?
Solved

ComboFix log

Posted on 2010-04-07
4
Medium Priority
?
710 Views
Last Modified: 2013-11-22
How do I interpret a ComboFix log file?
What do I do with it?
How can it help me?
I've attached a recent log file here.
combofix-log-report.txt
0
Comment
Question by:stevedantonio
4 Comments
 
LVL 13

Accepted Solution

by:
notacomputergeek earned 668 total points
ID: 30050470
It looks like it removed alot of nasties in the system32 folder.

run regedit from Start -> Run and remove these registry settings:
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

Download and run malwarebytes, repeat until clean:
http://www.malwarebytes.org/mbam.php

Is your system operating normally or do you see any symptoms of continued infection?
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 668 total points
ID: 30057082
Seems to more in logfile
>Also run a scan with Hitmanpro
http://www.surfright.nl/en/hitmanpro

>Run Eset online scanner
Check to "scan archives"

Under advanced options:
Have all three boxes checked

Attach its logfile
Location:C:\Program Files\EsetOnlineScanner\log.txt

Eset online scan http://www.eset.com/onlinescan/

>Then rerun Combofix and post its new logfile
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 664 total points
ID: 30091489
Still some bad files and reg entries showing in the log.
Run combofix again using this script.
 
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\windows\system32\binosino.dll
c:\windows\system32\fimegusi.dll.tmp
c:\windows\system32\hokozoli.dll
c:\windows\system32\jezegisu.dll
c:\windows\system32\jutizowi.dll
c:\windows\system32\ketowuhi.dll.tmp
c:\windows\system32\levewani.dll
c:\windows\system32\niwezufa.dll
c:\windows\system32\susujewe.dll
c:\windows\system32\yeweyefa.dll
c:\windows\system32\ziropobi.dll.tmp
c:\windows\system32\hokozoli.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49e4272a-f4ae-44a4-86ad-d77eb9a506fa}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zafijuyahe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"RTHDBPL"=-

------------------------------------------------------------------------
3. Save the above as CFScript.txt in the same location as Combofix.exe.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
 
0
 

Author Closing Comment

by:stevedantonio
ID: 31711995
Thank you
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question