Over 1 million tech questions and answers.

grpconv error installing AV and ComboFix won't run

Q: grpconv error installing AV and ComboFix won't run

Hi everyone!
Help!
I have a customer with XP Pro SP3.  When I went to upgrade Kaspersky Endpoint Security (kes10win_10.1.0.867en.exe), I got three prompts telling me c:\windows\system32\grpconv.exe was locked.  So I uploaded grpconv to virustotal and got told nothing was wrong with it.  I was able to click past the prompts.   The symptoms reproduce with the prior version of KESS (kes8.1.0.831_wksfswin_en.exe)
Unlocker said grpconf was locked to explorer.exe
Suspicious, I ran GMER root kit revealer from http://www.gmer.net.  Found nothing.  Not satisfied, I ran combo fix.  Got to the "it takes 10 minutes..." message and then nothing.  So I left it run overnight.  ComboFix never started counting.  And, in the morning, the machine was frozen.
Her machine is running slow and weird too.  I am so suspicious.
I found this on the web: http://www.securitystronghold.com/gates/grpconv.html
But I smell a rat.
Kaspersky tech support drew a blank.
I downloaded and ran DDS.com to get a report.  I get the scanning screen with the "please wait" and the blocks going across.  The blocks get to about 80% and then nothing for 20 minutes (would have left it longer, but the customer had to power off due to thunder storms).  It is suppose to take three minutes.  CPU was ~6% and dds.com was 0%.
What to do next?
Is there a way to run Combo Fix from a PE disk?  (Virus would be off.)
I would run Kaspersky's Rescue Disk, but as I sell Kaspersky, I have learned that if the Windows product doesn't catch it, neither will the rescue disk, as they both use the same scanner and defination files.
Many thanks,
-T

 
 
 

RELEVANCY SCORE 200
Preferred Solution: grpconv error installing AV and ComboFix won't run

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: grpconv error installing AV and ComboFix won't run

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+
===
Read carefully and follow these steps.
Download TDSSKiller and save it to your Desktop.Double-click on TDSSKiller.exe to run the application.
Click Change parameters
Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Click on the Start Scan button to begin the scan and wait for it to finish.
NOTE: Do not use the computer during the scan!During the scan it will look similar to the image below:
When it finishes, you will either see a report that no threats were found like below:

If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.If any infection or suspected items are found, you will see a window similar to below:

If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objectsMake sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
Click Continue to apply selected actions.A reboot may be required to complete disinfection. A window like the below will appear:

Reboot immediately if TDSSKiller states that one is needed.Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.Paste the log to your next reply, DO NOT ATTACH IT.[/list]

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.Click the "Scan" button to start scan.Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please post the logs DO NOT attach them.

Read other 5 answers
RELEVANCY SCORE 102.4

Hi All,
 
Oh, my first post.  My Name is Todd. Been doing computer consulting for the past 18 years.  Am fluent in Windows, especially Linux (wish I had more Linux customers), and sometimes Apple.  I have a bachleors degree in electrical engineering.  If you have a broken computer and want to pay me to fix it, I figure it out in a hurry.  (I fixed probably the last DOS computer in the county in December.) 
 
Hi everyone!
 
Help!
 
I have a customer with XP Pro SP3.  When I went to install Kaspersky Endpoint Security (kes10win_10.1.0.867en.exe), I got three prompts telling me c:\windows\system32\grpconv.exe was locked.  So I uploaded grpconv to virustotal and got told nothing was wrong with it.  I was able to click past the prompts. 
 
Unlocker said grpconf was locked to explorer.exe
 
Suspecious, I ran GMER root kit revealer from http://www.gmer.net.  Found nothing.  Not satisfied, I ran combo fix.  Got to the "it takes 10 minutes..." message and then nothing.  So I left it run overnight.  ComboFix never started counting.  And, in the morning, the machine was frozen.
 
Her machine is running slow and weird too.  I am so suspecious.
 
I found this on the web: http://www.securitystronghold.com/gates/grpconv.html
But I smell a rat.
 
What would you do next?
 
Is there a way to run Combo Fix from a PE disk?  (Virus would be off.)
 
I wou... Read more

A:grpconv error installing AV and ComboFix won't run

Good morning .
 
This forum does not deal with malware issues...it focuses solely on problems which are possibly linked only to the O/S.  Since that is the focus here, I can only try to move this to the appropriate forum.
 
<<Her machine is running slow and weird too>>
 
Since the system appears to be bootable/accessible....I suggest that you follow the guidance reflected in Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and post the DDS log in that forum.  If you have a ComboFix log, you might also attach/insert that into the new topic you initiate in the Malware Removal Logs forum.
 
DO NOT run Combofix again unless instructed to do so by your Helper in the MRL forum.  Please be sure to include a description of your system issues and whatg you have attempted to resolve them.
 
If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.
 
Louis

Read other 1 answers
RELEVANCY SCORE 59.2

During the install/ uninstallation of revo pro, I get a pop-up saying Windows Group Programs Converter(grpconv.exe) will no longer autostart. This did no happen in the free version's install/ uninstall.

