MBAM finds rogue.multiple, here are Combofix results

Page 1 of 2 12 LastLast

  1. gregrocker
    Posts : 50,642
       New #1

    MBAM finds rogue.multiple, here are Combofix results


    Hi all -

    I was working on my Uncles office PC tonight installing 13 optional Updates while running a MBAM scan, which suddenly popped up with rogue.multiple infection I googled to find Combofix suggested. Ran Combofix which log I am uploading here for your wisdom.

    Incidentally, at restart after Combofix the Updates attempted to install and then Reverted for 20 minutes, back to Desktop. It took running Windows Update troubleshooter to get them back into the Updates queue and installed.

    Another MBAM scan comes out clean, but I don't see the rogue found earlier in Quarantine file. I wonder if CF deleted it?

    Thanks!
    MBAM finds rogue.multiple, here are Combofix results Attached Files
    Last edited by gregrocker; 30 Apr 2015 at 11:45.
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    Greg, these items were deleted:
    c:\program files\ShopperPro
    c:\program files\ShopperPro\config.json
    c:\program files\ShopperPro\database1_0_0.json
    c:\program files\ShopperPro\FireFox\content\overlay.xul
    c:\program files\ShopperPro\FireFox\content\shopperpro_128.png
    c:\program files\ShopperPro\FireFox\install.rdf
    c:\program files\ShopperPro\JSDriver\1.37.0.871\config.json
    c:\program files\ShopperPro\JSDriver\1.37.0.871\database1_0_0.json
    c:\program files\ShopperPro\manifest.json
    c:\programdata\ShopperPro
    c:\programdata\ShopperPro\config.json
    c:\programdata\ShopperPro\database1_0_0.json
    c:\users\MPCHOA\AppData\Local\nstF105.tmp
    c:\windows\system32\SET709C.tmp
    C:\Windows6.1-KB2533552-X86.msu

    Did you look in here? C:\Qoobox\ComboFix-quarantined-files.txt
      My Computer
    Quote Quote

  4. gregrocker
    Posts : 50,642
    Thread Starter
       New #3

    Yeah, it's all there. Can I delete it and all other Combofix folders out of C?

    Does anything it found look serious? Just adware?

    I guess the more serious rogue virus which was found earlier by MBAM got deleted from its quarantine, possibly by Combofix?

    When MBAM found rogue.multiple I googled and was pointed to Combofix which is why I ran it.
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #4

    Looks like CF found all adware, but to be sure, run ESET OnlineScan.... ESET OnlineScan[*]Click the button.[*]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
    [*]Check [*]Click the button.[*]Accept any security warnings from your browser.[*]Check [*]Push the Start button.[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Push the button.[*]Push [/list]
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The following will implement important cleanup procedures as well as reset System Restore points:
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall
      My Computer
    Quote Quote

  7. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #5

    From post #1

    I was working on my Uncles office PC tonight installing 13 optional Updates while running a MBAM scan
    I would not recommend running any scans while using Windows 7 Updates.
    Update Windows 7, reboot and then run the scans.
      My Computer
    Quote Quote

  8. 1PW
    Posts : 41
    W7
       New #6

    Running sUBs' ComboFix to mitigate adware found by a MBAM2 scan is a bit like using a M183 C4 Satchel Charge to clean out a back yard fish pond. The OP is quite fortunate that ComboFix did not brick the Uncle's office PC.

    If MBAM2 finds anything actionable, a simple follow-up with a quarantine (if not already automatically done), followed by a subsequent deletion from quarantine a week later, would suffice. Small Job = Small Tool.

    HTH :)
      My Computer
    Quote Quote

  10. gregrocker
    Posts : 50,642
    Thread Starter
       New #7

    Thank you all.

    As stated in OP the rogue.multiple found by Combofix when googled suggested to run ComboFix. Was this not advisable?

    I have run ComboFix before and realize it is a powerful tool which should not be run casually.

    In hindsight I should have cleared the Updates which were running in background before running it.
      My Computer
    Quote Quote

  11. 1PW
    Posts : 41
    W7
       New #8

    gregrocker said:
    As stated in OP the rogue.multiple found by Combofix when googled suggested to run ComboFix. Was this not advisable?
    If MBAM2 does flag malware after a scan, MBAM2 can optionally deal with it/them.

    Even Malware Removal professionals will not run ComboFix until other diagnostic information has been thoroughly analyzed.

    HTH :)
      My Computer
    Quote Quote

  12. gregrocker
    Posts : 50,642
    Thread Starter
       New #9

    Again and as stated in OP, MBAM said it quarantined rogue.multiple, but it didn't show up in MBAM Quarantine folder.

    At least two disinfection sites suggested CF for that infection. I have used CF in the past many times.
      My Computer
    Quote Quote

  13. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #10

    If it was my computer I would ask Jacee to take a look at the Combofix log before going any farther.
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
This is a 'specialized/heavy duty tool' and it can render your computer as a doorstop if not used without trained supervision. :cry: Please don't download and run it unless you are asked to do so by a "certified" malware instuctor who has gone through the use and special training of this...
Combofix infected
in System Security

Users who downloaded combofix yesterday,please check for SALITY infection Information about ComboFix being infected and what you should do
Lost my WAN. I am troublshooting router/ modem issues so I am direct connected to my modem bypassing my router. but to maintain my LAN for sharing I am using a wireless dongle as I only have one ethernet port. as soon as my wireless is connected Win7 drops internet from the ethernet. even if I have...
cannot open combofix.exe
in System Security

Hey everyone, I have one computer running XP Home x86, and I am certain it has a virus. I had ComboFix in a folder of utilities I downloaded, but when I tried to run ComboFix.exe, nothing happened. I know the file is not corrupted, because when I run it on my Windows 7 machine, it will open up...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:23.
Find Us