Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Complete disaster

  • Please log in to reply
1 reply to this topic

#1 GiovanniFantini


  • Members
  • 1 posts
  • Local time:06:18 PM

Posted 21 August 2014 - 02:23 PM

Hello Everybody!
I'm new to the forum, I'm interested in computers, even though my knowledge is quite basic. I've tried to help this friend of mine which has an old Acer laptop with XP Media Center edition with cleaning his really messed up computer: I've downloaded Combo Fix and Malware Bytes as I've always done with computers' cleaning, since Avg was showing a tremendous amount of malware in the pc from Trojans to Spybots exc.. I've followed the guidelines they've teached me when using combo fix: I deactivated the computer's connection, and launched the program, closing all open applications. The program launched correctly, it started creating a backup point and then told me that the computer didn't have the System Recovery tool, and I needed to download it. When I clicked ok to download it said the computer wasn't connected to the web even though I could navigate on Chrome (which gave me the suspicion that I had some malware in the computer's connection settings). Then it suddenly closed the window and started analysing the partition of the disk (I'm not very sure of what I'm stating, but that's what I understood) When I rebooted the pc, I relaunched combo fix which did again the same thing as before, only without the partition part, and continued the process, which I thought was due to the correct installation of the Recovery tool. Then an enormous amount of windows opened stating all sorts of things about the Registry Editor, and before I had time to read them, they all closed, and Combo Fix continued his job. After the 50 stages the program started eliminating files as it has always done, but it then suddenly stuck on one elimination string. I left it there for like 2 and a half hours. After waiting a long time it appeared the program was stuck, and not going anywhere so I had to force quit it which prevented it from creating a log. When I rebooted the computer all sorts of crazy things were happening. To my current knowledge I've encountered the following problems: In the control panel under connections, all settings were deleted: there is no connection set up, neither LAN nor wireless. And if I try to set up a new one, it just will not create it. I'm unable to move/copy/paste files around the pc. The system doesn't recognise any external driver such as pen drives or memory cards. The only way for me to at least read the content (since I cannot modify nor copy it) is to manually uninstal the driver from the control panel and reinstall it. 

The situation is very difficult for me now to understand or solve, and Combo Fix never caused me any problems before. I've tried all sort of things, from using the tool which returns to it's place Combo Fix eliminated files, to running rstrui.exe (also tried in safe mode from command prompts, but it returns an error message saying the computer cannot protect the content: and advises to reboot the pc and retry, which obviously doesn't work). I now think there was some problems with the Registry Editor in the beginning which obstacles the correct return to a previous state. Unfortunately as I said, I cannot find any log to post you to give more details. The most I can do is trying to explain at my best possibility what's happening. This computer is now completely full of malware and with system settings and files misplaced or eliminated. I agreed with the owner that the best thing is to completely format it from the start, and hope he has no root kits. Unfortunately the impossibility of moving/copying is preventing me from backing his pics up (which he cares a lot about). Without saving his files beforehand I cannot go on with the formatting. Can someone please shed light on this disaster and help me at least with putting in a safe place his files before doing anything else? (They told me about some program called The Avenger which could help me with this.) 
Thank you so much for your help, waiting for a saviour to help me.

Edited by hamluis, 21 August 2014 - 02:47 PM.
Moved from MRL to AV/AM Software - Hamluis.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,591 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:18 PM

Posted 21 August 2014 - 06:01 PM

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, OTL, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is necessary.

If you need individual assistance with a malware infection, please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. If ComboFix is required, you will be provided instructions on how to get it to run properly.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users