Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix on my own


  • Please log in to reply
3 replies to this topic

#1 ianfishmaya

ianfishmaya

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 11 March 2017 - 02:37 PM

I have a problem with my firewall and through reading figured out that perhaps there was a rootkit problem. I found a post on this website with a similar problem and followed steps. I ran Roguekiller. This got rid of some threats but the firewall problem still persisted. The next recommendation was Combofix. I ran that and the program ran fine for a while then the computer went mad, the blue Combofix window as flashing repeatedly and the CPU was at 100%. I couldn't stop what was happening so held down the power button to shut the machine down and rebooted the computer. Everything looked ok but then certain application wouldn't open. For example Google Chrome. A message flashed up to say that something had been marked on the registry key for deletion and that an item had been moved. I managed to restore the system using a restore point. Now everything seems to be working ok. How do I know if everything is ok or not. Since running Combofix I then discovered all the posts that say never run this unless you are a professional so feel pretty stupid and am worried that I have done some serious harm although as I say everything seems to be run ok. The firewall still doesn't work though. Many thanks.



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:20 AM

Posted 12 March 2017 - 01:09 PM

ianfishmaya:
 
:welcome: to the Bleeping Computer General Security Forum.  You are quite correct.  It is a BAD idea to run ComboFix if you don't know its capabilities and how powerful it is.  It is a tool of last resort.  Quietman7, on of our foremost security experts here at Bleeping Computer, has this to say about using ComboFix.  I personally consider it a good thing that it is not compatible with the newer versions of Windows (8,10).  I have never used it on a client's computer.  There are far more effective, and less dangerous, anti-malware tools at our disposal as Malware Response Team members.
 
.
 
:step1: Please launch Windows File Explorer and see if either of these folders exist:

  • C:\ComboFix
  • C:\Qoobox

If neither folder exists, then your System Restore removed ComboFix.
 
.

 
:step2: Please run an System File Checker (SFC) scan to assess the integrity of the Windows 7 file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the System File Checker in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?

If SFC reports uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log", and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 ianfishmaya

ianfishmaya
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 12 March 2017 - 04:04 PM

Dear Phil,

 

Thank you so much for your reply.

 

My computer seems to be running OK and the Firewall is back up and running.

 

However.... I ran the search and both the Combofix and the Qoobox files are there. Should I delete these or just leave them where they are? The Combofix folder in particular has a lot of stuff in it.

 

I ran the System File Check and there are problems. It says 'Windows Resource Protection found corrupt files but was unable to fix some of them.' Would these all be down to the Combofix or could they be a result of the other problems I have had. I had the Brontok worm on the computer and a rootkit. I ran Spyhunter,  Total Av and Roguekiller to get rid of them. The log report is absolutely massive. I have copied it on to the desktop. Should I post it here? It is hundreds of lines long!

 

Many thanks,

 

Ian



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:20 AM

Posted 13 March 2017 - 12:30 PM

Ian:
 
I was suspicious that ComboFix might still be resident, since it does not "install" conventionally.  It is best to use the ComboFix uninstaller routine to remove everything that it has "installed".  Unfortunately, we can't undo whatever, if any, damage it did, unless the Restore Point was successfully restored, which is what you are telling me, so that is good news.

Please note that the uninstall of ComboFix will remove your previous System Restore points and create a new one. You should backup your computer before running the uninstall.

Click Start > Run (Windows key + R)and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

 

Please copy and paste the contents of any ComboFix uninstall logs that might be produced.

 

.

 

The System File Checker results are not what we wanted to have. :(  Yes, the CBS.log is a massive file, but for now, just keep it on the Desktop.  Damage could have been done by ComboFix, but there are also many other causes for OS file system corruption.  Let's get ComboFix out of your computer first.

 

.

 

Thank you and have a great day.

 

Regards,
-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users