Combo Fix Deleted Everything

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rimytose, Jan 24, 2010.

  1. rimytose

    rimytose Private E-2

    I was having an issue on my PC, specifically the google search redirect issue that others have had and read some info regarding using combo fix which I downloaded and ran.

    After running Combo Fix I come back to windows finding that Combo Fix had deleted my entire Start Menu(all I have is the Startup folder), my entire desktop, my entire My Documents folder, and all of the music I had on my computer.

    I tried to go back to an old system restore point but it did absolutely nothing. I had very important school files lost because of this program and I specifically remember Combo Fix making a restore point before it started the process.

    How do I go back and restore what I have lost? On a side note how can this program think that every file on my computer was needing to be deleted? I don't understand how something like this can even happen. What is overall point of combo fix and why did it delete all of the stuff that I had?

    I have attached a zip file with the combofix.txt because my combofix log is 1.5MB and cannot be uploaded in text form to these forums.
     

    Attached Files:

    rimytose, Jan 24, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes this is a recent bug that just appeared with ComboFix.

    Get the C:\QooBox\ComboFix-quarantined-files.txt and attach it here so we can attempt to work up a fix to restore everything. We will need to use ComboFix to restore everything so we will have to restore it to since this bug has deleted ComboFix.exe from the Desktop too (or from whereever it was run).
     
    chaslang, Jan 24, 2010
    #2
  3. rimytose

    rimytose Private E-2

    Ah yes I have been seeing something about this in some other help forums. Here is the zip file with the quarantine log in it.

    Thank you for the speedy reply.
     

    Attached Files:

    rimytose, Jan 24, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Hang on while I workup a fix. In the meantime, see if you can copy the below file:

    C:\Qoobox\Quarantine\C\Documents and Settings\Nicole Henry\Desktop\ComboFix.exe.vir

    back to

    C:\Documents and Settings\Nicole Henry\Desktop\ComboFix.exe


    So that ComboFix.exe is on your Desktop. Tell me if you can do this and does the ComboFix icon show on your Desktop.
     
    chaslang, Jan 24, 2010
    #4
  5. rimytose

    rimytose Private E-2

    I have copied the file back and removed the .vir extension and I have what I think is the Combofix logo. It is a red circle with a tiger looking face in the center.

    I would assume this is the icon that was there before but I didn't really look at the icon previously. But yes there is an icon there.
     
    rimytose, Jan 24, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not need to. The fix I would give you would have done this. Did you copy everything back from the below two locations and remove the .vir from all? Did you do all user accounts?

    C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile
    C:\Qoobox\Quarantine\C\Documents and Settings


    Yes that is it.
     
    chaslang, Jan 24, 2010
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay, just to be safe and cover all user accounts. Do the below!

    NOTE: This fix only applies to this user! It will definitely not work for anyone running Vista or Win 7 so do not attempt to use this fix if you are not the user who created this thread.




    Now we need to use ComboFix to restore files. This will only restore, it will not delete anything.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, tell us how things are looking. You should check each user account.
     
    chaslang, Jan 24, 2010
    #7
  8. rimytose

    rimytose Private E-2

    I only moved the combofix file. Everything else is still in the Qoobox folder waiting to be moved around. What is the fix that has to be run?

    Disregard the above, didn't see the fix posted until just now. Reading it and will be following it through and will post my results after.
     
    rimytose, Jan 24, 2010
    #8
  9. rimytose

    rimytose Private E-2

    Here is my main problem:

    I am having issues shutting down AVG. I do not see any Disable features for the AntiVirus or Anti-Spyware components.

    I also do not have the resident shield up in the AVG UI for some reason which I can't seem to disable. I am tempted to run the fix with it running, or just manually terminate all the AVG processes in the Task Manager, but I am not sure which way to go. Your thoughts?
     
    rimytose, Jan 24, 2010
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you cannot get AVG disabled, run the fix anyway. An alternative would be to run the fix in safe boot mode where some aspects of AVG may not be loaded.
     
    chaslang, Jan 24, 2010
    #10
  11. rimytose

    rimytose Private E-2

    I am running the fix right now, luckily I have another PC to check out this forum while I wait.

    Should the combo fix window that popped up seem to be doing the exact same thing it did the first time even after I did the drag and drop of the CFscript.txt?

    Right now it says it is scanning for infected files. Is it supposed to do this or is it supposed to just recover all of the things it did before, I am confused at the moment.

    Update 1: I will also add that after dropping CFscript.txt into Combofix.exe it has also disappeared from the desktop.

    Update 2: Well I guess it is doing it's thing, because as I write this some of the desktop icons seem to be coming back so hopefully I can get the files I need back and then try to fix my previous issue with the PC.
     
    Last edited: Jan 24, 2010
    rimytose, Jan 24, 2010
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it should just be restoring and the will quit and reboot. It could take quite a while to copy everything back. Just be patient. ;)
     
    chaslang, Jan 24, 2010
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds