ComboFix made itself as root drive?

brassrat · Mar 9, 2011

Hi all--like a moron, I tried to run ComboFix just for grins. I had Trend's OfficeScan running at the same time, and I didn't let ComboFix complete because I was really only using it to download Microsoft's recover console. I know, I know, really big mistake. Anyway--when I use the Explore function from Windows XP, Combofix now shows up as a "subdirectory" of my C: drive. The icon is the "My Computer" icon and, for all intents and purposes it looks like this "directory" is actually a complete mirror of my entire C: drive.

A very few things are messed up at this point: 1) The search function now runs endlessly and returns about 10 results for every file actually found; 2) Windows Update can no longer apply all of the Office patches, and the Office repair function doesn't work properly (for what it's worth, the installation log shows "Chained install return code: 1635"; 3) Windows Restore no longer restores to an earlier save point (even well before ComboFix was partially run).

Any help for this would be appreciated, although I confess I'm not expecting miracles nor do I deserve them.

--Mark:confused

TimW · Mar 9, 2011

This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

brassrat · Mar 9, 2011

Hi Tim--Also like a moron (more because I forgot), I ran ComboFix from a directory with my "My Documents" folder. Should I run the uninstall from my desktop? Run it from within My Documents? Or just give up and remind myself that I re-learned a valuable lesson? Thanks!

Best,
Mark

TimW · Mar 9, 2011

You need to open My Documents and slide ComboFix directly onto your desktop.

brassrat · Mar 9, 2011

All righty. I'll give it a try! Let you know how it works probably tomorrow. Have imaged my HDD as it is just in case...

TimW · Mar 9, 2011

It's a pretty simple thing to do as far as moving Combo onto the desktop. Then just run the script I gave you and it should remove all traces of Combo and restore any changes that Combo made to your system. Let me know how you get along with that.

brassrat · Mar 9, 2011

Hi Tim--yeah, I know it's simple. But since this is my work computer (you dont think I'd mess around on my *home* computer, do you?) I first have to make a UBCD4Win boot disk because I can't stop Trend OfficeScan--it's password-protected. After I do that, I think I'm going to re-image my drive because the last image is already a few days old. Since that will take a couple of hours I'm going to do it when I get home tonight. Stay tuned!

Best,
Mark

brassrat · Mar 9, 2011

Oops, forgot that I can disable my anti-virus program from msconfig. So I'll do it that way, won't need a boot disk but I still want to re-image my drive.

TimW · Mar 9, 2011

Just let me know when you have finished.

brassrat · Mar 11, 2011

Woo-hoo! It worked! Thanks a million!!

TimW · Mar 11, 2011

Good to know. And you are welcome. Safe surfing.

Log in or Sign up

ComboFix made itself as root drive?

brassrat Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

brassrat Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

brassrat Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

brassrat Private E-2

brassrat Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

brassrat Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member