dxcombin.exe

Tuffgong4

The Donger Need Food!!!!
Political Access
Joined
21 Jun 2002
Messages
2,465
just got a horrible virus on my computer and have no idea where it came from. the file was called dxcombin.exe

I searched google and found nothing describing it and I can't believe what it did to my system.

It took all options away from me. It took away the task manager, regedit, the run command in the start menu, and some other things. I'm running nod32 and windows defender. I just installed spyware blaster and still have no idea how it got on my computer.

This was some bad stuff so be careful. If anyone has any info on this please post here.

I haven't had a virus in a long time, like at least a couple years. And this one messed me up bad
 
Last edited:
I searched just that but it brought me to a forum post about torrents...haven't done and torrent downloads since the new build and actually haven't used bittorrent for quite some time. So i don't know how it would have gotten through. I've had such a good run without a virus that i'm confused...the only two things that have changed are that I'm running XP Pro x64 and nod32 and those can't be the reason I would get this.

Maybe someone in my family that uses this computer did something. I'll have to ask.
 
This is the first I heard of that but seems it was first seen on Sept 7 2006.

The only thing I could find on it is Here.
 
without looking into this, an old trick after a virus stopped you using regedit.exe was to rename it to regedit.cmd, if you do that in safe mode you can remove where the little bugger starts itself..
 
I have recently noticed this file through my firewall trying to access the internet and did some investigating. Seems to me it may be part of the new DirectX 9.0c v.4.09.0000.0904 software. Doesn't seem malicious as far as I can see and that Prevx page mentioned above seems extremely suspicious right off the bat. Just my thought.
-Nonskidsurfass

Not sure if that last quick reply worked, so excuse the repeat. I recently discovered this dxcombin.exe thru my Firewall and decided to investigate. Looking thru the registry it seems it may be part of the new DirectX software Update v.4.09.0000.0904. Oh yeah and that page listed above... PREVX has spyware written all over it. Let me know your thoughts.
-Nonskidsurfass
 
Last edited by a moderator:
I also did some investigation and didn't find any necessarily suspicious behavior from DXcombin, except this: it started itself after running an executable found on a filesharing network, and wanted to access the internet; it did not terminate itself when I closed the original executable and it tried again to access the internet. It also placed itself in the Windows/System 32 XP folder. It did place two new keys to the registry, describing itself as a DirectX run process. That's a small amount of keys. Furthermore, it didn't place itself in the startup processes (msconfig), and after running a scan with HiJack this, there was no trace of alterations. So, honestly, it's probably pretty safe... I could be wrong. All of the symptoms seem to tell me that it's threat level would be very low. peace,
 
I got 5 pages of hits on dxcombin.

Definitely malware, a Trojan/Backdoor. It blocks access to AV sites to protect itself so you will need to get removal instructions from another computer.

Interestingly there is nothing on any of the major AV sites about it.
 
ANALYSIS OF: DXCOMBIN.EXE

* File Names Used: 45
* Paths Used: 20
* Common File Name: DXCOMBIN.EXE
* Common Path: %WINDIR%\SYSTEM32\
* Vendor Information: No Vendor details specified
* DXCOMBIN.EXE may use 45 or more path and file names, these are the most common:
* 1 :%DESKTOP%\WINTRUST32.EXE
* 2 :%WINDIR%\SYSTEM32\ACTSRV.EXE
* 3 :%WINDIR%\SYSTEM32\DXCOMBIN.EXE
* 4 :%WINDIR%\SYSTEM32\DXCOMBIN2.EXE
* 5 :%WINDIR%\SYSTEM32\IWINAPP.EXE
* 6 :%WINDIR%\SYSTEM32\NETID.EXE
* 7 :%WINDIR%\SYSTEM32\NETIDBAD.EXE
* 8 :%WINDIR%\SYSTEM32\NETMSG.EXE
* 9 :%WINDIR%\SYSTEM32\ODBC.EXE
* 10:%WINDIR%\SYSTEM32\ODBC.EXE.REN
* File Name Structure: Normal
* File and Path Structure: Suspicious, unusually high number of file and path combinations

Tuffgong4, Have you been able to scan and remove the trojan?
 
You guys did see that the last post in this thread was two months ago?
 
I cleared it up long ago but I like where the topic is going about how there is 0 information about this on some av websites.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie Electronic Punk Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. 🙁

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk Sazar Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,016
Messages
673,499
Members
5,630
Latest member
REALMTBENJOYER
Back