Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Virus/Malware >>>>>About Combofix by sUBs<<<<<, READ BEFORE USING OR RECOMMENDING

views
     
TSBlueWind
post Mar 11 2011, 12:19 AM, updated 9y ago

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



About Combofix and reasons behind
Combofix is intended to be used under a TRAINED MALWARE SPECIALIST because they have the knowledge on how to use Combofix properly and propose a special fix based on the log given. As powerful as it may seem, when helpers use Combofix as a tool, it often takes MORE THAN one round to properly eradicate stubborn infections which I hope this explains the powerful nature of this specialized tool. I believe we have seen enough people in LYN Tech Support forum most of the time suggest victims to run ComboFix based on their experience using it without supervision simply because they thought they had successfully disinfected the whole machine and absence of symptoms does not mean the infection is all gone. Frankly speaking, only trained specialist will only know the inner workings of CF and the way it behaves.

BEAR IN MIND that using this tool will also risk of causing BOOT FAILURE on the machine rendering it useless.

As described from Bleeping Computer :
QUOTE
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


I have seen enough people ignorant enough to propose the use of this tool whenever there appears to be a malware problem in someone's machine.

Therefore, we PLEAD everyone especially those who are untrained, DO NOT ever suggest victims to run CF and we would like to REMIND you once again that the logs generated each run from CF is solely intended use by a trained analyst.


Note : Combofix is in no way affiliated with combofix.org



Updated on 28/9/2011

This post has been edited by BlueWind: Sep 28 2011, 06:33 PM
kailoonthedog
post Mar 11 2011, 03:35 AM

I have no super cow power~~~
*******
Senior Member
2,470 posts

Joined: Nov 2007
So how am i going to become a train specialist in using combofix??
TSBlueWind
post Mar 11 2011, 10:48 AM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



These are the few options you can consider enrolling. The teaching style and method for different school varies. Click on the link below to see.

http://www.uniteagainstmalware.com/schools.php
kailoonthedog
post Mar 11 2011, 10:57 AM

I have no super cow power~~~
*******
Senior Member
2,470 posts

Joined: Nov 2007
so every school must pay tuition fees??or is there school that offer teaching for free??style and method different,but in the end is it i gain the same knowledge in any school i learned ??
TSBlueWind
post Mar 11 2011, 11:33 AM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



These are all free. All teachers and malware helpers come from all walks of life. They volunteer their time and effort to help people. This will not be an easy one as you need 6 to 9 months or more to complete depending on your ability and knowledge. So if you don't have the drive and passion to do it, then better not waste everyone's time. smile.gif

Yes they are all different, but our ultimate goal is always the same and that is to help people.
skeleton123
post Mar 19 2011, 06:37 PM

Getting Started
**
Junior Member
206 posts

Joined: Aug 2010



thanks for the info!
joefbi
post Mar 22 2011, 05:19 PM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


erm, i just run it...then close after done scanning. no manual handling after that.

my experience is, its works well...no others issues have to dizzy about.

ok then, after this i never recommend CF again to others.
but, i will and still use it even not having a class to learn how's to..

until bleepingcomp decide i need pay for it to use

tq 4 the infos
TSBlueWind
post Apr 17 2011, 11:07 AM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



QUOTE(joefbi @ Apr 15 2011, 05:20 PM)
i used to be infected with the virus which is disable my task manager...

i just try running 'Hijackthis' and 'combofix' in the safe mode with System Restore OFF.

after that the infection gone...i dunno wether its the same virus or not...

another thing, there were some ppl are giving reminder to be carefull on using this kind of tools...i dunno why and i just using it without any problem, so far.
*
The initial post still not clear enough to you even you implied that you have understood? doh.gif
joefbi
post Apr 26 2011, 01:03 PM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


Regarding to the issued about using COMBOFIX(CF) to fix ur virus/malware in your machine.
Im the one who use it on my fren suggestion, and yes...im not expert in using CF.
My pc just infected with some virus, cannot recall the type and name. Just follow my fren
tell me to run it in safe mode and turn off all system restore on all drives.
im just run CF(CF must be downloaded from bleeping computer for fresh copy, otherwise it useless)
Cf was not require me to do manual deleting or any others option...i just click to run and wait...

the method is:

1. accept the terms(of coz CF author wont take any responsibilty on the used, also others free-apps author do so)
2. disable Active AV protection, to ensure no conflicts with CF while scanning
3. Asking to download Windows Recovery Console(need internet connection) u can skip this step (optional)
4. CF will make a restore point (if anything goes wrong, u can restore previous state)
5. CF will start scan, stage by stage (including automatic delete on malicious detection) it will be 50 stage if not mistaken.
6. If CF make deletion, it will required u to restart ur machine(in same account e.g safe mode) to complete the task
7. After that, CF will log u a scan report in txt file which u can use it to show it to experts for further action.
CF will tell u where is location/folders this log will be keept, so u can retreive them later.
8. by this point, user still not required to do anything e.g manual delete or another options. and CF will close automatically.

im been told that u have to show the scan report to experts, so they can guide you what to do...my Qs is,
if u dont run it for the 1st time, how come u can get the scan report?

CF if bit differ from hijackthis(HT) which after scan u are able to choose to fix (require to thick the list box)
or just leave it unchange(just view the log's or show the log's to experts, its your choice) but in CF, there was no choice.

im just notify CF was fix back some register i was delete before scan like 'isshortcut' (to remove small arrow on shortcut icon on your desktop) after scan done, this small arrow comes back...others than that was not noticeable to me(yes, im not expert)

Others than that, i have no problem or difficulties in my system, everything seem ok and normal. Iv been using CF
many times on my rigs, my relatives pc's and lappy's also some of my frens. thier probs of insfection gone and
their system were ok since long time ago were using CF.

i dunno if others have a bad experience using CF (not because of others reason, but CF itself) may share your
experience here...dont get me wrong, make this topic clean and discuss in the good means, for sharing and caring.

U may post the log's u have, so experts here(i hope we have) can give some advise...if can do so, u may edit ur log
for some privacy reason.

TQ's
WebWalker
post Apr 26 2011, 02:25 PM

Computer Geek
********
All Stars
12,851 posts

Joined: May 2005
From: Puchong, Selangor



Maybe you can post your question to the pinned Virus/Rootkits thread here :-

http://forum.lowyat.net/topic/474671
joefbi
post Apr 26 2011, 04:52 PM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


i dont think im asking something here...just a discussion only on CF itself.
btw, CF is not an antivirus though...

i open this topic to discuss only on CF matter, the good, and the bad it is...
TSBlueWind
post Apr 26 2011, 06:24 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



QUOTE(joefbi @ Apr 26 2011, 01:03 PM)
Regarding to the issued about using COMBOFIX(CF) to fix ur virus/malware in your machine.
Im the one who use it on my fren suggestion, and yes...im not expert in using CF.
My pc just infected with some virus, cannot recall the type and name. Just follow my fren
tell me to run it in safe mode and turn off all system restore on all drives.
im just run CF(CF must be downloaded from bleeping computer for fresh copy, otherwise it useless)
Cf was not require me to do manual deleting or any others option...i just click to run and wait...
Actually CF is best run in normal mode because the scans itself is best optimized this way and we would never advise people to turn off their system restore and only clear infected system restore cache once we are done with disinfection process.

QUOTE
the method is:

1. accept the terms(of coz CF author wont take any responsibilty on the used, also others free-apps author do so)
2. disable Active AV protection, to ensure no conflicts with CF while scanning
3. Asking to download Windows Recovery Console(need internet connection) u can skip this step (optional)
4. CF will make a restore point (if anything goes wrong, u can restore previous state)
5. CF will start scan, stage by stage (including automatic delete on malicious detection) it will be 50 stage if not mistaken.
6. If CF make deletion, it will required u to restart ur machine(in same account e.g safe mode) to complete the task
7. After that, CF will log u a scan report in txt file which u can use it to show it to experts for further action.
CF will tell u where is location/folders this log will be keept, so u can retreive them later.
8. by this point, user still not required to do anything e.g manual delete or another options. and CF will close automatically.

im been told that u have to show the scan report to experts, so they can guide you what to do...my Qs is,
if u dont run it for the 1st time, how come u can get the scan report?

Because when we request victims to run CF, that is the time when we deem that the computer has enough questionable entries (i.e. diagnosis logs namely DDS coupled with anti-rookit scan). So once they requested victims to run CF for the first time, they will need the CF log to plan for further action should the problem persists and like I mentioned on my initial post, it takes more than one round to eradicate which happens quite often.

QUOTE
CF if bit differ from hijackthis(HT) which after scan u are able to choose to fix (require to thick the list box)
or just leave it unchange(just view the log's or show the log's to experts, its your choice) but in CF, there was no choice.

For this helpers will know the directives to put CF into good use and this is not publicly published because CF is very intrusive. Unlike HJT which only modifies registry that's all, and CF on the other hand performs much deeper level of scan and fixes.

QUOTE
im just notify CF was fix back some register i was delete before scan like 'isshortcut' (to remove small arrow on shortcut icon on your desktop) after scan done, this small arrow comes back...others than that was not noticeable to me(yes, im not expert)

Others than that, i have no problem or difficulties in my system, everything seem ok and normal. Iv been using CF
many times on my rigs, my relatives pc's and lappy's also some of my frens. thier probs of insfection gone and
their system were ok since long time ago were using CF.

i dunno if others have a bad experience using CF (not because of others reason, but CF itself) may share your
experience here...dont get me wrong, make this topic clean and discuss in the good means, for sharing and caring.

U may post the log's u have, so experts here(i hope we have) can give some advise...if can do so, u may edit ur log
for some privacy reason.

TQ's
*
Admittedly, yes during its first initial scan sometimes it can be very effective in clearing up junks for us, and usually the log will show there is more to clean. I always tell people that the absence of symptom does not equate to a clean system and in fact we can never be 100% sure about it.

Trust me, I've borked people's system using CF alone and that is where helpers try to salvage the computer using recovery console.

For log editing, it is not encouraged to do that but obviously sometimes when the log is short and easier to eyes, people will tend to do that to avoid the helper from refraining themselves to continue further in helping especially when the OS is not legit.
joefbi
post Apr 27 2011, 05:26 PM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


yeah, this is it...good discussion we have here...

i believe CF also fix registry like HJT do..rite?
chrisling
post Apr 27 2011, 06:59 PM

Helper Trainee+
******
Senior Member
1,684 posts

Joined: Nov 2006
From: KL


QUOTE(joefbi @ Apr 27 2011, 05:26 PM)
yeah, this is it...good discussion we have here...

i believe CF also fix registry like HJT do..rite?
*
Yes definitely it does. Registry fixing is the way to learn to against malware infection, the very beginning one. If you want to know how far it does, change the Combofix extension to compress filed format eg. .zip, .7z. And then open it up. Read through those .bat files, you would understand more if you really interested on it. Credit to sUBs, our former Moderator in lowyat Technical Support. smile.gif He is a genius. biggrin.gif
blackmachine
post May 25 2011, 03:18 PM

Enthusiast
*****
Senior Member
723 posts

Joined: Jan 2003
From: SG Wang Plaza



thank you for the info TS, i've tried using Combofix then Sdfix, sometimes it can erase the problem, but sometimes need to use extra tools in order to clear the issue, but i just only use it like that, because didnt have knowledge on how to use it properly, just click click click and hoping nothing bad happened to the pc. in everyday use, i need combofix with SDfix to clear all the malware in order to makesure all the pc running fine, if any sifu would like to share how to use the combifix properly, that would be very good
TSBlueWind
post May 25 2011, 05:50 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



Just so you know, recently there was a bug in CF version which caused program files to be deleted in an alphabetical order and was quickly rectified soon after.

We can't share info for using it, but you can choose to enroll training schools as given link on my third post.
H4XF4XTOR
post May 26 2011, 03:06 PM

【ツ】PANDAMON 【ツ】
*******
Senior Member
3,075 posts

Joined: May 2011
From: ▁ ▂ ▃ ▄ ▅ ▆ █ 100 %



ive been using CF for a while now..im using it at XP without problem but on 7.. CF will unhide your system folder like program data etc etc... so not recommended. . and I take CF as a last resort.. usually when i dont have any other option rather than format.. But. CF loose to virut.. a patching virus... hahaha.. it cant even run when my pc infected with this virut virus
joefbi
post Jun 1 2011, 09:08 AM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


virut virus? never experienced before...is it very bad?
Coldf3ar
post Jun 8 2011, 02:00 AM

Casual
***
Junior Member
496 posts

Joined: Jul 2008
QUOTE(H4XF4XTOR @ May 26 2011, 03:06 PM)
ive been using CF for a while now..im using it at XP without problem but on 7.. CF will unhide your system folder like program data etc etc... so not recommended. . and I take CF as a last resort.. usually when i dont have any other option rather than format..  But. CF loose to virut.. a patching virus... hahaha.. it cant even run when my pc infected with this virut virus
*
Is it? I've been infected by Virut before. 1 time Combo-Fix is enuf to settle it down. Not sure if there any thing left behind. But my pc working well after that wink.gif
rikimtasu
post Jun 8 2011, 10:48 AM

Tired...
*****
Senior Member
760 posts

Joined: Apr 2008


It better to do a combofix,and then install MBAM and do a full scan.It never hurt to do that.
JayChoww
post Jun 8 2011, 01:33 PM

New Member
*
Junior Member
48 posts

Joined: Aug 2007


I always use CF to kill active virus and then full scan with antivirus to clean the rest. I do it everytime to my customer pc/laptop tongue.gif and yes sometimes it cannot boot at all biggrin.gif but i give choice to my customer if i can't clean it using CF i reformat their pc/laptop.
joefbi
post Jun 30 2011, 12:56 PM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


it cannot boot after using CF or cannot boot before using it?


Added on June 30, 2011, 12:58 pm
QUOTE(Coldf3ar @ Jun 8 2011, 02:00 AM)
Is it? I've been infected by Virut before. 1 time Combo-Fix is enuf to settle it down. Not sure if there any thing left behind. But my pc working well after that wink.gif
*
you may run Ccleaner after that to ensure every left was swipe out


This post has been edited by joefbi: Jun 30 2011, 12:58 PM
arepit
post Jul 2 2011, 06:57 PM

Casual
***
Junior Member
397 posts

Joined: Feb 2005
From: On the top of the world



To be honest, I am aware of the warning and all that...

But...to refrain myself from using it is a very bad idea...

I have been using it for quite some time and never it had failed me..

CF couple with a few other tools can make a great fixing tool...
What I have been practicing is I used CF, MBAM then CCleaner....and voila...so far it works for most of the time...
darkskies
post Jun 10 2012, 11:06 AM

Look at all my stars!!
*******
Senior Member
2,336 posts

Joined: Nov 2007
From: 特別壱参番対ゴミ人間調査隊大将



there's no one click solution to malware/virus.. the cleaner u want ur pc to be, the more risk in chances of meddling with window registries which is fatal. that's the sad part about how stagnant n restricted window runs despite being a userfriendly os for years. the true solution always boil down to one only which is reformat.
verdangilte
post Sep 21 2012, 10:31 AM

Regular
******
Senior Member
1,379 posts

Joined: Aug 2009


Are u sure w7 cant use CF ? i tried on my working lappy.. a virus supplier ...i duno previous user how to use it... i just c cleaner one time..can found many useless folders or files or system file and once i clean it..i gt 2gb free space bak..=.=

but so far i use CF ...ok wa..i just dl from website and run it in normal mode...let it run and i just meeting with colleageus ..after it..restart n c cleaner again..case settle...better than use KAV which cost me more than 2 hour to full scan ....doh.gif
TSBlueWind
post Sep 27 2012, 01:11 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



I did not update the first post and a lot of changes have been done on ComboFix since then.

Like I said, CF can be a very powerful tool to use in dealing with infections as you can see for yourself. But the fact remains that depending on the kinds of malware you're getting, especially the stubborn ones may cause BSOD.