I don't know if this is a virus. If so, please help. Otherwise, I would appreciate it if I get directed to somebody who can.

PS: I was able to uninstall the revo pro despite that message.

A:Error message(cause of a virus???)..Grpconv.exe

What is your Operating System and we can move you there.

Read other 7 answers
RELEVANCY SCORE 56.8

When installing combofix I get the following popup :!! ALERT !! It is NOT SAFE to continue.The contents of the ComboFix package has been compromised.Please download a fresh copy from:http://www.bleepingcomputer.com/combofix/how-to-use-combofixNOTE: You may be infected with a patching virus 'Virut'I have tried redownloading combofix, no help. I have not found anything that will help me find 'Virut'and how to clean it. Any Suggestions ?

A:Error installing Combofix

As ComboFix is only intended for use under the guidance of a Helper Trained in its correct use, may one suggest you return to that Helper for guidance?

Read other 2 answers
RELEVANCY SCORE 48

Is grpconv.exe ok?
Logfile of HijackThis v1.99.1
Scan saved at 6:52:44 PM, on 7/30/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HJTV1.99.1\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-4... Read more

A:grpconv.exe

http://www.processlibrary.com/directory/files/grpconv
http://www.bleepingcomputer.com/startups/grpconv.exe-1877.html
 

Read other 2 answers
RELEVANCY SCORE 47.6

I want to run combofix cause i went to a website and possible clicked on something i should not i beleive i may have a back door trojan

The error i am getting is

Windows cannot find "NircmdB.exe". make sure you typed the name correctly, and then try again.

I tried renaming to cf.exe no luck i even try using SDFix in safemode no luck when i click on runthis bat file cmd start then close so i dont know what is going on..

In the past i had vista and abale to run combofix and get rid of any virus i had . Now with window 7 i am getting this error above

Any help to run combofix would really appreciate. All i want ot do is run combofix on window 7

thanks

A:Combofix will not run on window 7 full retail version, combofix will not run error

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further ComboFix does not officially support Windows 7 and SDFix only works on Windows XP.Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

My log file is showing in the 04 section something about:
grpconv.exe -o

Good or Bad? I'm finding conflicting data on my google search to learn more about it.

FWIW, I'm running XP, and I use AdAware and HiJackThis about once a week to keep up on this stuff. Today is the first time I've ever seen this one, but even the MS Utilities site is calling it okay, so I don't know now...

Thanks everyone.
 

A:grpconv.exe Bad or Good?

Read other 8 answers
RELEVANCY SCORE 47.6

Greetings,

Recently I clicked on a picture of a cd cover on the net and Avast immediately popped up and said I had a possible virus and them immediately shut down. When I restarted Avast it did not indicate anything. I then decided to restart the computer in safe mode and check there to see if I could find anything. I don;t normally use Internet Explorer and I noticed that IE tried to start on its own so I immediately stopped it before it could really start. Here is the short version of what I did and what I found:
(1) Avast indicated that I had a virus and then immediately shut down on its own

(2) Rebooted to safe mode

(3) Ran Rkill

Here is what it found:

Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe

Rkill completed on 03/26/2012 at 14:03:18.
(4) Ran TDSKiller - Nothing found

(5) Malware Bytes - Full Scan in safe mode

found the following:
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen)
-> Data: grpconv -o -> No action taken.
Clicked 'remove selected'

(6) Ran Superantispyware quick scan - Didn't find anything

(7) Restarted computer as Malware Bytes asked

(8) My Avast trial has expired

(9) When I run MWB in regular mode it doesn't detect anything

I have repeated the previous steps a few times and it appears that somehow I am not effective in my actions. What would you recommend I do from th... Read more

A:GrpConv Trojan

Hi,After performing these scans, enter the results in your next post and also update me on the status of the PC.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.
For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINI... Read more

Read other 7 answers
RELEVANCY SCORE 47.6

Hello,

I am trying to help my father fix his computer and I can't find any info on this problems. He is running Windows XP. Upon startup he gets a message saying that "c:/windows/system32/grpconv.exe is not associated with a program." He can then click OK, it goes to the windows startup screen and won't go any further. I've looked info up online, but all I can figure out is grpconv.exe is Windows Program Group Converter, which is supposed to convert programs and folder from older Windows versions to newer. I don't know a lot about computers, so I really have no idea about this stuff. Can anyone recommend a way of fixing this?

Thanks!

