Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Deleting Personal Files


  • Please log in to reply
6 replies to this topic

#1 incitetm

incitetm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2014 - 11:24 PM

I see a post from 2010 about how to fix a problem where Combofix moves personal files to the Quarintine folder. 1/8/2014 I ran Combofix on one computer and the same thing occurred with a Public Folder on one computer that was shared to another computer.  I was thinking that ComboFix may be deleting everything from the public folder as it should not be there. If that is the case then that is fine, but I want to make sure before I continue to run this version.

 

I downloaded the latest version of ComboFix from bleeping computer on 1/8/2014 so I was wondering if this issue re-appeared or if I have another issue.

 

The computer is a Windows 7 Home computer.

 

I want to confirm that the same process will fix this.

 

Thanks for any help.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 09 January 2014 - 07:11 AM

Hello and Welcome -
You quote a post from 2010, and your question relates to the current program version ?

The program is updated on a very regular basis, so the question is not current.
 

ComboFix usage, Questions, Help? - Look here is the only official guide to current and past program versions.
 

Please note that ComboFix is provided as is, without warranty of any kind. All implied warranties are expressly disclaimed. If you do not agree to the terms stipulated by sUBs, use of his tool is at your own risk.
This is included in the only official guide -

 

If you do have a Malware problem, or wish to have our Malware Removal Experts review your problem, see below,

  • If you need assistance, please follow the instructions in the Preparation Guide starting at Step #6.
  • When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

  • If you are unable to complete any step, just post the topic and leave a full description of your problems
  • Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

  • If Help Bot responds to your topic, please follw his Step #1 so the team will be notified.

 

Thank You -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:57 AM

Posted 09 January 2014 - 09:26 AM

Is your computer infected with malware?

I ask because the only reason you should be running ComboFix is for removing malware infection? ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 incitetm

incitetm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 09 January 2014 - 01:18 PM

Let me give a little more specifics.

 

Malwarebytes was run and found 84 items which were removed. most were related to pup.optional.wajam.a. Some were not. After completing malwarebytes scan and still seeing issues, I downloaded the latest version of ComboFix from BleepingComputer.com. I ran the most recent version of ComboFix which went through its normal process, and near the end of its 50+ steps, I see that ComboFix started to delete everything in the "Public" Folder of this computer. There was 10GB of data which, after reading this post http://www.bleepingcomputer.com/forums/t/290138/combofix-problems-and-resolution-for-legitimate-files-being-deleted/ from 2010, it appears that I am having the same problem that people were having in 2010.

 

ComboFix did find several files that were malware/virus related in C:\ C:\WIndows and C:\Windows\system32 as well as some registry entries. Services.exe, and several files in the root of C:\ were considered infected. It appears that Combofix decided that anything in the public folder should be concidered a virus.So what occurred is that all the data was moved to ComboFix quarentine folder with a .vir extention added to the end. My question is if the problem from 2010 is occurring again in the latest version or is this normal for combofix to quarentine everything in the public folder including .jpg, .doc and all pictures and documents?

 

I am in the IT field and have more expereience than I would like with cleaning malware/viruses from computers. I have read about ComboFix and have been through many of the logs so I can interpret the logs. The link ComboFix usage, Questions, Help? - Look here above on ComboFix doesn't actually state what the 50+ steps that it is taking does. That is why I have this question.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:57 AM

Posted 09 January 2014 - 01:45 PM

The developer (sUBs) will need to see the log so he can investigate. Please submit (upload) a copy of ComboFix.txt to this Submit Malware Sample page.
  • Fill in the requested information, comments and any further information.
  • Zip the file(s) using a zipping program (i.e. 7-zip, WinRAR).
  • Click the Browse... button and navigate to the location of the file.
  • Click on the file to highlight it and choose Open.
  • Click the Send File button.
  • You will not be able to view the files that have been uploaded as they only show to the authorized users who can download them.
  • sUBs will be able to collect the file(s) from there and examine them.
  • Let me know when you have done this so I can advise the developer.
Thanks
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 AM

Posted 09 January 2014 - 06:29 PM

Hi -

Just a follow-up from my point of view .

The link ComboFix usage, Questions, Help? - Look here above on ComboFix doesn't actually state what the 50+ steps that it is taking does.

NOTE - The stages and direct input / output of the program is not ever for publication / discussion.

So if you and all malware writers know the workings, the program becomes useless.

 

These bits are always added since the actual workings of the program will never be disclosed openly.

 

So this rider is placed on the programs download area -

Please note that ComboFix is provided as is, without warranty of any kind. All implied warranties are expressly disclaimed. If you do not agree to the terms stipulated by sUBs, use of his tool is at your own risk.

This is included in the only official guide -

 

No offence was meant, as your post was a #1 post, and you had no history on the site to follow.

My reply was to get you further help only, if required by you ...........

 

I hope the post was regarded as Information Only, and nothing more.

 

Please follow the post from quietman7 if you do wish to find more information.

 

Thank You -



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:57 AM

Posted 09 January 2014 - 06:34 PM

incitetm...I have posted a note to sUBs about your question, advised him what I instructed you to do and provided a link to this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users