ComboFix named all files *.vir

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dkingery, Jan 25, 2010.

  1. dkingery

    dkingery Private E-2

    I fix computers. I have used Combo Fix on 1000~1200 or so computers. Never had an issue till now.

    as ComboFix was running I noticed it was deleting files, lots and lots of files. kind of un usual, as these files wore in the documents. after about 20~30 min I decided to kill combofix. I checked and found much of the customers data gone.


    I see all the other posts about file deletions, and I have done the "CFscript.txt" fix as referenced in the other posts. this returned much of the data, however a lot of files still have the ".VIR" extension, with well over 13,000 files, it shall take me a week and 2 days to rename all this.

    does anyone have a simple batch file that can remove the ".vir" leaving the original extension?
     
    dkingery, Jan 25, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    The ComboFix program bug has now been resolved and a new version is available. Also an automatic fix tool has been created to restore what it removed. The procedure is as follows which should restore the file and fix permissions that were modified due to deletions. Note that the repair tool is only able to be run once.

    Download the new version of combofix.exe and save it to your Desktop. DO NOT RUN IT YET!!! Just make sure you have the new version downloaded and saved.

    Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe


    You should be able to run it from any location but save it to your Desktop if possible. As long as Qoobox has not been tampered with, the tool shall be able to automatically do the below.
    • restore all the required files/folders
    • restore the perms
    • set the correct attributes for desktop.ini
    Now run the CFDQ-UsrPrf.exe program by double clicking on it.
    • Immediately after you run it, YOU MUST NOT reboot your PC. Don't do anything else but continue on with the below..
    • Now immediately run the new version of ComboFix that you saved to your Desktop earlier. This should cause a reboot of your PC after running if malware was detected and removed.
     
    Last edited: Jan 25, 2010
    chaslang, Jan 25, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds