Combofix quarantined administrative tools and other system files

Discussion in 'Malware Help (A Specialist Will Reply)' started by rayzor495, Mar 13, 2010.

  1. rayzor495

    rayzor495 Private E-2

    I followed the Malware user guide for Windows XP on my Fujitsu P1510 laptop and after running combofix, I've lost all personal documents and many windows files/folders/programs e.g. administrative tools. I've noticed they are in the Qoobox quarantine folder.

    I read that you're able to help restore the files. I'm attaching my log file!

    Thanks,
     

    Attached Files:

    rayzor495, Mar 13, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The below procedure with a new fixed version of ComboFix and new tool to repair the damage should automatically fix it and permissions problems. You should not have been running an older version of Combo!

    Download the new fixed version of combofix.exe and save it to your Desktop. DO NOT RUN IT YET!!! Just make sure you have the new version downloaded and saved.

    Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe


    You should be able to run it from any location but save it to your Desktop if possible. As long as Qoobox has not been tampered with, the tool shall be able to automatically do the below.
    • restore all the required files/folders
    • restore the perms
    • set the correct attributes for desktop.ini
    Now run the CFDQ-UsrPrf.exe program by double clicking on it.
    • Immediately after you run it, YOU MUST NOT reboot your PC. Don't do anything else but continue on with the below..
    • Now immediately run the new version of ComboFix that you saved to your Desktop earlier. This should cause a reboot of your PC after running if malware was detected and removed.
    • After reboot attach the C:\combofix.txt log.
    • Also please run the MGtools.exe program as specified here:Using MGtools Then attach the requesetd C:\MGlogs.zip file
    • (See: HOW TO: Attach Items To Your Post )
    Now tell us how things are working.
    • Do things seem to have been restored?
    • What malware problems are you having?
     
    TimW, Mar 13, 2010
    #2
  3. rayzor495

    rayzor495 Private E-2

    Thanks Tim,

    Before I follow the instructions, I should mention I created a new admin login (ran Kaspersky AV to clear out trojans) and can only get into the login called "administrator" in safe mode. It doesn't show up on normal boot of the laptop.

    I'm worried that I should be logged in as the user where I orginally ran combofix for it to restore files correctly. Can I run in safe mode?

    I was using the most up to date combofix at the time. Just didn't post this straight away. The next day I noticed combofix was taken down for a bug fix.

    Thanks very much for your prompt reply to my first post.
     
    rayzor495, Mar 14, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, you should be in the same user account as that when you ran Combo the first time. If you can't do that in normal mode, go ahead and try doing it in safe mode.
     
    TimW, Mar 14, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds