ComboFix deleting Bug!

Jaden · Jan 24, 2010

I just used ComboFix to get rid of numerous trojans and rootkits that were hiding in my sisters computer. However, after I finished I found that ComboFix had deleted most of the files in the documents and settings folder (Including Desktop). I then system restored to a earlier point only to find that some of the desktop items were restored, but none of the documents. I will be attaching the log file as soon as I'm sure its clean to avoid giving you guys anything that might have been on my sisters computer. (Currently scanning with SuperAnti-Spyware and Anti-Malware)

Thanks! Been lurking quite a bit on these forums and you guys certainly know what you're doing.

chaslang · Jan 24, 2010

See what was requested here: Combo Fix Deleted Everything

Do not attempt to restore anything on your own. Make no more changes to your PC. Just get us the De-Quarantine file so we can make a fix. Also get the ComboFix.exe file out of the Quarantine and back onto your Desktop.

Jaden · Jan 25, 2010

Heres the log! Hope you can fix this. Also I got the ComboFix exe out of Quarantine and back on the desktop.

chaslang · Jan 25, 2010

Okay a fix for ComboFix has come out also a tool has been made to automatically fix the problems caused by the previous version. Please follow along with the below.

Download the new version of combofix.exe and save it to your Desktop overwriting the one you just copied there. DO NOT RUN IT YET!!! Just make sure you have the new version downloaded and saved.

Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe

You should be able to run it from any location but save it to your Desktop if possible. As long as Qoobox has not been tampered with, the tool shall be able to automatically do the below.

restore all the required files/folders

restore the perms

set the correct attributes for desktop.ini

Now run the CFDQ-UsrPrf.exe program by double clicking on it.

Immediately after you run it, YOU MUST NOT reboot your PC. Don't do anything else but continue on with the below..

Now immediately run the new version of ComboFix that you saved to your Desktop earlier. This should cause a reboot of your PC after running if malware was detected and removed.

After reboot attach the C:\combofix.txt log.

Also please run the MGtools.exe program as specified here:Using MGtools Then attach the requesetd C:\MGlogs.zip file

(See: HOW TO: Attach Items To Your Post )

Now tell us how things are working.

Do things seem to have been restored?

What malware problems are you having?

Jaden · Jan 30, 2010

Everything seems to be restored to where it was supposed to be. Thanks for the help!

Also, here are the log files, the reason I ran combofix was to get rid or at least point me to where a rootkit was hiding on my computer. If you could see if anythings still there, I'd be grateful.

chaslang · Jan 31, 2010

Since your logs do show infections, I suggest that you run our full cleaning process given in the below link. Just skip the part with ComboFix since it was just run. However you will need to re-run MGtools again at the end so that we have more current logs the represent the current state after the rest of the cleaning procedure has been run.

READ & RUN ME FIRST. Malware Removal Guide

You should be attaching logs from the below:

SUPERAntiSpyware

Malwarebytes

RootRepeal

MGtools

Log in or Sign up

ComboFix deleting Bug!

Jaden Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Jaden Private E-2

Attached Files:

ComboFix-Q.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Jaden Private E-2

Attached Files:

logNew.txt

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member