Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: Combofix

  1. #1
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts

    Combofix

    I ran Combofix today and after doing so found that Windows Update said WU needed to be updated, and that downloading and installing the update would involve WU closing and reopening automatically.However,the update failed (twice).Also the program File Hippo stopped working after the Combofix scan.I then ran ERUNT to restore the registry to a time earlier in the day,and that solved both problems.

    I attach the Combofix text file,and if someone can interpret the results for me I would be very grateful.

    Thanks and regards,Roy
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  2. #2
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    I made a mistake attaching the file. It is now attached .
    Attached Files Attached Files
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Curious as to why you ran combofix. This tool should be used in conjunction with guided assistance from someone who knows exactly what they are doing.
    Quite often is the case where some malware or virus removal/repair will brake some other part of the OS.

    In the Combofix log, the "other deletions" and "files created in the last 30 days" would be the sections to look at.

    Did you have some manifestation of roboot64.exe I see in the log?

    I hope your use of the ERUNT backup predates your infection, otherwise you may continue to have issues.

  4. #4
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Hi CLiNT,

    I didn't realise the use of Combofix required expert knowledge,but will know better in future.

    I run regular scans with my always on antivirus/firewall program,Avast Internet Security, and occasional scans with standalone programs,i.e Malwarebytes,Exterminate It! and SuperAntiSpyware, and nothing has been found,apart from a couple of advertising cookies,and thought it would do no harm to scan with Combofix.(I disabled Avast for the duration of the scan).As I said,I will know better in future.

    The only item quarantined by Combofix is not infected,according to Avast.

    I will look again at the sections you mention,although I am not sure I will be able to draw any conclusions from them.

    I am not aware of having had any manifestation of Roboot64.exe,but I would not know what form any such manifestations would take.

    I don't know whether the ERUNT backup predates any infection, because I am not aware that I had any infection. As I said, the only file quarantined by Combofix was declared harmless by Avast.

    Do you have any further comments?

    Regards,Roy
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  5. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Why would you consider running combofix in the first place? Your not paranoid are you? Bored?

    Avast
    SUPERAntiSpyware
    WinPatrol
    AntiLogger
    Rapport/Trusteer
    KeyScrambler
    Last edited by CLiNT; 2012-06-19 at 18:56.

  6. #6
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Hi CLiNT,you may consider I have gone over the top with security related programs,but I am not paranoid,and have too little spare time to be bored.I was led to believe that Combofix is the best infection detecting program there is, so I decided to run it.As I said before,I will know better in future.

    With regard to roboot64.exe,since my previous post I have discovered that this relates to the WinZip program,which I had uninstalled a while ago.I thought all traces of WinZip had been removed, but found roboot64.exe in the System 32 folder (combofix didn't) and deleted it.

    Regards,Roy
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  7. #7
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    You might want to run GMER to check for rootkit infection(s): http://www.gmer.net/

  8. #8
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Hi Xircal, I ran gmer.exe and it listed 2 registry items on my C drive.However,there were no options to delete them,or better yet to make a registry backup first and then delete them,so what is the point of just listing items if you can't do anything with them? Furthermore,when I scanned my C drive again nothing was found!
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  9. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    The idea of running such tools is to allow you to determine if there are any problems that might need cleaning, not to delete anything that might be unusual. I have 3 files - drivers, loaded on my computer now that are rootkit-like in some ways, that doesn't mean that they are and it doesn't mean that removing them won't break something valid.

    If you post your Gmer log, we may be able to advise you further.

  10. #10
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Satrow thanks but I can find no trace of a Gmer log anywhere on my system, and there is no reference to logs in the program's UI.
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  11. #11
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Take a look in the root - C:\ or in the folder you ran it from.

  12. #12
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    Quote Originally Posted by royw View Post
    Hi Xircal, I ran gmer.exe and it listed 2 registry items on my C drive.However,there were no options to delete them,or better yet to make a registry backup first and then delete them,so what is the point of just listing items if you can't do anything with them? Furthermore,when I scanned my C drive again nothing was found!
    You presumably didn't read this FAQ which explains why that might happen: http://www.gmer.net/#faq

  13. #13
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Hi Satrow,I searched in the the root - C:\ and in the folder I ran it from but there was no log.

    Xircal,I now realise you have to click the arrows at the top of the screen to see the various options.
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  14. #14
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    I ran gmer again and the log file is attached.I am not sure whether I should delete the 2 registry entries listed,because I believe they may be part of the Bluetooth Suite that is on my motherboard.

    I would appreciate advice on this.

    Thanks and regards,Roy

    PS.The log file is on my desktop and is named gmer.log,but I could not upload it because when I opened Manage Attachments the gmer.log file was not listed. How do I sort this out?
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

  15. #15
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Further to my post #14, I opened the log file with Notepad,and the text is as follows:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-21 23:01:53
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\002683345725
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\002683345725 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    I would appreciate advice on this.

    Thanks and regards,Roy
    OS Dual Boot Windows 10 Pro 64 Bit & Windows 7 Pro With SP1 64 bit. (Intel Core i7 2600K Processor LGA1155-Asus P867 Pro Motherboard-GTX550 Ti DirectCU Graphics Card-Memory 8GB)

    Roy Whitethread

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •