Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix myself (sorry) but it didn't get very far.


  • This topic is locked This topic is locked
3 replies to this topic

#1 ontheriver

ontheriver

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 07 April 2014 - 05:38 PM

I discovered I have a virus that does not allow me to download files from the internet.

"filename" has a virus and has been deleted - is the message I kept getting.

Went online to malwaretips.com and started going through the seven steps they advised to correct the problem.

First step was downloading and running ComboFix.

It started running and seemed to be deleting a lot of files and didn't really get past this part.

One box popped up and said Volsnap.sys was infected and that it was trying to resolve the issue and would continue, which it seemed to do.

Another box popped up and said it couldn't find NIRKMD.exe and told me to check if the spelling was right.

I just hit the OK button in that box.

It then started popping up with boxes that inferred that I didn't have the correct version of ComboFix from bleepingcomputer.com but when I double checked the website I downloaded it from, it was correct.

I then started looking through your website and found all the warnings about running it myself.

I have not rerun it and will await your reply.

ComboFix did not get to the point where it created a System Restore point and had not started scanning for infected files or going through the 50 stages.

Any suggestions you can offer will be greatly appreciated.

I am running Windows 7 (64 bit) and Internet Explorer 11.

I have not rebooted the computer yet... afraid to.

Thanks


Edited by ontheriver, 07 April 2014 - 06:28 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:47 AM

Posted 08 April 2014 - 01:35 PM

This is one of the reasons why we recommend not to use ComboFix on your own. There are risks involved and we would prefer it if someone who knows how to resovle any issues that may arise is supervising its use.

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, OTL, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is necessary.

With that said, there are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual.

While our policy is not to offer advice on running ComboFix unless we asked someone to run it, we are willing to assist with resolving problems caused after using it and we are certainly willing to help with malware disinfection. If that assistance requires running ComboFix, you will be advised what to do in order to get the tool to run properly or investigate any error messages.

If you need individual assistance with a malware infection that requires using ComboFix, please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ontheriver

ontheriver
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 08 April 2014 - 01:44 PM

Hi quietman7,
Yes, I'm sorry that I just started running programs as advised in another site without doing any research of my own. After posting this, I did even more reading and found the correct forum to use. I am now receiving help from Gringo at the following thread:

http://www.bleepingcomputer.com/forums/t/530303/zeroaccess-rootkit-threat-on-my-computer-ran-combofix-myself-sorry/

Thanks so much for the help I'm receiving. I will be sure to make a donation.
Bev

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:47 AM

Posted 08 April 2014 - 01:54 PM


Since you are now receiving help from the Malware Response Team, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

The Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic.

Thanks for your cooperation.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users