A:help with /system32/grpconv.exe please

To facilitate the upgrade from Windows 3.1 to Win95/98, an executable file named GRPCONV.EXE is included with Win95/98.This is a valid program but it is not required to run on startup.http://www.bleepingcomputer.com/startups/g...v.exe-1877.htmlI believe that you have an infection which is hiding in a legitimate .exe fileWe do have ways to scan it. It will require the Recovery console, more than likelyI would suggest starting a new topic in Am I Infected?:http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Read other 1 answers
RELEVANCY SCORE 46.8

I just ran CCleaner to empty some junk out of my temp files, i then took a look at the startup tab in CCleaner, something new has appeared. The something is given the following description:
Enabled:yes
Key: HKLM:Runonce
Program:GrpConv
Publisher: (nothing is given)
File: grpconv -o
Whta on earth is this, I've never seen it in their before, it must have appeared in the last day or two. Is it dangerous should i disable it immediately? the machine is a windows 8 laptop. I've never seen or heard of this process before, i've never seen it listed in the startup lists within CCleaner.
Thanks

A:grpconv what on earth is this, urgent

http://www.bleepingcomputer.com/startups/grpconv.exe-1877.html
 
http://social.technet.microsoft.com/Forums/windows/en-US/11ba6e09-8ff5-4518-a744-b23ccd0275de/grpconv-0?forum=w7itprogeneral

Read other 2 answers
RELEVANCY SCORE 46.8

Started here.. http://www.bleepingcomputer.com/forums/topic413993.html/page__gopid__2370676#entry2370676 and was told to create a new topic under this forum.

**EDIT** Also thought I'd let you know that before I disconnected it from the internet/network, it was getting redirects in Google Chrome, Internet Explorer, and Mozilla Firefox.

OS: Windows XP PRO SP3

To start, the computer was infected with the Zontom anti-virus virus thingy, and the computer owner was able to remove it, however it also (or another virus) hid his entire computer. I have since reactivated the ability to use .exe files, unhid most of the content on his computer, and I have ran MBAM without finding anything on the system. However the computer still freezes after an being turned on for an extended period of time, and msconfig.exe actually starts a program called inu.exe which I am unable to locate on the hard drive.

Depending on how cooperative the computer wants to be, I can from time to time access more than just the C Drive, however usually it won't allow me to access the D drive partition, the CD-Rom, or any thumb drives I plug into the system, to gain access to them I have to give the computer a fresh boot and access within the first 5 mins of the system starting up. If I wait more than 5 mins give or take, I am unable to access anything other than the C Drive. Task manager also acts the same way, will not start after a few mins of the computer running.

I do not have a firewall turn... Read more

A:Zontom, Inu.exe, problems with GrpConv.exe

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 46.8

Hello, a torrent containing what I believe to be a bogus version of the XVid MPEG-4 Codec Pack was downloaded and installed on my computer. After I noticed my Microsoft Securty Essentials had been removed from the running programs tree, I followed the PC Issues balloon to find that "Windows Something Security Something" (Sorry I didn't write it down) was inactive; though it was clearly not meant to be, in the first place. I then manually started MSE and ran both a quick then a full scan that found no malicious files, followed by the same action and result with Malwarebytes. At this point, I tried to Revo-uninstall the XVid MPEG-4 Codec Pack, and during the target program's featured uninstall I received a pop box in the bottom right corner (completely unattached to the taskbar, as mine runs vertical along the left edge of my desktop) stating that "Windows Group Converter will no longer start[up (with windows??)] "grpconv.exe."" Sorry, it was very brief. At this point I opted for a system restore that rolled my PC back about 6 hours before this event took place. It finished with the restore but it reinstalled the XVid MPEG-4 Codec Pack; even though it was restored to a time in which this program/virus should not have existed. I then tried another full scan with MSE and MBAM and they both returned no results. At this point I was already running late for an event so I shut my PC down and left it await. When I returned home, I powered the PC u... Read more

A:Possible desktop.ini and/or grpconv.exe virus.

Do not run any other tools when you are being assistedDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 9 answers
RELEVANCY SCORE 46

I finally managed to install Windows XP 32bit on my old laptop with the same CD as used on every other PC in the house without errors. 
During the Windows installation step this came up 
Windows cannot access the specified device path or file. You may not have the approperiate permissions to access the itemC:\Windows\System32\grpconv.exe 
When booted up the PC first time the login was different....  and the pc used 98 theme as default. Upon any attempt to change anything this came upC:\DPsFnshr.exe
Windows cannot access the specified device path or file. You may not have the approperiate permissions to access the item
What the hell is going on................ 

A:Windows XP installation: grpconv.exe cannot access ... 98 theme look

What service pack is the CD?

Read other 2 answers
RELEVANCY SCORE 45.2

Greetings,

Malwarebytes found GrpConv (Trojan.Agent.Gen) on my system upon running MWB in safe mode, after running Rkill. MWB or SuperAntiSptware do not detect this item if I run them after normal reboot, and sometimes MWB doesn't detect the item in safe mode. When MWB does find it, I click on 'remove item', restart as requested, only to find the item later when I run MWB again in safe mode. I am running win 7, 64 bit. It was recommended that I post a DDS log and a GMER log. I was reading that GMER should not be run on 64 bit systems. I am attaching the dds logs here (DDS and Attach). As far as the system goes, it doesn't appear to be having any problems. Here is the link to what I had posted in the other forum, where I was directed here:

http://www.bleepingcomputer.com/forums/topic447735.html/page__p__2644092__fromsearch__1#entry2644092

Please let me know what you think and if you would like me to run GMER anyway and I will post the requested logs.

Best Wishes,
B

A:GrpConv (Trojan.Agent.Gen) detected and remains after MWB removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448945 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

heyal,

i caught a trojan on my pc and when i tried to use combofix [had to get new version] and install it it came up with errors about writing and would never finish

what can be the problem? how do i fix it?

need all the help i can get

thank you,
southern belle

A:NEED HELP! Combofix has errors when installing

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 13 answers
RELEVANCY SCORE 42

Hi,i am having a strange problem in several workstations after using ComboFix.
Somehow,i cant access the internet.The problem disappears when i'm turning off the workstation and turned it on again(by rebooting only,nothing happens),but the next time i will turn on the workstation,most of the times the problem shows up again.
I am using win xp sp2 and i have installed DeepFreeze.

Ps.I didnt know that ComboFix has uninstall option(i read it here),so after finishing with it,i just delete it from my desktop.

Waiting for any help,and forgive me for my english.

A:Accesing internet problem after using ComboFix and installing Recovery Console

Welcome to TSF

Your first mistake was using Combofix without proper assistance. This is a powerful tool that should not be used unless you are experienced with it.

Open IE, go to Tools/Internet Options/Connections/Lan Settings and uncheck any proxy setting set by infection.

To properly uninstall Combofix
Start/Run type in combofix /uninstall

Next time get someone trained to assist you if your systems are infected.

Read other 1 answers
RELEVANCY SCORE 40

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

Read other 3 answers
RELEVANCY SCORE 39.2

Hi,

To give you some back story, I built my computer the end of August 2012. Ran Smoothly. I decided to get a 60 gig SSD to be the partition that stored Windows. I didnt have much stored on the Main HD so I deleted my original 2TB HD and tried installing on the SSD... found that the SSD was bad and sent it back. Decided just to stick with the 2TB HD. Had some issues installing windows back onto the HD as it would just hang up. Finally managed to get windows installed, had some "Not genuine" issues but that resolved after multiple restarts. That brings me to where I am at today and I feel as though the system has been getting worse. I would normally be fine with just a clean install but with all the issues I had with that initially I am very skeptical of trying it again. I have 5 important updates and 7 optional updates all of which do not install. The Installer just sits on Downloading updates and I have left it overnight with still no result. I am not sure if this is even my main issue but I am beyond the point of figuring it out myself so any help would be appreciated

I downloaded the System Readiness Tool and it Ran. I tried running the sfc /scannow in Admin cmd prompt mode and get a "Windows Resource Protection could not perform the requested operation" I attached my CBS file. Any help you could give or guidance you can provide would be greatly appreciated.

A:Windows Updates Not Installing : Error Unknown (Sits on Installing)

Hello and welcome Faticus just as matter of interest why did you give up on the SSD? was not it under warranty?

That is heck of a drive to be installing on mate just how did you prepare it for the install?

You can run a chkdsk in Windows too > My Computer > right click on the drive > Properties > Tools > Check now - then follow the points in my pic.
You then reboot and it will start a chkdsk (in DOS).

Read other 9 answers
RELEVANCY SCORE 38.8

Yeah, I have a friend who just replaced her hard drive. She had a friend come over and he installed an XP cd he got from the university he works at. Anyway I guess he installed all the drivers and updates onto the computer. However when she tried to install her webcam driver it comes up with an error message saying error installing IKernel.exe. She can't get it past that error to install the driver. So I did some research on the net. Came across a page that said to delete the C:\Program Files\Common Files\InstallShield\engine. However when I showed her how to get to that InstallShield folder there wasn't one to be found. I found that very interesting. Why would XP have installed that with the cd the dude used? Weird. Anyway I heard her download and install an InstallShield version that I am not sure if it is the right version. Anyway it is on there. I had her try the webcam driver again. Still same error. I am guessing there is no IKernel.exe on her computer. Should I have her download the IkernelUpdate.exe that is also on that page? If not what else can I have her try? She doesn't have a Windows XP to extract files from. Thanks.
 

Read other answers
RELEVANCY SCORE 38

Okay, I'm just looking to pick up a couple ideas from the kind and wonderful people here.

I use combofix fairly regularly with my job, I'm lead tech for a small district of a large corp. and I was introduced to combofix a couple years ago and found that it simplifies the cleanup and removal of certain malware to where I can take care of them in mere moments.

And so I had a customer with sysguard on it, sysguard is not a new bug, nor is it exceptionly bad, just annoying. Program wise its actually very similar to smitfraud, and can be removed using some of the same tactics. But combofix can kill it in one fell swoop, unfortunately when I ran it this last time I received the error Not Admin when it started scanning. I went though everything I could think of to find where this permission error was coming from, but its WinXP MCE sp3, there are not a lot of choices inside the Administrator Account in SafeMode.

I went and manually removed the hoaxware, much more time consuming. I decided to try combofix again just to see if the bugger was what was stopping it from running, but I get the same error. Everything else I have runs fine, even the batch and com tools that I have.

So, anyone with information would be good. I unfortunately will not be able to post any logs as I do not have access to the computer anymore. I'm mostly looking for ideas that i can try in case I run into this again.

