As a general policy, Bleeping Computer does not offer advice
on how to run ComboFix unless we asked someone to run it or
if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert (see here
) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.
With that said, ComboFix's log should show what was removed. As part of its routine ComboFix creates a folder named Qoobox in C:\QooBox\Quarantine\ to keep files that have been removed by ComboFix. These files are copied and renamed by adding .vir
at the end so they are are no longer a threat
. The path to the removed file(s) in the C:\QooBox\Quarantine folder shows the location where it was removed from. In some case, ComboFix may remove a legitimate file for various reasons. To view/restore a file, just remove the .vir and copy it back to its original location.
If you want individual assistance and since ComboFix has already been run, its log should be thoroughly reviewed by trained experts before proceeding further. A log should have been created and saved to the root directory, usually C:\ComboFix.txt
Please follow the instructions in the Preparation Guide For Requesting Help
starting at Step 6.
- If you cannot complete a step, then skip it and continue with the next.
- In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, start a new topic and post the required logs to include your ComboFix log
in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team Experts.
-- ComboFix logs are not permitted
in this forum.
After doing this, please reply back in this thread with a link to the new topic so we can closed this one.