• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

dxcombin.exe

Tuffgong4

The Donger Need Food!!!!
Political User
#1
just got a horrible virus on my computer and have no idea where it came from. the file was called dxcombin.exe

I searched google and found nothing describing it and I can't believe what it did to my system.

It took all options away from me. It took away the task manager, regedit, the run command in the start menu, and some other things. I'm running nod32 and windows defender. I just installed spyware blaster and still have no idea how it got on my computer.

This was some bad stuff so be careful. If anyone has any info on this please post here.

I haven't had a virus in a long time, like at least a couple years. And this one messed me up bad
 
Last edited:

Tuffgong4

The Donger Need Food!!!!
Political User
#3
I searched just that but it brought me to a forum post about torrents...haven't done and torrent downloads since the new build and actually haven't used bittorrent for quite some time. So i don't know how it would have gotten through. I've had such a good run without a virus that i'm confused...the only two things that have changed are that I'm running XP Pro x64 and nod32 and those can't be the reason I would get this.

Maybe someone in my family that uses this computer did something. I'll have to ask.
 

GoNz0

NTFS Stoner
#5
without looking into this, an old trick after a virus stopped you using regedit.exe was to rename it to regedit.cmd, if you do that in safe mode you can remove where the little bugger starts itself..
 

nonskidsurfass

OSNN One Post Wonder
#6
I have recently noticed this file through my firewall trying to access the internet and did some investigating. Seems to me it may be part of the new DirectX 9.0c v.4.09.0000.0904 software. Doesn't seem malicious as far as I can see and that Prevx page mentioned above seems extremely suspicious right off the bat. Just my thought.
-Nonskidsurfass

Not sure if that last quick reply worked, so excuse the repeat. I recently discovered this dxcombin.exe thru my Firewall and decided to investigate. Looking thru the registry it seems it may be part of the new DirectX software Update v.4.09.0000.0904. Oh yeah and that page listed above... PREVX has spyware written all over it. Let me know your thoughts.
-Nonskidsurfass
 
Last edited by a moderator:

teste

Vanquish is my Hero!
#7
I also did some investigation and didn't find any necessarily suspicious behavior from DXcombin, except this: it started itself after running an executable found on a filesharing network, and wanted to access the internet; it did not terminate itself when I closed the original executable and it tried again to access the internet. It also placed itself in the Windows/System 32 XP folder. It did place two new keys to the registry, describing itself as a DirectX run process. That's a small amount of keys. Furthermore, it didn't place itself in the startup processes (msconfig), and after running a scan with HiJack this, there was no trace of alterations. So, honestly, it's probably pretty safe... I could be wrong. All of the symptoms seem to tell me that it's threat level would be very low. peace,
 
#8
I got 5 pages of hits on dxcombin.

Definitely malware, a Trojan/Backdoor. It blocks access to AV sites to protect itself so you will need to get removal instructions from another computer.

Interestingly there is nothing on any of the major AV sites about it.
 

tdinc

█▄█ ▀█▄ █
Political User
#9
ANALYSIS OF: DXCOMBIN.EXE

* File Names Used: 45
* Paths Used: 20
* Common File Name: DXCOMBIN.EXE
* Common Path: %WINDIR%\SYSTEM32\
* Vendor Information: No Vendor details specified
* DXCOMBIN.EXE may use 45 or more path and file names, these are the most common:
* 1 :%DESKTOP%\WINTRUST32.EXE
* 2 :%WINDIR%\SYSTEM32\ACTSRV.EXE
* 3 :%WINDIR%\SYSTEM32\DXCOMBIN.EXE
* 4 :%WINDIR%\SYSTEM32\DXCOMBIN2.EXE
* 5 :%WINDIR%\SYSTEM32\IWINAPP.EXE
* 6 :%WINDIR%\SYSTEM32\NETID.EXE
* 7 :%WINDIR%\SYSTEM32\NETIDBAD.EXE
* 8 :%WINDIR%\SYSTEM32\NETMSG.EXE
* 9 :%WINDIR%\SYSTEM32\ODBC.EXE
* 10:%WINDIR%\SYSTEM32\ODBC.EXE.REN
* File Name Structure: Normal
* File and Path Structure: Suspicious, unusually high number of file and path combinations

Tuffgong4, Have you been able to scan and remove the trojan?
 

Tuffgong4

The Donger Need Food!!!!
Political User
#12
I cleared it up long ago but I like where the topic is going about how there is 0 information about this on some av websites.
 

Members online

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,962
Messages
673,242
Members
89,017
Latest member
Seggar