Read other answers
RELEVANCY SCORE 38

trying to run combofix and it starts up fine but before it does any "Completed stages" it says "\Microlab\Searchengin\ was unexpected at this time." and just has a flashing cursor.

Any ideas!?
 

A:combofix error

Read other 16 answers
RELEVANCY SCORE 38

Hi,

I ran combofix in my laptop (OS Win 7). After that I am getting error whenever trying to open files... Err!: "Illegal Operation attempted on a registry key that has been marked for deletion. Help me!!!

Urgent Please

A:error after combofix

Hi Team,

I would like to remove this as the issue is been resolved. I have reinstalled the IE and issue resolved completely... Hope you can recommend this for others also...

Read other 2 answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran atf cleaner,ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-16 17:36:43 - ComboFix 07-07-16.4 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))2007-07-16 16:59 <DIR> d-------- C:\WINDOWS\LastGood2007-07-15 22:57 51,200 --a------ C:\WINDOWS\nircmd.exe2007-07-15 22:00 <DIR> d-------- C:\WINDOWS\pss2007-07-15 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue((((((((... Read more

Read other answers
RELEVANCY SCORE 38

Below is a log from my combofix scan - I have infections in .ddl files - how do I get them 'resolved'?

ComboFix 09-11-29.02 - Administrator 11/29/2009 18:08.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.255.154 [GMT -5:00]
Running from: c:\windows\TEMP\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ac3_0010.exe
C:\mte3ndi6odoxng.exe
c:\progra~1\COMMON~1\{28301~1

c:\progra~1\COMMON~1\{38301~1

c:\program files\deskbar

c:\program files\deskbar\inst.bat

c:\program files\internet optimizer

C:\rdfx4.exe

c:\windows\Fonts\acrsecB.fon

c:\windows\Fonts\acrsecI.fon

c:\windows\nem220.dll

c:\windows\smdat32a.sys

c:\windows\smdat32m.sys

c:\windows\start.exe

c:\windows\system32\clrviddc.dll

c:\windows\uninst2.htm

c:\windows\unist1.htm

c:\windows\Web\default.htt



c:\windows\system32\qmgr.dll . . . is infected!!



c:\windows\system32\comres.dll . . . is infected!!



.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.



2009-11-21 20:28 . 2009-11-21 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2009-11-08 23... Read more

Read other answers
RELEVANCY SCORE 38

After Running AVG Business edition and Malware-Bytes, was unable to remove a virus threat entitled "Tojan virus Agent_r.AHR". Have used and performed ComboFix several times at the advice on users on the forum and knew that after the failed attempts to remove the virus using previous scanners, ComboFix was the next step. Error Log follows below:ComboFix 11-07-05.02 - Register 6 07/05/2011 14:27:56.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1578 [GMT -5:00]Running from: c:\documents and settings\Register 6\My Documents\Downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\kernel.dll..((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))..2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\Register 6\Application Data\Malwarebytes2011-07-05 17:37 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-05 17:37 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-... Read more

A:ComboFix Error Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 38

I downloaded the newest version of Combofix on 7/8/10. When it is run it detects a Rootkit. I say OK to reboot. XP hangs during shutdown. After 4 hours it still has not shut down and rebooted. If I do a cold boot Combofix then runs but finds no problems and deletes nothing upon completion. If I reboot and run ComboFix again the same thing happens (finds a Rootkit but hangs during reboot). I put a different hard drive with XP that I know if be malware free. When Combofix is run it has the same exact issue.

A:Combofix Error

Please note the message text in blue at the top of the Am I infected? What do I do? forum. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here. With that said, there are circumstances ComboFix will hang or stall at various stages due to malware interference, failure to disable any other real-time protection tools and CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. While that is not normal behaviour, it is not unusual. In such cases, it is helpful to know at what stage CF stalled and to provide that information to the Helper who is assisting you so they can investigate.If you need assistance with your malware infection, please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT h... Read more

Read other 1 answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-15 19:57:40 - ComboFix 07-07-16 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue2007-07-15 13:08 51,200 --a------ C:\WINDOWS\nircmd.exe(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-11 21:51:13 -------- d-----w C:&#... Read more

A:Error Using Combofix.exe

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 3 answers
RELEVANCY SCORE 38

I was advised to run ComboFix as a possible solution to the problem that I'm having accessing some files (Access is Denied) and activating command lines such as chkdsk, where I am told that I do not have sufficient privileges.

I am the administrator on a private pc.

Unfortunately I did not read the instructions regarding preparation so I do not have a helper. The DDS does not download, but I have attached the log report.

Can anyone pls advise what I should do? There is no change in the problem of file access and privilege level.

A:ComboFix error

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461730 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 38

Ok so we are getting the following error on 20+ pc's on a domain based network. We get this error on basically every PC we log into and run combofix on. We have tried MANY rootkit removal utilities with no luck. (ie malwarebytes, combofix, sdfix, rootkit revealer, Trend rootkit, mcafee rootkit, superantispyware, etc...) The server has also been scanned... We've deleted the users profiles on the server and on the local PC's, we've even completely reloaded a PC and added it back to the domain and the message came back immediately after running combofix on a clean profile. After the error pops up it prompts us to reboot the computer and then it runs combofix again and finds nothing. If we wait a little while after that it comes back up again... If anyone has seen this or has any input it would be greatly appreciated!

A:Combofix error

Hello and welcome to BleepingComputer.I take it this is about a corporate network? If so, you really should consider a reformat or having the IT department taking this down. We cannot possibly work on 20 computers at a time in this forum. Besides, while cleaning one computer, malware would spread through the network and reinfected it, and so undo all our work.To have a chance to successfully clean all machines, you will need to isolate all of them, make sure all of them are completely clean as well as any removable storage and only after that reconnect the computers.

Read other 2 answers
RELEVANCY SCORE 38

hi guys,
 
every times i can try to start combofix i receive this error:
 
error writing c:\32788R22FWJFW\023.dat
 
how can i solve it??
 
thanks in advance

A:error of combofix.exe

Hello and welcome to BC,
 
Please read this topic about Combofix: ComboFix usage, Questions, Help? - Look here
 
You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide. 
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
 
 
Let me know if you need any help with that. 

Read other 4 answers
RELEVANCY SCORE 38

Hey guys:I ran combofix and got this error right after the log window:Could Not Find C:\WINDOWS\system32\drivers\Combo-Fix.sysI don't know if the program is finished running or not because that screen just sits there.I'm not sure if I should close the window or not? ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:ComboFix error

This is why we have warnings posted and recommend that you do not run it on your own.
I will see if I can find an answer for you

Read other 6 answers
RELEVANCY SCORE 38

I recently was infected by a virus so I ran Malware Bytes which usually takes care of any viruses pretty well. After it scanned there was one that it said it could not be removed so I assumed it was one that would be cleaned upon reboot. I scanned again anyway after reboot several times but it comes back with nothing but my browsers keep redirecting to random sites. Previously to fix this, i've used ComboFix which has successfuly fixed that. I still had the Combofix file on my computer so I ran Rkill first (which only killed a Google Updater) then CombFix. My ZA firewall put up connection alerts several times for IE and Firefox, and either accepting or declining them, I get an error message from ComboFix that says "error - win32 only" in English and several other languages and it never starts. I have XP pro on my machine, i've downloaded the most recent one (combofix) available from here at BC and even tried to run it in safe mode. What is the problem? Can anyone help? Anyone experience this?

A:Combofix error

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computerYou shouldn't be running ComboFix without supervision by staff here at BC.

Read other 3 answers
RELEVANCY SCORE 38

yesterday I got annoyed by win 8 on my Samsung NP900X3D and I started to instal windows as I normaly used to do on my older laptop...and here the problems started:
- as the ultrabook doesn`t have a optical unit I must use an bootable USB
- I delete and redo the partition with the previous windows 8
- at first i got an GPT installin error when I tried to install the win 7. afterwards I started to serch on internet about this error and what it means and then I found about UEFI installing mode issues
- now, I did disabled the Fast Boot from BIOS and also made the USB as a primary boot device and disabled the SSD as a bootable device
- next, I started to install the windows but something weird happened: the win booted normaly and then is the first step with "windows is loading files" and then the "windows is starting" and at that point the process freezed ....

I don`t know what to do next! I followed these UEFI Bootable USB Flash Drive - Create in Windows to make the USB bootable.

Please give me a bit of help.

Regards

A:installing error on SAMSUNG NP900X3D - USB installing

Welcome to EightForums.

1) did you do step 11 in
UEFI Bootable USB Flash Drive - Create in Windows

2) Are you booting the USB drive in UEFI mode?

Read other 6 answers
RELEVANCY SCORE 38

I've read a bunch of old topics and tried following the same instructions and I'm still having problems.  
 
Malwarebytes freezes half way through the run.  I tried in safemode I get the same thing.  I tried combofix and I keep getting run errors/extract errors.  I read a lot of topics where people were having similar problems.  The only addition to mine is my hard drive is constantly saying low disk space.  Its no where near low, If I delete one or two things totally a few gigs within 20 minutes my disk space is back to 0 kb again.  
 
Please help! Much appreciated! .
 
Moderator Edit: Moved from Windows 7 forum to a more appropriate forum since Combofix did not run
Roger

A:Combofix Error + Malwarebytes Error

Hello -
Only because this is program specific, please post it to the Malwarebytes General Forum area linked below
 
https://forums.malwarebytes.org/index.php?s=9e6d8926279a7354514504570a27a007&showforum=41
 
They would be the better people to deal with this at the moment -
 
Thank You -

Read other 5 answers
RELEVANCY SCORE 37.6

Hi
I just tried ComboFix on Windows 8.1 in Safe Mode and it wouldn't run.
It says "windows 2000 is no longer supported".
Anybody else had this problem and is there a workaround or fix?
Thanks

A:ComboFix error on Windows 8.1

ComboFix is not compatible with Windows 8.1 yet so you cannot get it to run. If you attempt to use ComboFix on 8.1, it should provide a message alert: ComboFix is not meant to run in 'Compatibility Mode' and exit. This message is intentional by design when attempting to run ComboFix on Windows 8.1.sUBs has recently advised that he is holding off releasing any working version of his tools for Windows 8.1 which includes both ComboFix and DDS. Meaning he is fully aware of the compatibility issue but needs time for thorough testing to ensure it works safely on that OS.

