What to do if ComboFix doesn't work(how to exit it)

I've just installed it and tried to run it but it won't start. Can anyone please tell me how to exit it without doing any damge to my PC:confused

It also turned off Windows Defender:confused

Please, HELP!

 

Hi angie20!
Welcome to Major Geeks!

Problems with Combofix aside from it resetting the time on some people's computers are rare. Can you go back to the restore point just before you installed Combofix? I don't know if this will work, but it would erase Combofix ever having been there. I'm not sure which operating system you're using, but System Restore can be reached in XP by going to Start / All Programs / / Accessories / System Tools / System Restore
check the box to return to a previous restore point and click on next. A calendar will come up and you can choose a restore point from the points that are highlighted, preferably one from just before you installed Combofix. Then allow it to run according to the instructions which will include an automatic reboot.

This may or may not work, depending on whether your computer is infected, but it's an easy solution for some problems like this one.

abri

 

Thanks a lot, it worked!

Now, about my problems. Thing is, I don't really know if my PC's infected because ALL the AV & Mal/Spyware scans so far showed it's clean.
I use Avast4Home for 2 months now and it's detected some infected files. To mention the threats in short: CV-2007-0038 in 'ani' file, JS:Feebs family in 'htm' file, twice MS04-028 JPG[Expl] in 'tmp' file which actually annoyed me the most 'cause I've been downloading a lot of pics from a website. I even contacted its owner but she claimed her files were clean. I've learned to scan every download(don't laugh, I'm sooo unexperienced), but few days ago when I opened my Windows Gallery, there was again an infected file, and what's WORSE, there were tons of TAGS I'D NEVER CREATED. It should mean sth has entered my PC or?

As of today, I had a false alarm of Win32:Trojan-gen, but I found a tracking cookie

I decided to try the MajorGeeks' variant for removal but I think now it's better to do some more scans, just to make sure what's wrong(if at all), is it a good idea?

Thanks again, for the help.

 

Hi angie!

I recommend since you had trouble with Combofix, that you simply do the other two, which would be AVG Antispyware and the MGTools.exe. It's very unusual for Combofix to give a user problems, but from your description I'm wondering if you might have a worm. If we can see the MGlogs.zip which is produced when you install MGTools.exe, it would give us a chance to simply see if there's anything obvious that you might be missing. MGTools doesn't remove anything. It's simply a diagnostic tool, in that respect, different from Combofix which actually fixes things.

In terms of archived data, like RAR files, the online scanner of BitDefender is really good. I'll post you the instructions for that and if you decide to do it (it's quite lengthy ... like an hour or two with a fast connection or 6 with dial-up) you should go ahead and make a log according to the instructions, because that would let us know more.

To run that scan do the following. Please note that you need to have Spybot's Teatimer disabled (right-click on the icon to find the place to disable it) and you have to run this particular scan with Internet Explorer with Active X turned on.

****NOTE**** DO NOT INSTALL Bitdefender's Antivirus program. Make sure you follow the directions below and run the ONLINE SCANNER only.


Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an ATTACHMENT

abri

 

:cry
As often happens with me, things don't work the way they should. I ran the AVG scan and it detected just 6 Trackingcookies.

Major problem with MGTools. I followed the steps one by one but sth goes wrong along the way. When I click on Disable UAC, it gives me a registry error, I click Yes but then the message says that NOT ALL DATA is successfully written to the registry and some keys are open by the systemrolleyes

I try to go on nevertheless, the scan runs but in the end I DON'T SEE the zip file, I only got some text document(attached), and nothing else.

Oh and sth like 'files' .bat are not recognized as a batch file?

It's confusing and I can't see what I missed or sth.
For example, I need to know when I choose Normal Mode should I Disable the Startup programs or not. I've done this so far without being sure...

Now I should thank u for the patience, it must be fun to read these posts of mine...

And my Operating system is Vista Basic Home, anyway.

 

Hi angie,
Sorry for the problems you are having. I don't think the registry patch worked correctly. Is your account an administrative account which allows for changes like the one to UAC? If not, you need to elevate your privilege so you can make the changes. I will get back to you, but let me know this information please.
Thanks.
abri

 

Hello again, abri!

I think sth is generally wrong so do you think it's a good idea to uninstall MGtools, then DELETE the MG Folder(tried, it says it can damage the system?!?) and start anew???
I did the procedure one more time(with the admin account) but STILL there was error message about the bat files, no zip file(though it said it was created), when I searched for it, in it there was just the file I sent earlier.
I don't wanna give up but as things go now, it's going nowhere...
I actually have 3 files from the newest run:
getunkey.txt
procdll.text
hijackthis.txt(NOT .log)
newfiles.txt from yesterday's run
but should I send them, if they're separate?

I've got a Q about CCleaner: is it safe to turn on the Advanced options when I have no clue what they are all about?

Angie20

 

Hi angie,
Your computer's responses are odd. I will ask for another opinion and get back to you. In the meantime, please upload the three logs you got as attachments to your next post. You will need to write some small message like here are the logs or something like that.
abri