Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix dont works.


  • This topic is locked This topic is locked
43 replies to this topic

#1 felypevip

felypevip

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 01 January 2014 - 03:18 PM

Sorry i needed to make another topic because i forget to attach the file.
 
Problem number 1:When i start ComboFix.exe A message appears saying that Comodo Antivirus is opened I've closed and deactivated and the message still appearing i click in ok and the combofix runs.
Problem number 2:When the combofix runs it does not leave the message "Tried to create restauration point" being that already has a restauration point (I think).
Problem number 3:Sometimes when i download ComboFix it is instant removed by something that i doens't know but this is not a big problem.
 
 
Why i want to use ComboFix:
-Computer Slowing Down ( two weeks before he not freezing in 3 in 3 hours without me having changed or downloaded anything heavy)
-When my antivirus said that the winlogon was modified and could be a virus my pc turned off like somebody sent this order to prevent I remove something.
-A lot of files with weird names in normal folders like my user folder.
-After spend two hours on the computer and try to delete something appears "Access Denied" when I restart it over back to normal after more than two hours the same thing.
 
I use COMODO INTERNET SECURITY PREMIUM and i disable it more the messages keep appearing..
 
I hope now the TOPIC is right,and sorry for duplicate again.


Edited by bloopie, 25 January 2014 - 02:33 PM.
Removed attached logs as user requested. ~bloopie


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 06 January 2014 - 03:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519263 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 07 January 2014 - 11:25 AM

1.Already posted

2.Created!

3.Yes i have,but i dont want to format the computer.


Edited by bloopie, 25 January 2014 - 02:33 PM.


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:46 AM

Posted 08 January 2014 - 06:47 PM

Hello felypevip, and welcome to Bleeping Computer!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========

Now, I noticed that you've only attached the Attach.txt and not the DDS.txt. We really need to see both logs. Please re-run DDS and then copy and paste only the DDS.txt this time, do not attach it.

Once we get the DDS log properly posted, then we'll take the next steps. Combofix isn't always necessary, but we'll see what happens later on when we see better what the state of the machine is! :thumbup2:

Thanks, and again welcome! :)

bloopie



#5 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 08 January 2014 - 08:24 PM

Oh sorry
Heres the DDS log
 
I missed something?


Edited by bloopie, 25 January 2014 - 02:51 PM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:46 AM

Posted 09 January 2014 - 01:02 PM

Hello again,
 
As I mentioned, please copy and paste all logs. Do not attach them.
 
==========

Step :step1:

A Warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start Orb > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

==========

Step :step2:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
  • Once rebooted, please make sure all checkboxes are still checked before performing the scan!


    2012081514h0118.png
  • Click Start Scan and allow the scan process to run


    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

==========

After running the above, please let me know how the machine is running now!

bloopie



#7 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 10 January 2014 - 02:37 PM

Hello again,
 
As I mentioned, please copy and paste all logs. Do not attach them.
 
==========

Step :step1:

A Warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start Orb > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

==========

Step :step2:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
  • Once rebooted, please make sure all checkboxes are still checked before performing the scan!


    2012081514h0118.png
  • Click Start Scan and allow the scan process to run


    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

==========

After running the above, please let me know how the machine is running now!

bloopie

Ok,when i runned it asked to reboot,i rebooted but when the Windows started it freezed the login screen,but i already fixed it,i started the program again but when i pressed "start scan" the BSOD appears.. , i thinking in using the COMODO Bootable Pendrive to scan for viruses,or this programs have a bootable version?

 

(Sorry bad english)



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:46 AM

Posted 10 January 2014 - 06:33 PM

Hello again,

 

You do not need to quote my instructions in your replies. :wink:
 

(Sorry bad english)

Not a problem at all, I understand you...as long as we understand each other, we'll be fine! :)
 
Okay, your logs are clearly indicating a rootkit, but I won't give that warning until I'm absolutely sure.

==========

Let's try to run Farbar Recovery Scan Tool (aka FRST) from the Recovery Environment with the below instructions:

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

bloopie



#9 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 12 January 2014 - 07:03 PM

Man! when i rebooted the PC again my Internet stopped working appears: Limited acess,and in the others computers the internet works fine(like in this old computer i am using right now)!

 

-I Already tried to change DNS

-I Already tried to use the "Fix problems" of Windows

-All my system recovery backups dissapeared!

 

Please i really need help! I cant live without the internet.



#10 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 12 January 2014 - 10:33 PM

But yesterday made a strong rain and lightning, and I did not turn off the socket, if the network card can be burned?



#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:46 AM

Posted 13 January 2014 - 01:01 AM

Hello again,

 

I am trying to help you, but I need you to follow my instructions. You haven't answered if you have your original Windows Installation disk and you haven't followed the instructions in my last post. Please do these things so that I can help you.

 

Malware removal can take time, and analyzing the logs that you post can also take time. Please follow my instructions, be patient, and we'll get there.

 

bloopie



#12 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 13 January 2014 - 06:53 AM

The disk is in the house of my friend but i can say to he give to me.
 

 

 
I missed something?

Edited by bloopie, 25 January 2014 - 02:52 PM.


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:46 AM

Posted 13 January 2014 - 06:51 PM

Hello again,

 

Thanks for the log! :)

 

Are you aware that there are a couple of programs installed on your computer like TeamViewer and LogMeIn? If you have knowingly put those programs there on purpose, then they should be okay to keep.

 

==========

 

Okay, let's try to get Combofix to run more aggressively. Boot the computer into normal boot mode.

 

Make sure you have Combofix saved on your desktop or the script will not work:

 

Click the Start Orb, then copy and paste in the following bold line in the RunBox and then press ENTER

 

"%userprofile%\desktop\Combofix.exe" /killall

 

Follow the prompts, and post the log here in your next reply. Let me know if you are unsure of the instructions I've given! Also let me know of any problems you encounter. :thumbup2:

If you cannot find the log, it should be located at C:\ComboFix.txt.

bloopie



#14 felypevip

felypevip
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 13 January 2014 - 07:32 PM

I use logmein hamachi to playing in game servers and i use team viewer to help some friends.

 

--------------------------

When i run combofix and the "command prompt" pop-ups it appears "Starting Combofix..." and "Try to create a restauration point" and dont leave from this.

 

And what could be the problem of the internet?


Edited by felypevip, 13 January 2014 - 07:33 PM.


#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:46 AM

Posted 13 January 2014 - 08:44 PM

Hello again,

What happens when you let Combofix run? Give it some time to run and don't click on Combofix's window while it's running...that may cause it to stall.

There could be a number of things causing the internet to not work, so I cannot speculate on that point yet.

Let me know what happens when you let Combofix run for some time. If it still will not work, then we will need to take some other steps.

Also, please try to run both Combofix and TDSSKiller from Safemode. Let me know what happens!

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users