Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Hangup


  • Please log in to reply
5 replies to this topic

#1 MWhiteside

MWhiteside

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 09 December 2014 - 09:50 AM

I am using Combofix to clear malware, but it continues to hang at stage 5.  I have used this product for many years and am very familiar with how it works.
 
1.  I first ran a complete virus scan with Symantec EndPoint - no viruses found.
2.  Disabled EndPoint and ran Combofix .  Combofix would not run.
3.  Went to Safe Mode with networking and ran ComboFix - completes 4 stages, but does not advance after 30 minutes.
    * There is activity on the disk drive however.
 
Do I need to wait longer or should I run some other utility?

Edited by Queen-Evie, 09 December 2014 - 11:20 AM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 Buck1es

Buck1es

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, Arizona
  • Local time:05:58 AM

Posted 09 December 2014 - 11:13 AM

I have had this issue before.. My fix has always been to stop Combo Fix when it gets hung up and just try running it again. It has usually completed the second or third time I try it. In extreme cases of it still not running after multiple times, restarting and trying again or safe mode has been my fix. Also sometimes whatever is happening in step 4 or 5, it can take longer than usual. What is funny whenever mine has stopped, it always was at step 4 or 5. Because you have disabled your virus scan you DO NOT get a message warning you there is an anti-virus still active correct? I ask because even though you have disabled it, it can still be running somewhere and Combo Fix still says it is running..



#3 MWhiteside

MWhiteside
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 09 December 2014 - 11:35 AM

Thanks for your reply.  I started ComboFix a second time and it again hung up on stage 5, but after about 30 minutes ran the rest of the stages.  Now it seems to be hung up in displaying what has been deleted after completing stage 50.  I have waited on this step for an additional 30+ minutes, so ComboFix has been running for more than 1 hour

 

Should I stop it again and run a third time?



#4 Buck1es

Buck1es

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, Arizona
  • Local time:05:58 AM

Posted 09 December 2014 - 11:53 AM

I have had issues with Combo Fix generating a log... Would take way too long. I believe it puts the log just right there on the C: drive. If you can, go check if it is there. If it is, and you can open it and see all the details, I think it should be safe to just close Combo Fix out. It has already done what it has needed to. 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 09 December 2014 - 12:30 PM

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance.

With that said, there are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual. Usually using Task Manager to stop ComboFix's related process is enough to abort it.

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):
  • PEV.exe
  • NirCmd.3XE
  • PEV.3XE
  • SED
  • GREP
  • any file that has the extension *.3XE except CF*****.3XE <- do not end this process
One at a time, right-click and select End Process. If doing that did not free ComboFix and allow it to continue, then you will need to reboot the computer manually.

If you need further assistance with a malware infection, please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
There are other advanced tools which can be uses in cases where ComboFix will not run properly...the MRT will provide detailed instructions for such tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 09 December 2014 - 12:40 PM

BTW...in most cases ComboFix should not take more than 20 minutes to complete its routine if malware is detected. However, in some cases it could take longer depending on a variety of factors. If a system is badly infected, ComboFix may take more time to complete all it's routines (various stages) than it normally does or fail to run properly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users