Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MBAM finds rogue.multiple, here are Combofix results

29 Apr 2015   #1
gregrocker

 
MBAM finds rogue.multiple, here are Combofix results

Hi all -

I was working on my Uncles office PC tonight installing 13 optional Updates while running a MBAM scan, which suddenly popped up with rogue.multiple infection I googled to find Combofix suggested. Ran Combofix which log I am uploading here for your wisdom.

Incidentally, at restart after Combofix the Updates attempted to install and then Reverted for 20 minutes, back to Desktop. It took running Windows Update troubleshooter to get them back into the Updates queue and installed.

Another MBAM scan comes out clean, but I don't see the rogue found earlier in Quarantine file. I wonder if CF deleted it?

Thanks!




Attached Files
File Type: txt ComboFix.txt (18.8 KB, 12 views)
My System SpecsSystem Spec
.
30 Apr 2015   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Greg, these items were deleted:
c:\program files\ShopperPro
c:\program files\ShopperPro\config.json
c:\program files\ShopperPro\database1_0_0.json
c:\program files\ShopperPro\FireFox\content\overlay.xul
c:\program files\ShopperPro\FireFox\content\shopperpro_128.png
c:\program files\ShopperPro\FireFox\install.rdf
c:\program files\ShopperPro\JSDriver\1.37.0.871\config.json
c:\program files\ShopperPro\JSDriver\1.37.0.871\database1_0_0.json
c:\program files\ShopperPro\manifest.json
c:\programdata\ShopperPro
c:\programdata\ShopperPro\config.json
c:\programdata\ShopperPro\database1_0_0.json
c:\users\MPCHOA\AppData\Local\nstF105.tmp
c:\windows\system32\SET709C.tmp
C:\Windows6.1-KB2533552-X86.msu

Did you look in here? C:\Qoobox\ComboFix-quarantined-files.txt
My System SpecsSystem Spec
30 Apr 2015   #3
gregrocker

 

Yeah, it's all there. Can I delete it and all other Combofix folders out of C?

Does anything it found look serious? Just adware?

I guess the more serious rogue virus which was found earlier by MBAM got deleted from its quarantine, possibly by Combofix?

When MBAM found rogue.multiple I googled and was pointed to Combofix which is why I ran it.
My System SpecsSystem Spec
.

30 Apr 2015   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Looks like CF found all adware, but to be sure, run ESET OnlineScan.... ESET OnlineScan[*]Click the button.[*]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  1. Click on to download the ESET Smart Installer. Save it to your desktop.
  2. Double click on the icon on your desktop.
[*]Check [*]Click the button.[*]Accept any security warnings from your browser.[*]Check [*]Push the Start button.[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Push the button.[*]Push [/list]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The following will implement important cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
My System SpecsSystem Spec
30 Apr 2015   #5
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

From post #1

Quote:
I was working on my Uncles office PC tonight installing 13 optional Updates while running a MBAM scan
I would not recommend running any scans while using Windows 7 Updates.
Update Windows 7, reboot and then run the scans.
My System SpecsSystem Spec
01 May 2015   #6
1PW

 
 

Running sUBs' ComboFix to mitigate adware found by a MBAM2 scan is a bit like using a M183 C4 Satchel Charge to clean out a back yard fish pond. The OP is quite fortunate that ComboFix did not brick the Uncle's office PC.

If MBAM2 finds anything actionable, a simple follow-up with a quarantine (if not already automatically done), followed by a subsequent deletion from quarantine a week later, would suffice. Small Job = Small Tool.

HTH
My System SpecsSystem Spec
01 May 2015   #7
gregrocker

 

Thank you all.

As stated in OP the rogue.multiple found by Combofix when googled suggested to run ComboFix. Was this not advisable?

I have run ComboFix before and realize it is a powerful tool which should not be run casually.

In hindsight I should have cleared the Updates which were running in background before running it.
My System SpecsSystem Spec
01 May 2015   #8
1PW

 
 

Quote   Quote: Originally Posted by gregrocker View Post
As stated in OP the rogue.multiple found by Combofix when googled suggested to run ComboFix. Was this not advisable?
If MBAM2 does flag malware after a scan, MBAM2 can optionally deal with it/them.

Even Malware Removal professionals will not run ComboFix until other diagnostic information has been thoroughly analyzed.

HTH
My System SpecsSystem Spec
01 May 2015   #9
gregrocker

 

Again and as stated in OP, MBAM said it quarantined rogue.multiple, but it didn't show up in MBAM Quarantine folder.

At least two disinfection sites suggested CF for that infection. I have used CF in the past many times.
My System SpecsSystem Spec
01 May 2015   #10
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If it was my computer I would ask Jacee to take a look at the Combofix log before going any farther.
My System SpecsSystem Spec
Reply

 MBAM finds rogue.multiple, here are Combofix results




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Do not use Combofix on your own!!
This is a 'specialized/heavy duty tool' and it can render your computer as a doorstop if not used without trained supervision. :cry: Please don't download and run it unless you are asked to do so by a "certified" malware instuctor who has gone through the use and special training of this...
System Security
Combofix infected
Users who downloaded combofix yesterday,please check for SALITY infection Information about ComboFix being infected and what you should do
System Security
Multiple networks results in loss of WAN
Lost my WAN. I am troublshooting router/ modem issues so I am direct connected to my modem bypassing my router. but to maintain my LAN for sharing I am using a wireless dongle as I only have one ethernet port. as soon as my wireless is connected Win7 drops internet from the ethernet. even if I have...
Network & Sharing
cannot open combofix.exe
Hey everyone, I have one computer running XP Home x86, and I am certain it has a virus. I had ComboFix in a folder of utilities I downloaded, but when I tried to run ComboFix.exe, nothing happened. I know the file is not corrupted, because when I run it on my Windows 7 machine, it will open up...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:53.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App