dxcombin.exe

Tuffgong4

The Donger Need Food!!!!
Political User
Joined
Jun 21, 2002
Messages
2,465
#1
just got a horrible virus on my computer and have no idea where it came from. the file was called dxcombin.exe

I searched google and found nothing describing it and I can't believe what it did to my system.

It took all options away from me. It took away the task manager, regedit, the run command in the start menu, and some other things. I'm running nod32 and windows defender. I just installed spyware blaster and still have no idea how it got on my computer.

This was some bad stuff so be careful. If anyone has any info on this please post here.

I haven't had a virus in a long time, like at least a couple years. And this one messed me up bad
 
Last edited:

Tuffgong4

The Donger Need Food!!!!
Political User
Joined
Jun 21, 2002
Messages
2,465
#3
I searched just that but it brought me to a forum post about torrents...haven't done and torrent downloads since the new build and actually haven't used bittorrent for quite some time. So i don't know how it would have gotten through. I've had such a good run without a virus that i'm confused...the only two things that have changed are that I'm running XP Pro x64 and nod32 and those can't be the reason I would get this.

Maybe someone in my family that uses this computer did something. I'll have to ask.
 

bush dogg

OSNN Senior Addict
Political User
Joined
Jan 8, 2004
Messages
433
#4
This is the first I heard of that but seems it was first seen on Sept 7 2006.

The only thing I could find on it is Here.
 

GoNz0

NTFS Stoner
Joined
Mar 4, 2002
Messages
2,781
#5
without looking into this, an old trick after a virus stopped you using regedit.exe was to rename it to regedit.cmd, if you do that in safe mode you can remove where the little bugger starts itself..
 

nonskidsurfass

OSNN One Post Wonder
Joined
Sep 30, 2006
Messages
1
#6
I have recently noticed this file through my firewall trying to access the internet and did some investigating. Seems to me it may be part of the new DirectX 9.0c v.4.09.0000.0904 software. Doesn't seem malicious as far as I can see and that Prevx page mentioned above seems extremely suspicious right off the bat. Just my thought.
-Nonskidsurfass

Not sure if that last quick reply worked, so excuse the repeat. I recently discovered this dxcombin.exe thru my Firewall and decided to investigate. Looking thru the registry it seems it may be part of the new DirectX software Update v.4.09.0000.0904. Oh yeah and that page listed above... PREVX has spyware written all over it. Let me know your thoughts.
-Nonskidsurfass
 
Last edited by a moderator:

teste

Vanquish is my Hero!
Joined
Feb 3, 2005
Messages
3
#7
I also did some investigation and didn't find any necessarily suspicious behavior from DXcombin, except this: it started itself after running an executable found on a filesharing network, and wanted to access the internet; it did not terminate itself when I closed the original executable and it tried again to access the internet. It also placed itself in the Windows/System 32 XP folder. It did place two new keys to the registry, describing itself as a DirectX run process. That's a small amount of keys. Furthermore, it didn't place itself in the startup processes (msconfig), and after running a scan with HiJack this, there was no trace of alterations. So, honestly, it's probably pretty safe... I could be wrong. All of the symptoms seem to tell me that it's threat level would be very low. peace,
 

LeeJend

OSNN Veteran Addict
Joined
Jan 25, 2003
Messages
5,291
#8
I got 5 pages of hits on dxcombin.

Definitely malware, a Trojan/Backdoor. It blocks access to AV sites to protect itself so you will need to get removal instructions from another computer.

Interestingly there is nothing on any of the major AV sites about it.
 

tdinc

█▄█ ▀█▄ █
Political User
Joined
Dec 6, 2003
Messages
3,507
#9
ANALYSIS OF: DXCOMBIN.EXE

* File Names Used: 45
* Paths Used: 20
* Common File Name: DXCOMBIN.EXE
* Common Path: %WINDIR%\SYSTEM32\
* Vendor Information: No Vendor details specified
* DXCOMBIN.EXE may use 45 or more path and file names, these are the most common:
* 1 :%DESKTOP%\WINTRUST32.EXE
* 2 :%WINDIR%\SYSTEM32\ACTSRV.EXE
* 3 :%WINDIR%\SYSTEM32\DXCOMBIN.EXE
* 4 :%WINDIR%\SYSTEM32\DXCOMBIN2.EXE
* 5 :%WINDIR%\SYSTEM32\IWINAPP.EXE
* 6 :%WINDIR%\SYSTEM32\NETID.EXE
* 7 :%WINDIR%\SYSTEM32\NETIDBAD.EXE
* 8 :%WINDIR%\SYSTEM32\NETMSG.EXE
* 9 :%WINDIR%\SYSTEM32\ODBC.EXE
* 10:%WINDIR%\SYSTEM32\ODBC.EXE.REN
* File Name Structure: Normal
* File and Path Structure: Suspicious, unusually high number of file and path combinations

Tuffgong4, Have you been able to scan and remove the trojan?
 

Tuffgong4

The Donger Need Food!!!!
Political User
Joined
Jun 21, 2002
Messages
2,465
#12
I cleared it up long ago but I like where the topic is going about how there is 0 information about this on some av websites.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Hey ep!

All good with me, applying for microsoft mvp right now, should have done this a while ago.

Notifications don't work, I only found your response by comming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier, mine is perriscalderon at gmail
Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...

Forum statistics

Threads
62,031
Messages
673,546
Members
89,038
Latest member
Samhicks