Trouble with ComboFix

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mink_the_latter, Mar 24, 2008.

  1. mink_the_latter

    mink_the_latter Private E-2

    Hi,
    Had some trouble with ComboFix. I followed the guide here - http://forums.majorgeeks.com/showthread.php?t=139313 - closely, and when ComboFix had done its thing, it re-booted. Now it shows the "windows xp loading" screen, then there's simply a black screen with a cursor. The cursor works, but that's all. If I try safe mode, it's the same, only with "safe mode" written at the top and bottom. I can't access anything at all.
    Any ideas?
    Michael
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Sorry to hear of your problems with ComboFix. Exactly what were the problems?

    Have you tried booting to Last Known Good Configuration? See: http://support.microsoft.com/kb/307852
     
  3. mink_the_latter

    mink_the_latter Private E-2

    Thanks for the reply. I can't use the computer at all, it appears to boot ok, then as I said there is nothing displayed apart from the cursor. No keyboard shortcuts work either.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But did you try booting to Last Known Good?

    I'm now expecting that it may not work either as another user has mentioned the exact same problem as you are having after running ComboFix. This is rather troubling since we use this hundreds of times per week without this happening. You can see by reading some of the threads that other people are not having this problem.

    However as a safeguard, we have now pulled ComboFix from the READ ME. We are worried about 2 possible issues:
    1. a new version of ComboFix possibly having a bug. This seems unlikely since so many are using it without a problem
    2. a new type of malware has arrived and could be infection key system files and when ComboFix removes the infected files, your system can no longer boot. This seems more likely since you would not expect everyone to have this malware issue in common yet.
    What were you doing and where were you surfing just prior to your malware problems beginning? Also what problems did you experience after the malware showed up?


    Do you have a copy of your Windows XP on CD? That is it needs to be a bootable CD not recovery CD?
     
  5. mink_the_latter

    mink_the_latter Private E-2

    Tried booting to all the options, including LKG. It's my girlfriend's machine and she received an email about a week ago. She didn't know the sender so clicked on it to mark as junk. It had an attachment she didn't open, but the message said, "you've just opened a virus" or something like that. She figured it was a joke, but deleted it from the junk folder anyway. Other than that she hadn't been doing anything unusual beforehand - facebook and youtube mostly. The only obvious symptom was a hijacked home page. Ad Aware found nothing, and Spybot only a couple of things, but the home page problem stayed. Then I found my way to Major Geeks, and followed the steps on the "malware removal" page.
    I do have the XP cd, and I figured by re-installing to C:Windows (without formatting) that may get me running well enough to save the stuff, then reformat. Does that sound like a reasonable way around this?
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes and we are sorry that it turned out like this which is quite unusal. :(

    Well there are two options and the first would less destructive:
    1. http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech this often works very well and gets you back to a point with fewer overall changes to your system. That is assuming that the problem is only due to registry corruption.
    2. Then there is a rebuild option. See the below link:
    Let us know if either of these help.
     
  7. mink_the_latter

    mink_the_latter Private E-2

    Tried the rebuild option and it didn't work at all. Got fed up and I ended up re-formatting after copying the entire drive to another computer. It needed it anyway I guess.
    Thank you very much for your help and support!
    Michael
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry to hear you had to format. We do know that a restore of the registry backup made by ComboFix would have work and using the Microsoft option to repair the registry should have made it possible to get to the ComboFix backup at some point. However since you have formatted, you should have a nice clean system. It would be a good idea to work thru the below to help you avoid future malware problems:

    How to Protect yourself from malware!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds