ComboFix: Stuck on windows download

Hello,

In the "read and run me first", I have completed steps 1 and 2. For step 3, I have downloaded all files and run the first three tools/system scans (SAS, Spybot, MB). I am currently working on the ComboFix step

First, the computer was not connected to the internet when I began the ComboFix step. (I have downloaded all files on my good computer and used a memory stick to move the files to the bad computer.

Second, when I reached the questions regaring the Windows Recovery Console, they were asked out of order. (1. The recovery console was sucessfully installed, I clicked Yes to continue. 2. Combo Fix has determined that this machine does not have the windows recovery console, I clicked Yes.

Third, a pop up window informed me the computer was not connected to the internet and to not click on "ok" until the computer was connected.

Forth, I connect to the internet.

Fifth, The blue message box of combo fix has been stuck on the following text for about 40 minutes:

Please wait.
ComboFix is preparing to run.
File Downloader - Version 1.01 (build 7.4)
Dowloads a file from a HTTP or a FTP server.
Copyright <c> 2004, Noel Danjoy <webmaster@noeld.com>
Server: download.microsoft.com
Port: 80
Protocol: HTTP
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe:

Should I cancel ComboFix, system restore to an earlier point, connect to the internet, and begin again starting with the drag the file over ComboFix step?

Or, is it common for it to take several minutes / hours to get the download?

Thank you,
Jenn Bo

 

I need to add some clarification -
The system windows version: Windows XP Home SP2

 

After leaving the computer on the blue ComboFix screen all night, there was no change to the message in the blue screen (see my first post).

Steps I have taken:
- Exited ComboFix program; required a forced close from task manager
- Restored to the system restore point ComboFix created

I am currently:
Attempting to restore an internet connection; repair connection did not work. In an attempt to do this, I am going to the system repair point created by Malware, but I don't think this will help. We'll see.

The lost internet connection is probably what kept the ComboFix program from moving forward.

 

Forum manager: Please close out this thread. I will create another thread with my "read this" logs.

 

Read me finished; cannot repair ip address

Thank you for this forum. It has great instructions that I think are clear. I know your moderators help in their spare time (which, OMG, I will owe you for helping me). Let me know if you like coffee.

Current state:
1) Although I can connect to the home network by lan or wireless, I cannot get an IP address. I have completed all steps from the read and run me first instructions. There were some hiccups, so see the "story" if you want details.
2) XP still seems to be hanging up on random things, but I think some of this could be related to the files executing during startup (there are many).

Because of the hiccups, I have two sets of the SAS and MB logs. Both are attached to this thread.

Things I have done since completing the "read and run me first instructions"
- Ran repair connection from network connections
- Ran the "diagnose connection problems" from IE did not help. This tool upated the winsock. Seems it was unsuccessful.
- Inspected ipconfig - not that I know what to do with this, but at the beginning of the malware problem, I couldn't even run ipconfig. At least I can now run ipconfig, so I think that is an improvement.

The story:
As mentioned, I had some hiccups along the way, so this recap is in case you want to know the things I did.

The malware I managed to collect (there was a lot) ultimately crushed my ip connection. I could connect to my home network (with both wireless and LAN) but there was no IP address. There were two "blinking" icons in my task bar that basically persisted in warning me that I had a problem and offered to sell me a solution. (Thanks, but no thanks). I will say upfront that I am an idiot because this whole thing came from a link attachment in a facebook message that was admittedly not kosher when I opened up the message. Again, I am an idiot.

Step 1: smooth sailing
Step 2: smooth sailing
Step 3: Windows XP Cleaning Prodedure - fine until ComboFix. (Side note: all programs and update files were downloaded on "good computer" and transferred to "bad computer" with a memory stick.)

Combofix Issues: The first time through ComboFix, I was asked a couple things out of order from the guide/tutorial.
First: The pop up that begins "The Recovery Console was successfully installed..." came up; I selected "yes" to continue scanning.
Second: The other pop up that begins "Combo fix has detected that this machine does not have the "Windows..." came up; I selected "yes" because the guide/tutorial said to do so. Of course, I didn't have an internet connection at this time (still don't) so ComboFix wasn't able to do much.

After several hours (i.e., overnight), I finally exited the program and that's when things went crazy.
I was having trouble getting past the login screen of windows under normal mode; I never had a problem to get into the Safe Mode. Under normal mode, sometimes it would do nothing after I selected the user name; other times it would say that the preferences were being loaded, the background picture would show up and then nothing more. I couldn't get Ctrl-Alt-Del to work, so I unfortunately held down my power button to force sleep mode.
- I kept rebooting (generally holding my on button down because windows would lock up after selecting a user). I also tried creating a new user in safe mode, but couldn't log into that user either.
- From safe mode: I uninstalled ComboFix and deleted these folders (and files) C:\ComboFix and C:\cmdcons.
- I made it through a couple times loggins into normal mode, but I couldn't get ComboFix to run (the blue screen would pop up and then nothing).
- Finally, I just decided to go back to the beginning (thus two log files for SAS and MB).
- When I got to the ComboFix, I had the same out-of-order questions, but I answered the second one with "no" to tell the program to not install "windows recovery console". I was out on a limb, but the preceding pop up had just told me Recovery Console was installed. This time ComboFix worked.
- MGTools was not a problem.

Again, thank you for the help.

 

Re: Read me finished; cannot repair ip address

Log files: Set 1
SAS (2 files)
ComboFix

 

Re: Read me finished; cannot repair ip address

Log Files Set 2
mbam (2 files)
MGlog

 

Re: Read me finished; cannot repair ip address

So, the internet connection is fixed. In connections, under internet options, the proxy server box was checked. I don't have a proxy server. I'm not sure if it was the malware or another process I ran that checked this box - but that part is solved (whew!). Credit goes to my husband who saw the reference in firefox that said something about our network denying proxy.

I'm working through "how to protect yourself..." instructions right now to get myself some security!

I still would very much appreciate a review of the files to confirm my computer is scrubbed clean.

 

Hi Chaslang:

Thank you for the advice re: bumping.

I have completed the steps you requested and the files requested are attached:
- Remove windows messenger
- Fixed two items in MGTools
- Merged CFscript with combofix
- Run ccleaner
- Run MGTool logs

For my computer performance:
- All seems well. I have rebooted and restarted a few times and there have been no hangups or forced close of *.exe files (a symptom I had previously).
- Overall performance has improved. Previously, the system behaved as if a memory intensive program was constantly running in the background.

I am extremely grateful to the assistance you have provided.

I've still got some work to do in protecting my computer. I will follow the guidance in the "how to protect yourself..." post. My protection plan is:
- PC Tools antivirus (free)
- PC Tools firewall (free)
- SAS active spyware (purchased version)
- SpyWare Blaster (free)

Kind Regards,
Jenn Bo