Problem after running Combofix

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by thomsonir, May 22, 2008.

  1. thomsonir

    thomsonir Private E-2

    After taking all prior :(steps in malware removal tutorial, I ran combofix. My machine rebooted to the log in screen. Logged in as myself, but computer is frozen with an empty desktop. Tried rebooting to "last known good configuration" and in "safe mode" but neither was successful. Please help.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Is it truly frozen or are things happening? Like does it sound like hard disk activity is going on. It can take a while for ComboFix to prepare its log after the reboot. If you interrupted it you can cause problems. Can you bring up Task Manager (CTRL-ALT-DEL)?

    Can you get access to any of the previous logs?
    Can you boot up int Safe mode with command prompt?
     
  3. thomsonir

    thomsonir Private E-2

    Thanks Chaslang,
    It is truly frozen. Left it on for a few hours before bed. No HD activity evident. I don't think (I hope) I interrupted anything the first time I logged back in but I just gave it a few minutes at the "frozen" screen. Didn't hear HD activity.
    I can access Task Manager, which shows no tasks ongoing. It mentions 39 or so processes in the bottom left, or 17 processes in Safe Mode. Minimal, 1 - 2 % CPU activity.
    I cannot access Safe Mode, with or without command prompt. In safe mode, I get a black screen with "Safe Mode" in all four corners. In "normal" mode I just see the background picture that I normally use for my desk top.
    Don't think I can access logs without getting back into Windows.
    Thanks again.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    So do you mean you can get to Task Manager in both Normal Boot and Safe Boot modes? That's what this seems to imply.

    You just said above that you can get to safe boot mode and access task manager and you also say below that you are are getting into safe boot mode and showing the safe boot logo's in each corner. You need to be very explicit. Saying you cannot access safe boot mode means that your PC does not boot up at all in safe mode. You are booting and you are logging in apparently? Which user account are you logging into? Have you tried using the Administrator user account? I need to know exactly what you can and cannot do. Are you sure that you cannot boot to Safe Mode with Command Prompt? What exactly happens?

    So thus you are able to boot to some level in safe mode.....correct? And does Task Manager work in safe boot mode?


    Do you have floppy disk drive and or a USB drive? Files may be copied using Task Manager to open a command prompt window and copying them to the floppy or possibly to the USB drive.

    Please see if you can run System Restore from a command prompt. See the below:

    http://support.microsoft.com/kb/304449
     
  5. thomsonir

    thomsonir Private E-2

    Hello Chas,
    Thank you for your patience. Please forgive my lack of clarity in describing the initial problem. That was that when booting either normally or in safe mode, the process stopped at an empty desktop. No start button, no icons, but working mouse and the ability to access Task Manager by pressing Ctrl-Alt-Del.

    I was not able to access the command prompt version of safe mode...just the blank desktop. However, using Task Manager I was able to browse to the system restore command. I have successfully restored the system to the set point created by Combofix prior to its running. I looked for the file c:\combofix.txt but it does not seem to exist.

    I am delighted to have restored the system. I remain with the problem I started out to fix. That is to end the battle for my search engine between Google (my default) and Yahoo! (the malware source I believe). This results in endless notifications about attempts to change my search engine that are making me crazy.

    I am sure you remain interested in the problem I encountered with combofix. I would be happy to send you any further information or logs that you might require, or to run the tool again.

    I am sold on Major Geeks as the best forum for dealing with computer problems. Your tutorial was very easy to follow and worked flawlessly until.....

    Thanks again...
    irt
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay please skip any further use of ComboFix and attach the logs from SUPERAntiSpyware and Malwarebytes Anti-Malware that were to be run before using ComboFix. Then complete the instructions for MGtools and attach the MGlogs.zip file from it.
     
  7. thomsonir

    thomsonir Private E-2

    Hi Chas,
    Here are the logs you requested. Many thanks.
    irt:)
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not seeing any real malware issues. What was the reason for you running the READ & RUN ME to begin with.

    I do have a one item I suggest that you do. It was requested in step 1 of the READ ME.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
    Search Settings

    Then reboot your PC.

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    If you are still having some kind of malware problem, please tell us exactly what it is.
     
  9. thomsonir

    thomsonir Private E-2

    HI Chas,

    Thank you for the tip about the Java Updates. I had also, in checking my work, noticed that I had omitted that step because I misread it. I have since removed all Java Updates and reinstalled the latest version. This has not solved my problem, which is described below.

    The problem is related to my default search settings. Google is my default. As my task bar is loading, I get repeated "Search Settings Notification"s that "A program was blocked from changing your default search settings. Click to change your notification settings" alternating with "Search Settings Warning"s that "A program is making repeated attempts to change your default search settings. Click here to stop this program from making more attempts". However, the dialogue box that comes up does not provide a permanent solution to this problem, although it may go away temporarily. If I allow the change, then my search engine is changed to "Yahoo" from "Google". So I suspected that malware from Yahoo was possibly the culprit. However, MacAffee and Ad Aware do not detect any problems with my system. That is why I turned to your tutorial.

    The good news is that my system is running like a top subsequent to my running through the tutorial, so I am delighted about that.

    Hope you can help with this irritant that has really gotten under my skin.

    Regards,
    irt
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you uninstall the Search Settings program as I requested in message # 8? This may be the cause of your problem.
     
  11. thomsonir

    thomsonir Private E-2

    Thanks for your patience Chas. I have removed "Search Settings" and my problem is resolved.:eek::eek: I feel embarrassed because I thought that I had removed it in the early stages of the tutorial when I ran through the extensive list of programs that should be removed. Either I failed, or it had more than one life.
    One final question before you close this thread. Super Anti Spy Ware left an icon in my Task Bar. Is this compatible with MacAffee, or should I just get rid of it?
    Thanks again Chas, you are terrific, and you have empowered me!
    Regards,
    irt
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Yes SAS is compatible with McAfee, however see my below instructions.

    If you are not having any other malware problems, it is time to do our final steps:
    1. You can uninstall SUPERAntiSpyware now.
    2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\cf" /u
        • Notes: The space between the cf" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\cf folder from combofix.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    8. Go to add/remove programs and uninstall HijackThis.
    9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    10. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    11. After doing the above, you should work thru the below link:
     
  13. thomsonir

    thomsonir Private E-2

    Thanks Chas,
    I did install combofix according to your instructions. However, I have already deleted the cf.exe file from my desktop and recycle bin. We did run combofix once, resulting in a failed boot operation that started this thread.

    Should I reinstall combofix according to instructions and then uninstall?

    Thanks,
    irt
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! Just delete any files you still see from it including the C:\QooBox folder if you still have it.
     
  15. thomsonir

    thomsonir Private E-2

    Thanks,
    I have completed the final instructions including setting a new system restore point. I had already run through the system protection tutorial. I am good to go. Many thanks!
    irt
    p.s. Do I unsubscribe now, or do you want to close the thread?
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    You can unsubscribe! We do not normally bother closing threads since only you or one of the admin/mod staff can post in your thread.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds