Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix killed, now what.


  • Please log in to reply
6 replies to this topic

#1 CK Bleeps

CK Bleeps

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 22 January 2016 - 10:48 PM

Combofix was running for hours, I have several large drives connected and don't need them all scanned, so I put them offline, but watching the log file, it kept updating from the offline drive.  I figured it would cache out but it kept going.   Break failed so I closed the window.  

 

combofix.txt is 7.1m, with 105091 lines.

It said Comodo defense+ was not disabled, but comodo said it was disabled.  

 

One file was infected, syswow64\imm32.dll and it was disinfected using winsxs.

Several other files were just deleted.

 

I would post them now but it's on another PC which is offline right now.

 

 

Prior to combofix...

TDSSKiller, negative (with tdss check checked)

RKill negative.

McAfee bootkitremoval negative

mbar negative

AdwCleaner found OneTab, which I like, have not found anything else to suggest it is an issue, and now onetab is borked.

 

 

So, my question is, now that it's interrupted, should I just reboot now?

I'm not sure the procedure after interrupting it.



BC AdBot (Login to Remove)

 


#2 CK Bleeps

CK Bleeps
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 22 January 2016 - 10:54 PM

Also, I ran this to make sure an infection was not causing the taskbar to freak out.  It's the program manager really, windows jump top/bottom order, especially child windows, often alt-tab back to the window I'm trying to work on, but it seems to be connected with the jumplist or something, having multiple of the same program / tabs makes things worse.  Switching from one window to another often, but not always, caused windows to flash.  I've used windows blinds and 7 taskbar, and had displayfusion installed.  I'm guessing a combination of those and windows updates etc messed up some settings.  Hoping that imm32.dll is the fix....


Rebooted.  



#3 CK Bleeps

CK Bleeps
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 22 January 2016 - 11:41 PM

Same issue... happens when:

When first opening a child window, including dropdowns.

Scrolling.

Clicking a program in the task bar (min/max/bring to front)

 

Examples of programs affected:  Chrome, notepad, notepad++, cmd.exe, iexplore, basically all and any program I've opened.  

 

It's not every time but often enough to be very annoying, especially when child windows are popping under and...

 

Sometimes it does a loopy thing where it's like it's changing it's mind which window to set focus on, like alt-tab is stuck.  

The order of the open programs changes in the taskbar.

 

Occasionally it does this 'on it's own' but only in certain cases for example I did a search in regedit and it popped up several times, though it never had a search result.  Regscan did not, once started, it played nice.  So, child window updates can trigger the bad behavior....

 

While typing this it's just sat quietly.... so I tried to make it break, seems to be OK now?

 

Another programs I've suspected but which may not be to blame, if anything I'm probably to blame for installing too many things.

Direct Folders which is really nice but was not working properly so I reinstalled in 1-2 days before my loopy issue.

TaskBarPinner by winaero.com, to fix MS OS Blunders, no issues with it, other than lack of an uninstaller.  I'll use something else for this.



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:40 AM

Posted 23 January 2016 - 03:01 AM

Hi there,

Generally Bleeping Computer does not offer advice on running ComboFix, as it is not meant to be used by people without training in how the tool works.

ComboFix usage, Questions, Help? - Look here

That said, if you need help removing malware then please seek assistance in the Malware Removal Logs forum.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 AM

Posted 23 January 2016 - 06:30 AM

As noted, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool.

With that said, there are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual. In such cases, it is helpful to know at what stage ComboFix stalled/crashed and to provide that information to the Helper who is assisting you so they can investigate. Using Task Manager to stop ComboFix's related process usually is enough to abort it.

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):
  • PEV.exe
  • NirCmd.3XE
  • PEV.3XE
  • SED
  • GREP
  • any file that has the extension *.3XE except CF*****.3XE <- do not end this process
One at a time, right-click and select End Process. If doing that did not free ComboFix and allow it to continue, then you will need to reboot the computer manually.

Afterwards, please follow the instructions provided by Sintharius if you still need help.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 CK Bleeps

CK Bleeps
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 25 January 2016 - 07:06 PM

Thanks. Combofix found some questionable files and removed them.  Hard to say if that's what resolved the original issue, as I did many other things also.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 AM

Posted 25 January 2016 - 07:15 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users