You can use System Restore
or System Restore from a command prompt in Safe Mode
to return to a previous state before running ComboFix.
As part of its routine ComboFix creates a folder named Qoobox
in C:\QooBox\Quarantine\ to keep files that have been removed by ComboFix. These files are copied and renamed by adding .vir
at the end so they are are no longer a threat
. The path to the removed file(s) in the C:\QooBox\Quarantine folder shows the location where it was removed from. In some case, ComboFix may remove a legitimate file for various reasons. To view/restore a file, just remove the .vir and copy it back to its original location
There is also a way to restore files from quarantine which requires using a special script prepared by a trained helper after reviewing ComboFix.txt.
Keep in mind that if you restore a file which appears legitimate but is in fact malicious, you will be restoring malware on your computer. If you deliberately restore a known malicious file, you assume all risk for any further damage it may cause. If you do not feel comfortable restoring the files on your own or you were dealing with a serious infection, then you can ask for further assistance with disinfection and restoration of your removed files. However, we cannot do that in this forum.
If you need that type of help, please follow the instructions in the Malware Removal and Log Section Preparation Guide
. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team.