Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix destroyed my PC! Help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 soumilrana

soumilrana

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 01 August 2013 - 01:49 PM

I was using Malwarebytes and it was unable to remove some backdoors and Malwares.
So i used ComboFix.
Now i am unable to open most of the Windows Services and all the applications.
It kind of destroyed all the .exe files.

How can i undo?
Please help! I have a movie in progress and it will get badly affected if it doesn't reverse.

 

Note: I am unable to open any text documents also.



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:04 AM

Posted 01 August 2013 - 02:08 PM

If you can boot into Safe Mode see if you can do a System Restore.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:04 PM

Posted 01 August 2013 - 02:35 PM

Do you get any error message when trying to run exe files?



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:04 PM

Posted 01 August 2013 - 03:23 PM

Post your ComboFix log at BC Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/forum22.html , along with a summary natrative of your situation, please.

 

Louis



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 PM

Posted 01 August 2013 - 08:56 PM

ComboFix should have saved that log to the root directory, usually C:\ComboFix.txt.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 soumilrana

soumilrana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 August 2013 - 10:20 AM

Guy's,
Thanks a lot for so many replies!
I don't know how but after restarting the PC 2-3 times, it's again back to normal.
This was the second time when i used ComboFix, the same thing happened last time; but was unable to bring it back to normal.
This time it seems fine.

Why does this happen that nothing works before restarting the PC multiple times?



#7 soumilrana

soumilrana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 August 2013 - 10:23 AM

BTW 
This was the log created by ComboFix.
I was unable to open this txt before

#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:04 AM

Posted 02 August 2013 - 10:37 AM

This was the second time when i used ComboFix, the same thing happened last time; but was unable to bring it back to normal.
 

 

This is why Combofix should only be run with the assistance of one our MRT members who are trained in the use of this program.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 soumilrana

soumilrana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 August 2013 - 10:45 AM

Oh well.
Even after treating my PC with ComboFix.
This Backdoor is still there

Malwarebytes REPORT - 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.02.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Soumil Rana :: SOUMIL [administrator]
 
Protection: Disabled
 
8/2/2013 9:09:51 PM
mbam-log-2013-08-02 (21-09-51).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243827
Time elapsed: 3 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Soumil Rana\AppData\Local\Temp\~DF13278KB.tmp.exe (Backdoor.Poison) -> Quarantined and deleted successfully.
 
(end)


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 PM

Posted 02 August 2013 - 04:25 PM

I have removed your ComboFix log as they are not permitted in this forum. If you want to post your log for analysis, please do so in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.

Thank you

The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 soumilrana

soumilrana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 03 August 2013 - 06:22 AM

Oh Fine.
But any idea about that backdoor?
It comes back after i reboot my PC.. :/



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 PM

Posted 03 August 2013 - 06:57 AM

Backdoor:Win32/Poison is the detection for backdoor trojans that allows unauthorized access and control of an affected machine. It attempts to hide by injecting itself into other processes.

Backdoor:Win32/Poison Technical Info

That means this Trojan provides a remote malicious attacker with access to your machine and the computer has been compromised.

If the detected file keeps returning after repeated removal attempts, then you probably have other malware on your system which is protecting or regenerating it. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Since you already ran ComboFix, you should post that log as well...just as hamluis instructed you to do two days ago.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 soumilrana

soumilrana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 04 August 2013 - 07:56 AM

I have done the same.
Please have a look.!



#14 soumilrana

soumilrana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 04 August 2013 - 12:15 PM

http://www.bleepingcomputer.com/forums/t/503302/pc-compromised-infected-with-backdoorwin32poison/



#15 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:04 AM

Posted 04 August 2013 - 02:24 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users