Read other 17 answers
RELEVANCY SCORE 37.6

ComboFix downloaded from bleepingcomputer throws an NSIS error (v 11.10.1.3 and 11.9.30.5).

When downloaded from infospyware, it runs successfully, but is an older version (11.9.26.2).

OS: XP Professional
Browsers: IE8 and Firefox on a non-infected machine. Caches cleared.

The target machine has been infected with Open Cloud Security. The older version of ComboFix deleted a number of infected files including some rootkit stuff, but I am concerned that without the latest version, some components may have been missed. The Open Cloud authors have apparently been modifying their strategy, as much of the advice online refers to component names that were not present in my case.

ComboFix was downloaded on a non-infected machine and transferred via USB stick.

Error message:
---------------------------
NSIS Error
---------------------------
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error

A:ComboFix -- NSIS error

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

Read other 1 answers
RELEVANCY SCORE 37.6

I work at an IT help center on a university campus. We offer virus cleanings and other general IT help to students, staff, and faculty. As part of our standard virus cleaning process, we run ComboFix. Starting yesterday, however, ComboFix will not run on any (6 or so machines) of the customers' machines we try to use it on. It stops with the error "Date Error: 2009-11-15, Check your settings."

The only way we have found to get it to run is by taking the customer's machine out from behind the firewall (done this on 3 machines so far). We have a machine running m0n0wall sitting between the switches that the customers' machines connect to and the internet. It has very stringent rules, allowing only ports 53 (DNS), 80 (HTTP), 443 (Secure HTTP), 21 (FTP), and 5722 (Jabber) outgoing.

We have also tried disconnecting the machines from the internet completely before running ComboFix, but that doesn't work either. This is odd, since ComboFix used to run just fine without an internet connection, usually in a reduced mode because the Windows Recovery Console isn't installed.

I found a version of ComboFix we downloaded 11/14/09 at 11:10am EST, and it runs OK right now (tested on 1 machine still behind the firewall).

Would anyone know if ComboFix was recently updated in a way that would cause this error if the computer has no or heavily firewalled internet connectivity?

A:ComboFix: Date Error

There was a recent fix and update for ComboFix. It was taken offline for a short time and brought back up... This topic mentions the issue.. http://www.bleepingcomputer.com/forums/t/270612/broken-link-for-combofix/

Read other 4 answers
RELEVANCY SCORE 37.6

I just downloaded the new verison of Combofix this morning with Admin mode, Then it gave me an Syntex Error, then froze my computer.

Is there something wrong with the new Combofix download?

**Oh and the verison of the Combofix is 13.1.21.02

A:Combofix Syntax Error

ComboFix usage, Questions, Help? - Look hereHello -Please start with the above Instructions and Disclaimers that are listed with this delicate tool.It is not always available and can be removed or altered by the developer at any time, without notice -Thank You -

Read other 1 answers
RELEVANCY SCORE 37.6

My Laptop appears to have been infected with a Ransom/Highjack Virus. I cannot access the Internet with any of four browsers. I managed to rid the system of popups (using Stopzilla) but still cannot access the Web. When I try to download Combofix from a thumbdrive form another computer, I get an Error Message that my XP system is incompatible with the Combofix download, although I think I am using the correct Combofix XP link.

I'd appreciate receiving a Combofix link that is definitely compatible with XP....and a solution for downloading it to my machine. I suspect that the virus may be creating this obstacle to downloading in addition to the other problems, but I am not sure.

Thanks for your help!

A:Combofix Incompatible Error

Hi Stephen,Welcome to BleepingComputer. Do you have a 64-bit Operating System?Additionally please be aware of the following:IMPORTANT!: No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. With that said, please read the pinned topic ComboFix usage, Questions, Help? - Look here. ComboFix logs, where should I post them?ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Usi... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

Recently just downloaded combofix and going to run it on a computer here but receive the error:
---------------------------
NSIS Error
---------------------------
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error
---------------------------
OK
---------------------------

Tried it on my workstations and it gets the same thing as well. Is there a workaround?

A:Combofix - NSIS Error

Nevermind, looks like the issue has been resolved!

Read other 18 answers
RELEVANCY SCORE 37.6

Mods: If this is better posted somewhere else then please feel free to move it.

I had a Dell notebook which I had worked on before and after running CCleaner, MalwareBytes, Spybot S&D, Windows Security Essentials (each of which found a lot of really nasty stuff) and updating SpywareBlaster it still had some problems which none of the previous programs would detect, and after they all gave it a clean bill of health I knew something was still wrong. I then used my trusty ComboFix program which for the first time ever refused to run and gave a variety of weird error messages about "can't run on a 64-bit system", "can't run with AVG installed" and other similar things.

Well, since the computer had the Vista Home Premium SP2 32-bit OS on it and didn't have AVG installed I knew something was Rotten in Denmark so I went back to the BC forums and found the TDSSKiller, which I downloaded and ran. See the log below for the results:

2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0961 3400 Scan finished
2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0977 4188 Detected object count: 1
2011/03/31 17:53:34.0646 4188 mouclass (0e6be2ddff3e98f92e465a4cdc886e5a) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 17:53:34.0646 4188 Suspicious file (Forged): C:�... Read more

A:ComboFix Gives Error Messages And Won't Run

This is not a ComboFix log and the small portion of it I posted is for illustrative purposes only; I am not asking for any help, just sharing my experience. I hope that is not a violation of the rules...

Read other 3 answers
RELEVANCY SCORE 37.6

hello guys, i have been using combofix for sometime now with great success. I recently downloaded the latest version, but any time i want to run it, it gives me - "Date error Thur 07/09/2008 , check your settings". I have changed my date back and forth without success.
Please, I need help. Combofix is all i've got.

Read other answers
RELEVANCY SCORE 37.6

Hi,
I ran combofix on my laptop and when it completed it gave me a error log report and I have no idea what it means. Can someone please help me with it? I have attached the report. I don't know what I need to do next, any help would be appreciated. Thank you

A:Combofix Error log report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

My daughter has managed to acquire some type of malware which behaves much like Vundo... however, since I'm a bit rusty on my skillz, I can't be exactly sure.

Description of symptoms:

Will not connect to the home network any longer, either wireless or wired. When LiveMessenger fails to connect, troubleshooting shows an invalid IP address...when I run IPCONFIG, it states there's an internal error.

AVG Anti-Virus modules will not run.

Spybot S&D will not run

Downloaded Malware Antibytes but the program will not install. The process is in Task Manager, but is "hung" and will not initiate.

Downloaded Combofix from a link in this forum. When executed, it drops to the DOS box, then comes up with Date Error. The date presented is the current, correct date, yet it states to Check Your Settings.

Ran The Comedian which gave me a valid ERUNT, but would not set a restore point.

And, last but not least, HJT will not install.

Um.. help?

A:Combofix Date Error?

Ok.. found the rename trick for MBAM... had to even go ren the exe in Program Files/Malware Antibytes folder but its currently running... we'll see.. If it works, someone may want to make a sticky out of that lil trick..

Read other 52 answers
RELEVANCY SCORE 37.6

Mod Edit: Do nothing else until you get a reply.. I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum for proper assisstance ~~ boopmeOK, i was have problem with my computer "Window 7 internet security" Malware so i used "rkill" and then my computer was having redirect to scour.com site virus. so i just downloaded from a blog something called "ComboFix". so I just ran it without any of knowledge. now ComboFix is having error during process and i searched on google and it is stated dangerous program and now i am panicing.on ComboFix window it says-----------------------------------------------------------------------------Re booting Windows . . . Please waitPlease allow ComboFix to reboot the machine.WARNING !! Do not manually reboot the machine yourself driver loading error dis not found C:W(not W but the W with cross on middle)please note that you need administrator rights to perform deep scan-----------------------------------------------------------------------------now I am stuck not knowing what to do. please help me outI use windows 7 btw and there is nothing behind the screen window no folders no files just window of ComboFix

A:I used ComboFix and there is an error during process

Are you still having problems?

Read other 2 answers
RELEVANCY SCORE 37.6

Hi

I had a similar problem to the guy over here:
http://forums.techguy.org/malware-r...68-post-virtumonde-cryp_morphine-removal.html

I have Windows Vista Ultimate SP1 32bit if that helps.
I have 2 x 500Gb hard drives in RAID0 partitioned to a C and D drive, C being the primary Windows Drive and D being where I backup all my work etc...

Full hardware specs:
Intel Core 2 Quad Q6600 @ 3.41Ghz
2x2gb OCZ Reaper [email protected] 5-5-5-12
2x500Gb Western Digital GreenPower (More info above)
Gainward 8800GT 1Gb Golden Sample
Coolermaster Real Power Modular 800W

I followed the instructions, it all went well until I tried combofix.exe

It asked for a restart and as one of the posts said to expect this, I allowed it to happen, upon Windows restarting and the login screen appearing, I proceeded to enter my password and sat back waiting the spinning circle to do its work.

Then came the error, "Error: The handle is invalid." and a "OK" button underneath it.

So I simply tried again with same results. So then I went to hit the restart button on the bottom right hand corner, but the problem was that the button animated (glowing as I clicked it) but nothing happened.

Restarted computer and tried all the safe modes with same results.

What went wrong? How can I fix it? Oh and I can't really provide any logs as I can't log on, I am writing this thread on another computer.

I seriously need to access my work and everything on it. The best scenario is th... Read more

A:combofix.exe winlogin error

Ok, Hi everyone again.

Today I tried to fix this and I fixed it. Can someone tell me how to find 'Last Known Good Configuration' as the first few times I got the boot menu I didn't get that option, and how do I get the boot menu without hitting the physical reset switch when the computer is on? Thanks

Oh and I can't enter my Combofix log as it is too large...
 

Read other 1 answers