All Files gone after combofix, Spyware is still here!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by niktsk, Jan 26, 2010.

  1. niktsk

    niktsk Private E-2

    I removed all the files I could with MBAM. It removed a rogue antispyware.
    I ran AVG rootkit detector, and it didn't detect anything.
    I Combofix and it said it detected some rootkit activity and needed to restart. As it was about to restart, a message came up, counting down from 60, saying the computer was going to shut down. Combofix restarted the system before the countdown was complete.
    After the restart, all of my documents and desktop and start menu were gone.
    I looked on here and downloaded a fix, and now all the files are back.

    After all files were back, I ran another search with MBAM. Quick search detected nothing. Full search detected some things, I'm attaching the log.
    After this, I ran Mgtools and I'm attaching the logs.

    After this, I am still getting google redirects.
    Please tell me what you think I should do.
    I am currently running SAS.

    Thanks.
     

    Attached Files:

    niktsk, Jan 26, 2010
    #1
  2. niktsk

    niktsk Private E-2

    SuperantiSpyware removed some things but the re-directs are still there. Hosts file seems fine.
     
    niktsk, Jan 26, 2010
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes as you have noticed, there was a bug in ComboFix from a couple days ago. It has now been fixed and a tool has been released to aid in restore files that should not have been removed. Also there were some issues with permissions that developed from this. The below procedure and new tool will automatically fix it and permissions problems.

    Download the new fixed version of combofix.exe and save it to your Desktop. DO NOT RUN IT YET!!! Just make sure you have the new version downloaded and saved.

    Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe

    You should be able to run it from any location but save it to your Desktop if possible. As long as Qoobox has not been tampered with, the tool shall be able to automatically do the below.
    • restore all the required files/folders
    • restore the perms
    • set the correct attributes for desktop.ini
    Now run the CFDQ-UsrPrf.exe program by double clicking on it.
    • Immediately after you run it, YOU MUST NOT reboot your PC. Don't do anything else but continue on with the below..
    • Now immediately run the new version of ComboFix that you saved to your Desktop earlier. This should cause a reboot of your PC after running if malware was detected and removed.
    • After reboot attach the C:\combofix.txt log.
    • Also please run the MGtools.exe program as specified here:Using MGtools Then attach the requesetd C:\MGlogs.zip file
    • (See: HOW TO: Attach Items To Your Post )
    Now tell us how things are working.
    • Do things seem to have been restored?
    • What malware problems are you having?
     
    chaslang, Jan 26, 2010
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds