIR>          .
06/27/2013  06:33 PM    <DIR>          ..
06/27/2013  06:33 PM               161 AppData.folder.dat
06/27/2013  06:33 PM               307 Cache.folder.dat
06/27/2013  06:33 PM                65 Cookies.folder.dat
06/27/2013  06:33 PM               111 Desktop.folder.dat
06/27/2013  06:33 PM               119 Favorites.folder.dat
06/27/2013  06:33 PM                63 History.folder.dat
06/27/2013  06:33 PM               135 LocalAppData.folder.dat
06/27/2013  06:33 PM               135 LocalSettings.folder.dat
06/27/2013  06:33 PM                54 Music.folder.dat
06/27/2013  06:33 PM                75 NetHood.folder.dat
06/27/2013  06:33 PM               119 Personal.folder.dat
06/27/2013  06:33 PM               115 Pictures.folder.dat
06/27/2013  06:33 PM                75 PrintHood.folder.dat
06/27/2013  06:33 PM               197 Profiles.Folder.dat
06/27/2013  06:33 PM               268 Profiles.Folder.folder.dat
06/27/2013  06:33 PM               424 Programs.folder.dat
06/27/2013  06:33 PM                64 Recent.folder.dat
06/27/2013  06:33 PM                64 SendTo.folder.dat
06/27/2013  06:33 PM             6,289 SetPath.bat
06/27/2013  06:33 PM               306 StartMenu.folder.dat
06/27/2013  06:33 PM               472 StartUp.folder.dat
06/27/2013  06:32 PM               829 SysPath.dat
06/27/2013  06:33 PM               301 Templates.folder.dat
06/10/2013  09:34 AM             2,156 VikPev00
              24 File(s)         12,904 bytes

 Directory of e:\qoobox\LastRun

06/27/2013  06:58 PM    <DIR>          .
06/27/2013  06:58 PM    <DIR>          ..
06/27/2013  06:58 PM                 0 CregC.old
06/27/2013  06:58 PM                 0 d-del4AV.dat
06/27/2013  06:58 PM             6,103 drev_.dat
06/27/2013  06:58 PM                51 drev_F.dat
06/27/2013  06:31 PM                10 erunt.dat
06/27/2013  06:33 PM                14 Gateway
06/27/2013  06:54 PM                 0 RenVDel.dat
06/27/2013  06:34 PM               117 SvcTarget.dat
06/27/2013  06:58 PM                 0 zhsvc.old
               9 File(s)          6,295 bytes

 Directory of e:\qoobox\Quarantine

06/10/2013  09:34 AM    <DIR>          .
06/10/2013  09:34 AM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          C
06/27/2013  06:34 PM               113 catchme.log
06/27/2013  06:34 PM               512 MBR_HardDisk0.mbr
06/27/2013  06:54 PM    <DIR>          Registry_backups
               2 File(s)            625 bytes

 Directory of e:\qoobox\Quarantine\C

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Program Files
06/27/2013  06:57 PM    <DIR>          ProgramData
06/27/2013  06:57 PM    <DIR>          Users
06/27/2013  06:57 PM    <DIR>          Windows
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Program Files

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          ZooskMessenger
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Program Files\ZooskMessenger

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/24/2013  09:22 AM           142,336 ZooskMessenger.exe.vir
               1 File(s)        142,336 bytes

 Directory of e:\qoobox\Quarantine\C\ProgramData

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Roaming
06/27/2013  06:57 PM    <DIR>          SysApp
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\ProgramData\Roaming

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\ProgramData\SysApp

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
10/13/2012  04:17 PM             9,662 icon1_48_ico_rgba.ico.vir
10/13/2012  04:17 PM           173,568 Ionic.Zip.Reduced.dll.vir
10/13/2012  04:17 PM           225,280 Janus.Data.v3.dll.vir
10/13/2012  04:17 PM           208,896 Janus.Windows.Common.v3.dll.vir
10/13/2012  04:17 PM         1,404,928 Janus.Windows.GridEX.v3.dll.vir
08/03/2006  04:12 PM           110,592 NDde.dll.vir
10/13/2012  04:17 PM               144 SysAppInstaller.exe.config.vir
10/13/2012  04:17 PM            54,272 SysAppInstaller.exe.vir
10/13/2012  04:17 PM               942 SysDir.exe.config.vir
10/13/2012  04:17 PM         6,799,360 SysDir.exe.vir
05/26/2013  12:08 PM             2,597 SysDir.InstallState.vir
10/13/2012  04:17 PM            45,879 TheBestLicence.rtf.vir
              12 File(s)      9,036,120 bytes

 Directory of e:\qoobox\Quarantine\C\Users

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          BartMan__X
06/27/2013  06:57 PM    <DIR>          BARTMA~1
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          AppData
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X\AppData

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Local
06/27/2013  06:57 PM    <DIR>          Roaming
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X\AppData\Local

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Microsoft
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X\AppData\Local\Microsoft

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Windows
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X\AppData\Local\Microsoft\Windows

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Temporary Internet Files
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X\AppData\Local\Microsoft\Windows\Temporary Internet Files

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
05/22/2013  05:08 PM           508,928 ApnStub.exe.vir
               1 File(s)        508,928 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BartMan__X\AppData\Roaming

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  05:51 PM             7,346 system_32.exe.tmp.vir
06/02/2013  12:56 PM           484,864 system_32.exe.vir
               2 File(s)        492,210 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BARTMA~1

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          AppData
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BARTMA~1\AppData

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Local
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BARTMA~1\AppData\Local

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Temp
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BARTMA~1\AppData\Local\Temp

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          _MEI45362
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Users\BARTMA~1\AppData\Local\Temp\_MEI45362

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:16 PM           127,488 pyexpat.pyd.vir
06/27/2013  06:17 PM           557,056 pysqlite2._sqlite.pyd.vir
06/27/2013  06:17 PM         2,436,608 python27.dll.vir
06/27/2013  06:16 PM           364,544 pythoncom27.dll.vir
06/27/2013  06:16 PM           110,080 PyWinTypes27.dll.vir
06/27/2013  06:16 PM            10,240 select.pyd.vir
06/27/2013  06:16 PM           686,080 unicodedata.pyd.vir
06/27/2013  06:17 PM            98,816 win32api.pyd.vir
06/27/2013  06:17 PM           320,512 win32com.shell.shell.pyd.vir
06/27/2013  06:17 PM            11,264 win32crypt.pyd.vir
06/27/2013  06:16 PM            18,432 win32event.pyd.vir
06/27/2013  06:16 PM           119,808 win32file.pyd.vir
06/27/2013  06:16 PM            38,912 win32inet.pyd.vir
06/27/2013  06:16 PM            25,600 win32pdh.pyd.vir
06/27/2013  06:16 PM            35,840 win32process.pyd.vir
06/27/2013  06:17 PM            17,408 win32profile.pyd.vir
06/27/2013  06:16 PM           108,544 win32security.pyd.vir
06/27/2013  06:17 PM            22,528 win32ts.pyd.vir
06/27/2013  06:17 PM         1,022,416 windows._cacheinvalidation.pyd.vir
06/27/2013  06:16 PM         1,062,400 wx._controls_.pyd.vir
06/27/2013  06:16 PM         1,175,040 wx._core_.pyd.vir
06/27/2013  06:17 PM           805,888 wx._gdi_.pyd.vir
06/27/2013  06:17 PM            70,656 wx._html2.pyd.vir
06/27/2013  06:16 PM           735,232 wx._misc_.pyd.vir
06/27/2013  06:16 PM           811,008 wx._windows_.pyd.vir
06/27/2013  06:16 PM           122,368 wx._wizard.pyd.vir
06/27/2013  06:17 PM           154,112 wxbase294u_net_vc90.dll.vir
06/27/2013  06:17 PM         1,985,024 wxbase294u_vc90.dll.vir
06/27/2013  06:17 PM         1,234,944 wxmsw294u_adv_vc90.dll.vir
06/27/2013  06:17 PM         4,598,272 wxmsw294u_core_vc90.dll.vir
06/27/2013  06:17 PM           595,968 wxmsw294u_html_vc90.dll.vir
06/27/2013  06:17 PM            91,648 wxmsw294u_webview_vc90.dll.vir
06/27/2013  06:16 PM            87,040 _ctypes.pyd.vir
06/27/2013  06:17 PM           128,512 _elementtree.pyd.vir
06/27/2013  06:16 PM           711,680 _hashlib.pyd.vir
06/27/2013  06:17 PM            26,624 _multiprocessing.pyd.vir
06/27/2013  06:17 PM            44,032 _socket.pyd.vir
06/27/2013  06:16 PM         1,153,024 _ssl.pyd.vir
              38 File(s)     21,725,648 bytes

