Combofix for Malware

[MORAY37]

Recently, I picked up a horrible infestation of adware and malware while looking for keycodes I lost for a program I wanted to re-install.  My comp was infected with multiple cases of spyware (MS Antivirus popup warnings (THE WORST), vurtumundo trojans, Wuduluto.dll......you get the point)  I tried all sorts of malware and adware removal tools (Spybot,Spyware Doc, Malwarebytes, Adaware), that would find many of the trojans, but not address the underlying problem, most likely a .dll replicating trojan in a hidden file extension.  After every scan, the problems would just gradually come back.  Within a day, I would have a huge browser issue and my platform was becoming unstable.  I was contemplating going in manually and not looking forward to it....

When all else fails....

Download Combofix.http://www.bleepingcomputer.com/combofix/how-to-use-combofix  It is a last ditch effort to save yourself from reformatting your HD.  I was literally pulling out hairs trying to kill what I thought was the root issue, specifically a series of .dll folders  in the system32 root structure.  Whatever I did, I couldn't get to them.  You need to have an idea about what is going on in your box, but if you do, this little gem can get it done. 

ComboFix is a legitimate spyware remover. It was designed to specifically target SurfSideKick, QooLogic, and Look2Me as well as any other combination of the mentioned spyware applications. With its built-in engine that removes Vundo infections, it can also take charge of the latter but not all of them.

Aside from this, ComboFix has other built-in utilities that make it capable of unhooking any .dll file within the Windows System 32 folder. This enables the user to achieve personal access to the folder.

This ability of ComboFix allows the manual removal of spyware infections that had taken refuge inside the folder. It acts as a specialized effective cleaning tool, which has proven to be very useful compared to other malware removers that also clean up infected computers.

ComboFix also has a Command Line that allows the users to terminate up to eight files at a time. Its built-in engine for file deleting enables the user to delete other files, especially the locked hidden files instead of deleting just the infected ones.

Although ComboFix is very useful for the removal of spyware infections, it has limited functions. This is since it was only designed for specific infections, thus making it incapable of eradicating other computer viruses.

This application needs constant updates for you to have the latest protection. In fact, ComboFix should not be used on computers that have a specific rootkit because it will prompt ComboFix to delete all files from the system drive.

In using ComboFix, certain precautionary measure should always be taken. If your computer problems were caused by one of the spyware applications mentioned above, then this program can be used to get rid of your spyware infections. This is the only time that you should use ComboFix.

You need to be very sentient about using it.  It is designed for specifically what was wrong with my computer.  It goes after .dll trojans.  It uses command line interface to get deep into your machine.... you can probably do ALOT of damage to your box if improperly used.  It really is a last ditch, when you pretty much know you have one of the mentioned issues.

It worked for me.  My machine is speeding along now. 

[Hungry]

When I get someones PC with the worst of the worst I use SDFix

[Kermit de frog]

This program may remove the popup and fix the slowness of the PC the virus caused, but it continues to leave other programs that continue to communicate with unwanted computers.  Your data is sometimes still being captured and sent to the bad people.  You'll just have to risk downloading nonfake antispyware and keep trying, but I usually finish them off with builtin windows tools.

[drdeathx]

I use Spyware Doctor. It comes with anti-virus. Costs $29.99 but well worth it.

[Denholm]

Kermit, what built-in Windows tools do you use? I enjoy learning new things about Computers and would be very interested in what you do without the use of an AV that allows you to remove some of the traces of these pesky bugs.

[Fulmar]

The three times in 8 years I've had virus/malware that have no easy fix have resulted in me booting into safe mode and then backing up my data.  Then a reformat and we start again.  Though it can be a pain in the ass, I know when I'm done I've removed the infestation and probably saved some time instead of trying to fix it.

[Hungry]

The three times in 8 years I've had virus/malware that have no easy fix have resulted in me booting into safe mode and then backing up my data.  Then a reformat and we start again.  Though it can be a pain in the ass, I know when I'm done I've removed the infestation and probably saved some time instead of trying to fix it.

I go the other way whenever possible, I go for the fix.  I think fixing viruses has taught me more about how Windows works than I care to know, but in the long run its helped me fix the everyday stuff as well.

[Ghosth]

I've yet to see an anti malware that got everything.

If you were infected that bad, I'd probably start with
"Hijack this" So you can clear up your browser to grab more tools with.

Followed by Threatfire to find out whats trying to run that shouldn't be.

Once you have threatfire watching what starts, I'd probably go with something
like Glary Utilitys to clean up registry, manage whats starting with windows.

All should be easy enough to find, (google is your friend)
and free.

Personally after testing Threatfire for a year I no longer run a straight antivirus or antimalware.
I just don't need to, its small, doesn't suck up my resources, but warns me if registry's are changing or if processes are starting.

In my opinion, the worst bugs in the world are hiding or posing as no cd fixes, key generators, or other such fixers for current games.  Keeping a second old machine around just for scanning, opening, unzipping these kinds of files can be one way to deal with it. 

[MrRiplEy[H]]

Out of curiosity: Which browser did you use when you got infected?

[Masherbrum]

ESET Smart Security here.   

[MORAY37]

Out of curiosity: Which browser did you use when you got infected?

I was using Firefox at the time of infection.  IE was deleted from my system a long, long time ago.

It was my fault I got hit... I was careless for around 15 minutes.  The infections I had were self-replicating, with the main issues being deep in the win32 dll.  Using any of the normal stuff, (Malwarebytes, Spyware doctor, etc)  was completely ineffectual, as the removed trojans were simply regenerated within a day or so.

This "combofix" did wonders.  I still had to get inside the machine a bit and kill some fragments it missed, but at least it got the infections that were in protected files that I couldn't find very easily.

[morfiend]

Bullgard,check it out,free trial with support!! I think they still allow 30 days use.

 This saved my bacon,had a virus in norton,it was in quarantine folder in a sub folder.

[Animl]

SUPERAntiSpyware Free Edition removes vundo stufff. It's actually one of the best I've used. I ran is a couple time to make sure I got it all.

http://www.superantispyware.com/

Animl

[Animl]

OOps After i ran it,...I reinstalled SP3 on XP, which I downloaded from softwarepatch.com. That replaced some of the files that were damaged.

It may also kill Folder Options, Regedit...etc... there's a proggie called RRT (Removable Media Malware Defender) found at http://www.sergiwa.com, that will re-enable (remove restrictions) those items again.

Just went through this 3 days ago. Everything is back to normal and no traces.

Animl