You can google this, but essentially, it appears that a certain rootkit *might* cause combofix to delete all system files. You shouldn't use combofix.exe until it reappears on bleepingcomputer.com. Also, please don't attempt to host combofix.exe yourself.
I'm posting as a service because I've suggested using combofix in the past. I have no other association with sUBs or combofix or bleeping computer.
Updated 10/16/09 14:25:
There has been released a BETA that apparently doesn't do the bad things... I suggest following BleepinComputer for updated info.
Updated 12/28/09 18:05:
Apparently, combofix has been erm... fixed. Thanks for stopping by.
Showing posts with label virus. Show all posts
Showing posts with label virus. Show all posts
Wednesday, December 16, 2009
Wednesday, November 18, 2009
Remove a dll attached to WinLogon
From this thread, the best answer given was essentially to remove inheritance and all permissions to the file, then reboot, then delete the file. (Mitigating factor: if it self-heals permissions).
The next best answer was to boot from an XP CD in System Recovery mode.
The third best answer (from *MY* point of view, because it *is* that simple) is to boot from a LiveCD, mount the file system as writeable and delete the file. The down side is a *possibility* of messing up NTFS file systems, but IMO that is not a huge risk.
I had to do this to fix an m.exe autorun.inf USB dropper that had a dll that stuck to winlogon notify.
The next best answer was to boot from an XP CD in System Recovery mode.
The third best answer (from *MY* point of view, because it *is* that simple) is to boot from a LiveCD, mount the file system as writeable and delete the file. The down side is a *possibility* of messing up NTFS file systems, but IMO that is not a huge risk.
I had to do this to fix an m.exe autorun.inf USB dropper that had a dll that stuck to winlogon notify.
Subscribe to:
Posts (Atom)