Page 4 of 4 FirstFirst 1234
Results 31 to 40 of 40

Thread: Warning while running DDS.com

  1. #31
    Junior Member
    Join Date
    May 2011
    Posts
    26

    Default combofix running without console...

    Combofix asked me very politely to connect to the internet, but I couldn't, and the only dialog options after that were ok, then ok and now it is scanning without the console installed.. Is there a way for me to stop it, install the console and restart, or should I just let it run its course now?

  2. #32
    Junior Member
    Join Date
    May 2011
    Posts
    26

    Default going and going..

    Combofix is still running, I think. The only activity is a blinking cursor after the lines
    "[the scan] typically doesn't take more than 10 minutes.."
    "However, scan times for badly infected machines may easily double.."

    It's been 40 minutes now, no progress indicator, just the flashing cursor and I don't hear any disk activity.

    what next?

  3. #33
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    I would just reboot the machine if its been thats long. You can install the recovery console manually via the link i posted. you would need a internet connection. If you have a Windows CD/DVD look here to install the recovery console off the CD.
    It may just be easier to reformat and reinstall your Windows installation. We really arent making any progress as far as the malware goes.
    How Can I Reduce My Risk?

  4. #34
    Junior Member
    Join Date
    May 2011
    Posts
    26

    Angry Last ditch?

    Okay, let's try one more time, then I'll punt and reinstall XP..
    I appreciate your patience with me and all your help. It seems that no matter what instructions there are for any software any time, what looks like it will be straightforward usually isn't. Seems that's been the case for me.

    I installed the Recovery Console from my installation CD. When it restarted, I ran combofix again and got a dialog saying my demo had expired (?) and it would only use a limited amount of resources to do the job. It started up and proceeded to do things. i.e. did the registry backup, then got the "scanning for infected files..." notifications, then some other activity such as "completed stage_n". Then got to the screen saying 'preparing log report". It stayed there for quite a long time. The instructions say it takes a while, but not sure how long that is..
    So I rebooted, hard reboot again. Started in unsafe mode, downloaded combofix again, restarted in safe mode, ran combofix again (install sequence, registry backup, and now it is once again stuck on the "scan times may easily double.." with no activity, as it was last night.

    Any suggestions how to approach this one more time? Do you know anyone else who may have worked on a Mac/Win situation?

    Again, I appreciate your help.

  5. #35
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok, your welcome, no problem.
    dialog saying my demo had expired (?)
    This was a combofix pop up? Ive never seen nor heard of it. Theres only one version, there is no 'demo" version. Using explorer take a look in your Local Disk (C) for a Combofix.txt, maybe its there.

    The fact you have a duel boot really dosnt have much to do with it. My only concern with that was if you wrote a new MBR to disk and messed up one of your partitions and couldnt boot up into one of them or both.

    Your not being able to successfully run the tools is not unique either, many people have this problem. Malware is getting much more sophisticated and going deeper into the OS, becoming increasingly difficult to remove.
    How Can I Reduce My Risk?

  6. #36
    Junior Member
    Join Date
    May 2011
    Posts
    26

    Default combofix troubles, still

    I've done a hard reset at least twice now after starting combofix and getting nowhere..

    Today when I started up in normal mode I checked for the combofix.txt file you mentioned (on the C:\ drive). Didn't find it, but found a Combofix item in the listing that had a monitor icon next to it and was labeled as "Folder". Same icon as for "My Computer" and "Folder" instead of "File Folder".
    I popped open the subtree item under it and it showed the resources as if it were a mirror of the MyComputer tree. i.e. disk drives, usb drive, etc.
    Seemed like that was probably not right, but at this point I can't tell black from white.

    I went back to bleepingcomputer.com and downloaded combofix directly from there. I thought I had gone to the correct location before, but I now know it was definitely not and I guess I gave someone else a key to the vault as well. All the weird stuff that happened when I ran the spoof version must have really screwed things up.

    So I've now restarted in Safe Mode, ran the install with the Combofix.exe that I know I downloaded from Bleeping..., it went through the as-documented startup sequence, has arrived at the "Scanning for files..." initial 3 text lines, and is once again hanging. Didn't reset the clock, and is not showing any Completion stage progress.

    When I ran what i presume was the malware version prior to this (with all the odd messages), it did show a completion stage item, I believe it did reset the clock as well, and got to the stage of "writing the log". I maybe was too impatient at this point and did a hard reset again. This is where I started from today.

    I'm going to watch a movie or something (on another computer!) while this combofix command window sits and blinks. If nothing is happening by the time the credits roll, I'm going to reformat the partition and start clean. This is getting really really messy and I'm not really comfortable with the state of my system now.

    If you have any final words or advice about something else to try, or have any more questions about the stuff I tried and what happened, let me know.

    Again, I do appreciate the time you've put in on this. Very frustrating for you as well, I'm sure.

  7. #37
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Hey your welcome. Combofix is in my opinion the best tool to run for finding and removing malware. It really shouldnt take to long to run. You should also see the progress in the window as it happens. If all you get is a blinking cursor after 15 minutes or so, its probably hung up.

    Do you happen to have the URL where you got the fake combofix from, or the .exe itself.?
    I would like to get a copy myself. You have have reformatted by now.

    You have some nasty malware, a reformat may be the best way to go. Some say that a computer can no longer be trusted once a rootkit as been found and removed, no telling what may have been modified. Malware is constantly being updated also, to escape detection/removal from all the software.
    How Can I Reduce My Risk?

  8. #38
    Junior Member
    Join Date
    May 2011
    Posts
    26

    Default Time to start over

    I'm getting ready to wipe the slate clean and reinstall. Enough is enough. I haven't reinstalled yet, so I'll see if I can retrace my steps to the bad download. I think it started with me going to combofix.com or .org... Then got sent to a page with a whole bunch of scareware crap on it. Click here, click there. Finally found one that seemed to be the right thing. I should have backed off as soon as I got there. But there's no going back now..

    ...

    I just checked combofix.org and that seems to be set up to spoof all of the stuff you've been recommending. They credit everyone, but completely control the download. I don't think that's where I started, though.

    I traced my history back, and I think the problem started at majorgeeks.com. It also gives proper attribution, it seems, but it sends you to suspicious download locations. I'm gun shy of everything now..

    Just to be sure of what you last said, you mentioned that a computer can't be trusted once a rootkit gets it and is removed. I presume you mean just removed, but not OS reformat/reinstall? I would hope the OS reinstall would do it, but I know there are multiple levels of formatting, so my paranoia runs deep.

    Thanks. Go help others.

  9. #39
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Thanks but dont worry about trying to find it. Go ahead and reformat. Yes I meant couldn't be trusted after removal only. A reformatting reinstall of the OS will do the trick.
    Dont forget to get "patched" via Windows update afterwards. And of course install a AV, there are several free good ones. And antimalware. Then you should be all set again.
    Normally I post these tips at close, but we didnt really resolve anything as far as malware goes but I will post them anyway:

    10 Tips for Prevention and Avoidance of Malware:
    There is no reason why your computer can not stay malware free.

    1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes ,browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.

    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

    6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

    7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

    8) Install and understand the *limitations* of a software firewall.

    9) Securing IE for safer Browsing. How to harden FireFox for safer surfing.

    10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


    More info/tips with pictures in links below.

    Happy Safe Surfing.
    How Can I Reduce My Risk?

  10. #40
    Junior Member
    Join Date
    May 2011
    Posts
    26

    Default Thanks for the tips

    I'll follow the list faithfully.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •