Problem with Combofix stuck at please wait

Hello,
I've been following the instructions posted here with success getting logs until getting to the point of installing and running combofix.

Combo fix installed and ran as the instructons on bleepingcomputer.com and combofix instructed that it was going to reboot. After reboot, I logged back in and the combofix window just says "Please wait." It's been hung here for quire some time with very little hdd activity. Searching about combofix brings results where people say not to run combofix without specific intructions to do so. I was simply following the instructions in the FAQ.

How do I get out of this hung combofix?

Thanks,
John

 

Tim,
Thanks for the reply...I should have posted back sooner. I'm a bit of a forum junky myself (mod over at blackberryforums.com)

Anyway, I was able to exit out of the combo fix and the computer restarted normally. When it hung, I googled more about combofix and got lots of "reload windows" results, so I got a little worried. After that I quit the process and just used the pc for a while and the machine seems to be clean and working nicely. Those are great instructions. Kudos for all the work involved in creating the posts.

The one thing I did this time that didn't occur the last time I used the instructions (successfully) was that combofix asked if it could update itself. I didn't see anything about that in the instructions so I just let it update.

Thanks for the reply,

John

 

I was...page redirects and popups. I also had some worm that caused an error when opening up drives in My Computer. It said "c:\resycled\boot.com is not a valid win32 application." I'm usually pretty careful but caught something anyway...

Running your directions got rid of everything. I used it on another computer 6-8 months ago with no issues.

 

Also, when running MGTools the GetRunKey.bat file hangs on:

"Note: Ignore any error messages about not finding registry keys! Just wait for the program to finish running"

I tried running the other .bat files separately and got logs from the other files but this one doesn't want to run.

So, if I was going to post logs for you I'm missing the combofix logs and GetRunKeys logs. I can post the rest if you'd like to take a look. I wasn't going to trouble you with the logs since things seem to be fixed, though.

 

Ok, I edited the GetRunKey.bat and changed echo off to echo on so I could see what's hanging.

It hangs on the following:

Code:

C:\MGtools>REM Check for Trojans from Haxdoor family.   Some of the related file
s are also:

C:\MGtools>REM==================================================================
==========

C:\MGtools>C:\MGTools\grep -U -i -q "avpe" C:\MGTools\temp\xlmsysc.txt

C:\MGtools>if ERRORLEVEL 1 GOTO  Haxdoor1

C:\MGtools>C:\MGTools\grep -U -i -q "avpx" C:\MGTools\temp\xlmsysc.txt

It never leaves this spot in the process. Don't know if it helps or not...

 

Here are the logs I was able to get:

The MGLogs.zip is not the automated zip file created. I created it and includes as many logs as I could get by running the individual .bat files that were expained would run in the instructions.

Thanks for helping!

John

 

Ok...well, here's the one it created but never finished. I figured the one I gave you had more info.

 

I posted the message I got and where it hung. I also turned echo on so I could see what was hanging and posted that above, as well. I just tried to run it again from scratch and it blue screened.

I'm no longer having any issues after running what's posted in the instructions, though. However, I appreciate your time!

 

Thank for the help, Tim!

 

Tim,
Would it be possible to have my logs deleted? There are few tidbits of info contained in them that should stay private.

Thanks,
John