Combofix will not run / locks up

Kestrel13! suggested i post a new thread here, and link to a previous thread.

http://forums.majorgeeks.com/showthread.php?t=227754

The problem is this. I thought i had an infected machine because of a link i clicked on. I have used Combofix in the past with excellent results, so I decided to try it this time.

It locks up. Combofix will start, and when it gets to the screen that says "times may easily double on a badly infected machine," it never goes past that.

Kestrel walked me thought malware removal, and we never found any infections on my system.

when I run the repair console and FIXMBR it says i have an un-standard version of the MBR. however when i run rootkit it says my MBR is fine.

Kestrel suggested that maybe another one of you might have an idea as to why Combofix locks up, and what I can do. If you read the other thread you will see where we have been and what we've done.

thanks

 

Yes, I agree. My thoughts are than if I had an infection she would have found it. But since she didn't find one what could be causing combofix not to run?

Can you think of anything? Some program that, while not malware or an infection, is causing combofix to lock up?

thanks for any suggestions!
-amos

 

I disabled it, but i didn't uninstall it. I"ll try that now.

Also, I was unaware of those issues. I've been using AVG but it seems to slow down my booting so much (older computer, celeron 1.5G, 2GB ram)

I'll post back in a bit.

 

no luck, it still locked up. this time i left it for 30 min to see if it might do something, but no.

i'm downloading AVG now, based on your info about clamwin. thanks.

any other ideas about combofix locking up? i thought about trying an older version if i could find one, just to see if it ran. i thnk the last time i used it on this box (with success) was about 6 months ago, maybe a bit more.

 

well, i tried both of those. they seemed to be doing a lot, but i don't guess there was a report.

still no go on combofix or mgtools. i guess you're right, i should just forget about it.

question... if i decide to do a clean windows install the disk i have is the one that came with the computer. toshiba recovery disk. will that wipe the MBR or should i do something else (like fdisk) before i run the recovery?

thanks for all your help.

 

by the way, i installed AVG and ran its scans.
it found 3 items in the rootkit section.

"Warning";"IRP hook, \FileSystem\Cdfs IRP_MJ_FILE_SYSTEM_CONTROL -> tfsnifs.sys GetSystemType+0xCA0A";"C:\WINDOWS\system32\dla\tfsnifs.sys.rmv";"N/A";"12/5/2010, 8:13:48 AM"

 

wow emma i thought you'd given up on me. welcome back.

ok i have a strange situation.

i tried the GMER as per the linked instructions. the scan ran for EVER and finally locked up. the window said "not responding."

so i had to do a cold boot. when i did, windows took another forever to boot. i gave up and booted to safe mode, which worked a bit slow but ok.

my guess was that the temporary file that GMER was in the process of creating somehow is attempting to be loaded into memory, and overwhelming my system. from safe mode i ran disk cleanup, and cc cleaner. then i booted to windows. it FINALLY will get to windows, but it takes 10 minutes or so.

currently i'm executing sfc /scannow,

do you have any ideas? looks like i broke it this time.

 

hi again,

ok i've got it booting again. it's still slow, but not as bad as it was.
i ran cc-cleaner, reset my page file and hibernate file. (actually i disabled hibernation for now). page file is system controlled now. and i uninstalled AVG.

it runs slow, and applications sometimes lock up. if i didn't know i had 2gb of ram, i'd think it needs more. but it has 2gb, 2 1g sticks, and it's topped out.

it says i have 1.87gb, but the ram is shared with the video.

the boot is better, but it still drags as the little animation moves across the screen (winxp home). sometimes the animation stops. it didnt do that before.

i was trying to run the GMER scan when it locked up. is there some file GMER would use that was terminated incorrectly? something i can delete?

thanks

 

hi tim,

i've never gotten MGtools to run without locking up.

Here's what I was able to get, though. The first file MGLogs1.zip is the result of the executable (which runs getrunkey.bat after extracting files).

getrunkey never finishes, it just sits there forever (ironically after it instructs me to wait for the file to finish).

based on Kestrel's instructions from the other day, i also ran shownew.bat. the resulting output is attached as MGlogs2.zip

thanks for any help.

by the way, based on advice from the others here and results from the scans i've done, it must not be malware. but this slowness is pretty bad. in case you didn't get this part, it occurred when i had to do a cold boot when GMER locked up. it appears to have something to do with my hard drive. when it's doing that, taskmanager shows my cpu usage between 98 and 100%. the processes tab doesn't show anything using excessive cpu. system idle processes is between 92-99%. but until the hard drive stops churning the system is PAINFULLY slow. just moving the mouse across the screen is slow.

i've cleaned out all the temp files, including java's temp. and currently i've uninstalled my antivirus (just a temporary measure). it's a bit better, but still slow as i've described. the first time rebooting after the GMER lockup the windows "moving boxes" or whatever you'd call them moved really slowly, and even stopped. it took 10 min or more to even boot. safe mode was a little better.

i turned off virtual memory, deleted the pagefile and then restarted it (in case it was corrupted). windows tells me my recommended size is 2877mb, so i have it as a static 2877mb size (custom size, min 2877, max 2877).

although the drive is small (55gb) there's over 19gb free.

thanks