 Directory of e:\qoobox\Quarantine\C\Windows

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/21/2013  12:46 PM                25 config.ini.vir
06/27/2013  06:57 PM    <DIR>          System32
               1 File(s)             25 bytes

 Directory of e:\qoobox\Quarantine\C\Windows\System32

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          Drivers
06/27/2013  06:57 PM    <DIR>          spool
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Windows\System32\Drivers

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          etc
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Windows\System32\Drivers\etc

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
05/24/2013  04:16 PM               375 hosts.ics.vir
               1 File(s)            375 bytes

 Directory of e:\qoobox\Quarantine\C\Windows\System32\spool

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          prtprocs
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Windows\System32\spool\prtprocs

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/27/2013  06:57 PM    <DIR>          w32x86
               0 File(s)              0 bytes

 Directory of e:\qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86

06/27/2013  06:57 PM    <DIR>          .
06/27/2013  06:57 PM    <DIR>          ..
06/06/2013  01:24 AM            19,448 TeamViewer_PrintProcessor.dll.vir
               1 File(s)         19,448 bytes

 Directory of e:\qoobox\Quarantine\Registry_backups

06/27/2013  06:54 PM    <DIR>          .
06/27/2013  06:54 PM    <DIR>          ..
06/27/2013  06:54 PM            20,007 tcpip.reg
               1 File(s)         20,007 bytes

 Directory of e:\qoobox\Test

06/27/2013  06:52 PM    <DIR>          .
06/27/2013  06:52 PM    <DIR>          ..
               0 File(s)              0 bytes

 Directory of e:\qoobox\TestC

06/10/2013  09:32 AM    <DIR>          .
06/10/2013  09:32 AM    <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
              95 File(s)     31,965,570 bytes
              98 Dir(s)  209,796,218,880 bytes free


#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 01 July 2013 - 02:22 PM

I am not seeing anything that would cause the computer not to boot properly. I do notice that it create a MBR backup. Can you submit e:\qoobox\Quarantine\MBR_HardDisk0.mbr here:

http://www.bleepingcomputer.com/submit-malware.php?channel=3

Thanks

#8 BartMan__X

BartMan__X
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2013 - 03:17 PM

I am not seeing anything that would cause the computer not to boot properly. I do notice that it create a MBR backup. Can you submit e:\qoobox\Quarantine\MBR_HardDisk0.mbr here:

http://www.bleepingcomputer.com/submit-malware.php?channel=3

Thanks

Submitted .. thanks for the help



#9 BartMan__X

BartMan__X
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 08 July 2013 - 10:29 AM

Have you had a chance to check out the file yet?



#10 rd1947

rd1947

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 16 July 2013 - 03:49 PM

I also tried useing Combofix and got a screen saying it was not comatable with windows 8. What program can I use to replace combofix?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users