how rid pc of combofix

I see from googling that many have been called upon over the years for help deleting the Qoobox and Qoobox\BackEnv files inherited from the unfortunate use of Combofix which is blacklisted by mywot.com and deservedly so. How do I clean it from my pc? Thanks for any help; I know you are busy.

 

If only it were that easy, I would not be here. But thanks. No, these files do not allow themselves to be deleted.:wave

 

No longer installed. What does it mean "designed to be run with supervision"? This is my personal home pc, not networked, not wifi-ed. I don't even no what ComboFix is but apparently I ran it as some time in the past. Plus I notice it's mentioned on your website.

 

Ok, but ComboFix is attempting to run without being asked and before appearing on my Desktop. It is requesting antivirus and Microsoft Security Essentials be disabled and closed my browser without being asked. It seems that it will not appear on my Desktop until it finishes whatever it is doing. Do you think it is safe to let it run?

 

What I'm trying to describe, but not very well, is that ComboFix appears to be not merely extracting files and installing itself, but appears intent on running without being asked. Little scary. Ok, I'm a wimp.

 

The downloaded ComboFix.exe file was run.
During file extraction, it
a) advised to disable antivirus and MSE which I did,
b) asked if I wanted an updated version which I declined,
c) logged my browser (Firefox) off and in doing so somehow changed my default browser from Firefox to IE,
d) without permission "Attempted to create a new restore point" (i assume that was successful),
e) without permission "scanned for infected files" (~20minutes),
f) updated the c:\Qoobox file tree, and
g) generated a ComboFix.txt reporting successfully completing scan (hidden files: 0), removing some orphans, locking some registry keys, and a bunch of stuff I don't understand.

However, the uninstall script does not run because no ComboFix folder was generated in Desktop or anywhere else that I can find and I have "Display hidden files? selected.
So the C:\Qoobox folder is still there and undeletable.
Maybe I should have accepted the updated version...?...whadya think?

 

Hmm, I've long since set a custom folder for all downloads to go rather than the typical default location - %userprofile%\desktop\ComboFix..
Is the reason ComboFix has left no trail? rolleyesDuh?:-o
Should I change that and repeat?

 

Yes, you did tell me that. What you did not realize is that I did not know that had to be accomplished manually.

However, what I went ahead and did while waiting was to move the downloaded ComboFix.exe file to %userprofile%\desktop...I assume %userprofile%\desktop in my case really means C:\Documents and Settings\me\Desktop. Reran the .exe file, was not given the opportunity to use the upgraded version this time. All else remained the same: no folder left behind by ComboFix for the uninstall script to find.

I then changed my default download location to C:\Documents and Settings\me\Desktop, re-downloaded to that location, reran, same results. Nothing left behind for the /uninstall to find.

ComboFix is not installing; it extracts, runs, generates both a Log Report and an undeletable C:\Qoobox folder, opens the Log Report for you, and disappears. There is nothing to uninstall because it doesn't install.

You wrote that
ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.In no instance has that happened. The utility asks me to wait while the Log Report is generated, then disappears, and the report launches in notepad.

 

You keep using the word desktop; that is an ambiguous term. The short cut <Windows-D> brings up my desktop whereon lies a shortcut to the ComboFix.exe file located in the C:\Documents and Settings\John\Desktop folder. Nothing has yet to disappear from either my desktop nor from that folder.

R-clicking on C:\Qoobox folder in Explorer launches a popup dialogue box reading:
"Cannot delete BackEnv: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."
Any attempt to change attributes of this folder or its contents yields "Access denied."

No message re permissions; i run with Administrative permissions.

 

MGtools.exe appears to have hung up at "Running analyze.exe" but the attached zip file has appeared in root directory.

Trendmicro Hijack This is trying to send home an error report...is Hijack This part of MGtools I hope?

I notice my Recycle Bin is empty; that ain't right. :-(

 

C:\MGtools\nwktst: No error messages.
C:\MGtools\GetRunKey: No error messages.
C:\MGtools\ShowNew: No error messages once I disabled antivirus.
C:\MGtools\analyse: No waiting this time!-)
C:\MGlogs.zip attached.

 

Ok, log is attached.

 

The C:\ComboFix folder has disappeared.
The execution file, ComboFix.exe, has disappeared from the C:\Documents and Settings\John\Desktop folder
and
the desktop shortcut to it has disappeared.

However, the C:\Qoobox folder with subfiles still exists and is still undeletable: popup dialogue box reads:

"Error Deleting File or Folder
Cannot delete BackEnv: Access is denied
Make sure the disk is not full or write-protected and that the file is not currently in use."

 

Yes, I saw that "fix" while googling the problem before posting here on Majorgeeks. That procedure does not work in XP where when you r-clk on a folder, select Properties, the only tabs you get are General, Sharing, and Customize. No Properties Security tab.

 

Alright, looks like you got her done.

C:\Qoobox folder is gone, moved into the OTM\Movedfiles folder which I was able to delete.

Do I have permission to remove the slanderous words "and deservedly so" from my op?