Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Should I try to revert from an accidental use of ComboFix, and if so, how?

  • Please log in to reply
4 replies to this topic

#1 Moongazer


  • Members
  • 6 posts
  • Local time:06:29 PM

Posted 23 October 2016 - 07:31 AM

I recently bought a "refurbished," 6-year-old laptop - a Dell Latitude E6410 - from a company that recycles second-hand (usually ex-business) computers to people on low incomes. It came with Windows 7 Pro installed, including (Microsoft Malware Bytes) [correction: Microsoft Security Essentials]. Despite keeping (Malware Bytes) [should be: Security Essentials] up to date, just a few days ago, my Firefox browser was infected by the web-start.org shortcut-hijacker described here, and also by the two adwares SmartNew Tab virus and cpmofferconvert.com, (I suspect all three are related.)

When I realised how the web-start hijacker was operating, I immediately edited the shortcuts, but, concerned that the malwares were still lurking in my system, I started downloading and installing the anti-malware programs mentioned here, intending to follow that removal procedure. Initially, I just ran DDS.com and FRST64.exe.

But then I also downloaded ComboFix. I ran it, assuming that it was an installation file, not realising that it is a portable program, which would immediately do its thing with no further input from me (that was not mentioned anywhere). I was horrified, on reading the report it generated, to see how aggressive it had been, deleting many DLL files from ProgramData folders (which I imagine were there for a purpose) and doing I-know-not-what to the registry. It did however, make a system restore point first and, IIRC, its own backup of the registry.

I found and zipped up the Qoobox folders (3.1MB) (after some initial struggling with the folder permissions), and I have uploaded it to this webpage (tiny.cc/combofix-mg), together with the ComboFix report and the two DDS reports and the two FRST reports. (I hope these will be some help to responders)
I find it hard to believe that ALL of the files deleted by ComboFix were infected. It even deleted Teamviewer.exe, which had been pre-installed by the computer vendor (presumably for support purposes.)

I now know that I should not have run ComboFix without expert advice to do so. But I am now seeking that expert advice as to which of three things to do next:

a.  Should I do nothing, and just accept that ComboFix did the right thing, and that the computer can do without the files it deleted?

b.  Should I use Windows 7 system restore to revert back? (Will that also bring back the files from the quarantine box?)

c.  or should I use the tool CFDQ-UsrPrf.exe mentioned here to restore things to the way they were? (Is there any info on exactly what it does?)


Presumably, in all 3 cases (or at least b and c), I should then use other anti-malware programs to remove the malware.

I am an experienced computer user, but I feel a little out of my depth at this stage, and would welcome whatever help I can get.

Edited by Moongazer, 23 October 2016 - 07:53 AM.

BC AdBot (Login to Remove)



#2 MoxieMomma


  • Members
  • 471 posts
  • Local time:12:29 AM

Posted 23 October 2016 - 07:40 AM

Hello and welcome!


I'll defer to the others who are far more expert in malware removal.

But I just popped in to clarify this, to reduce confusion for you or anyone else reading this thread:



It came with Windows 7 Pro installed, including Microsoft Malware Bytes. Despite keeping Malware Bytes up to date,


Microsoft has nothing to do with Malwarebytes Anti-Malware (MBAM). :wink:


MBAM is the product of Malwarebytes Corporation, a 3rd-party security software company.

Malwarebytes (the company) publishes many different products, such as MBAM (for Consumers and Businesses), MBAE, and a range of other, specialized tools.


Main site here: https://www.malwarebytes.com/

MBAM Product Page here: https://www.malwarebytes.com/antimalware/


Please wait for further assistance for one of the experienced malware-removal or other helpers.




#3 Moongazer

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:29 PM

Posted 23 October 2016 - 07:56 AM

Whoops, thanks for the correction, Moxie Momma. The anti-virus prgm I have is Microsoft Security Essentials, not Malware Bytes. I have edited my original post to correct the error.

#4 hamluis



  • Moderator
  • 54,995 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:29 AM

Posted 23 October 2016 - 08:04 AM

Please...post the ComboFix log as part of a new topic you create in the Malware Removal Logs forum, not this one.  ComboFix is not used in the Am I Infected forum.


Please read/follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and post the new topic in the forum containing the Prep Guide.


Once you do that, come back to this topic and post the link to the new topic.  After that, this topic will be closed to avoid confusion.


Thanks :).



#5 Moongazer

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:29 PM

Posted 23 October 2016 - 09:47 AM

Thanks, Louis, I have reposted my topic here:


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users