Combofixdeleted all my files

Welcome to Major Geeks!

You should not be running fixes given to some one else! Only follow instructions directly given to you.

A recent bug that just appeared with ComboFix is causing it to delete important files.

Get the C:\QooBox\ComboFix-quarantined-files.txt and attach it here so we can attempt to work up a fix to restore everything. We will need to use ComboFix to restore everything so we will have to restore it to since this bug has deleted ComboFix.exe from the Desktop too (or from whereever it was run).

We have already fixed several PCs where this problem has occurred.

Do not attempt to restore anything on your own. Make no more changes to your PC. Just get us the De-Quarantine file so we can make a fix. Also get the ComboFix.exe file out of the Quarantine and back onto your Desktop. If you don't know how to get this file back on to your Desktop, just tell us.

 

Are you saying you already ran a CFScript.txt with only the below in it? Was it exactly this fix?

 

Then you did not run exactly that fix since it would have returned them. Hang on while I look at your logs and give you a fix to run. Is ComboFix.exe on your Desktop now?

 

Okay then run the below and wait for it to finish running. Do not do anything else on your PC while running and make sure to close your browsers before running.


NOTE: This fix only applies to this user! It will definitely not work for anyone running Vista or Win 7 so do not attempt
to use this fix if you are not the user who created this thread.



Now we need to use ComboFix to restore files. This will only restore, it will not delete anything.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing
  ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad ( Click Start > Run, type notepad then press Enter ) and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall. Be patient. It can take awhile for all files
to restore. You will slowly notice things appearing on the Desktop. Wait for ComboFix to finish. It will show you a De-Quarantine log when it is
finished.


After reboot, tell us how things are looking. You should check each user account.

 

Attach the De-Quarantine log.

 

Please remember to attach logs! Yes this is a log from a De-Quarantine but it is the same as the last one

Give me a couple examples of files that are not being restored.

 

Re: Combofix deleted all my files

I need exact details. Give an example of a full filename and path. Your De-Quarantine logs shows the files from My Documents were restored.

Again, you must be specific.

You have hundreds of infected files in your quarantine and you don't want to restore these by mistake

 

Re: Combofix deleted all my files

According to the ComboFix-Quarantine log you posted back in message # 3, none of these were deleted by ComboFix as they do not appear in the log. Check it yourself and see if you see any of the folders or files you are mentioning.

 

Re: Combofix deleted all my files

Anything removed by ComboFix would be in its QooBox folders. Examples can be seen by looking at your log. You can see things from 2008 which you never cleaned up. Like the below

Code:

2008-02-07 15:26:05 . 2008-02-07 15:26:05           13,426 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\c72dzwnloader935.ocx.vir

Let's get some additional info. Please run the MGtools.exe program as specified here:Using MGtools Then attach the requesetd C:\MGlogs.zip file.

 

This log shows that the files and folder you mentioned were not removed by ComboFix; however it also shows that you did not run the DeQuarantine properly. It looks like you did not use notepad to make the CFScript.txt file. You must use note pad. Otherwise you get no line feeds and everything will appear on oneline to ComboFix and it will not restore the files.

 

That appears to be correct. Are you using left click of your mouse to drag the CFScript.txt file ontop of ComboFix.exe? What do you see happen when you do this? Is your antivirus and other protection software shutdown?

Try the fix in safe boot mode and see what happens.

 

Re: safe mode

Not true. According to your MGlogs.zip file they are there. For example, your My Documents files are list here;

C:\Qoobox\Quarantine\C\Documents and Settings\Kevin A Brownlee\My Documents

No! These are just text lists showing file dates, sizes, and MD5 codes.

 

They were in you MGlogs.zip file. Let's get a new log and see if they still show. They should all still be there since the DeQuarantine only copies files back. It does not remove them from the Quarantine. If they are missing from the Quarantine it would mean that something else ( a protection program or you ) removed them somehow. If the QooBox folder has been tampered with at all, there will be no way to properly restore the files.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\MGlogs.zip