I can only warn but not stopping from anybody using it.
aaronming
post Dec 11 2012, 07:15 PM

New Member
*
Junior Member
4 posts

Joined: Oct 2012
I wonder why Combo Fix always removes my flash get.. >.>
XeMoAsLaM91
post Oct 14 2013, 07:55 AM

I ❤ BooBs
*******
Senior Member
2,154 posts

Joined: Jan 2013
From: PLUTO


QUOTE(rikimtasu @ Jun 8 2011, 10:48 AM)
It better to do a combofix,and then install MBAM and do a full scan.It never hurt to do that.
*
what is MBAM?
xinanxxx
post Oct 14 2013, 02:36 PM

Getting Started
**
Junior Member
196 posts

Joined: Mar 2006
From: KL to Melaka


how about server? afaik cf cannot work on win server..any software that have same capability like cf?
loyoy
post Oct 16 2013, 03:27 PM

New Member
*
Newbie
4 posts

Joined: Sep 2013
QUOTE(BlueWind @ Mar 11 2011, 01:19 AM)
About Combofix and reasons behind
Combofix is intended to be used under a TRAINED MALWARE SPECIALIST because they have the knowledge on how to use Combofix properly and propose a special fix based on the log given. As powerful as it may seem, when helpers use Combofix as a tool, it often takes MORE THAN one round to properly eradicate stubborn infections which I hope this explains the powerful nature of this specialized tool. I believe we have seen enough people in LYN Tech Support forum most of the time suggest victims to run ComboFix based on their experience using it without supervision simply because they thought they had successfully disinfected the whole machine and absence of symptoms does not mean the infection is all gone. Frankly speaking, only trained specialist will only know the inner workings of CF and the way it behaves.

BEAR IN MIND that using this tool will also risk of causing BOOT FAILURE on the machine rendering it useless.

As described from Bleeping Computer :
I have seen enough people ignorant enough to propose the use of this tool whenever there appears to be a malware problem in someone's machine.

Therefore, we PLEAD everyone especially those who are untrained, DO NOT ever suggest victims to run CF and we would like to REMIND you once again that the logs generated each run from CF is solely intended use by a trained analyst.
Note : Combofix is in no way affiliated with combofix.org
Updated on 28/9/2011
*
So how am i going to become a train specialist in using combofix?? rclxub.gif
#aten
post Mar 13 2014, 06:35 PM

Getting Started
**
Junior Member
250 posts

Joined: Dec 2013


been using combofix back in 2009 but since switched to Malwarebytes, i have no need for it already

now i'm not sure whether the combofix tool is maintained & updated to cope with Windows 7/Windows 8 operating systems

anyone still using this fix today?

---
edit: found that it works still on Windows 7 machine, but not tested on Windows 8/8.1

This post has been edited by #aten: Mar 13 2014, 06:40 PM
TSBlueWind
post Mar 16 2014, 10:08 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



You could run Windows 8 on it but not 8.1.

ahchat
post Nov 26 2014, 09:00 AM

WISE KUCENG
*****
Senior Member
885 posts

Joined: Sep 2010
From: PJ, KL, USJ, SP



QUOTE(BlueWind @ Mar 16 2014, 10:08 PM)
You could run Windows 8 on it but not 8.1.
*
hi, can it run windows 7 home premium? i need to remove a virus on my pc (backdoor.win64.agent.en) sad.gif
SlamberGamer
post Jan 24 2015, 11:17 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


i dont think this software ever cause boot failure. used it for a long time already
SlamberGamer
post Jan 24 2015, 11:18 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


beside combofix u can always use malwarebyte it have same fuction.. best use for win 8.1 where combofix wont do any good.
syrus.plaine
post Feb 16 2015, 12:31 PM

Getting Started
**
Junior Member
62 posts

Joined: Nov 2013
From: Across the Horizon


Ran in Malware analysis platform, does pretty much what a malware does.
SlamberGamer
post Mar 5 2015, 06:02 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


QUOTE(XeMoAsLaM91 @ Oct 14 2013, 07:55 AM)
what is  MBAM?
*
Malwarebyte
SlamberGamer
post Mar 5 2015, 06:03 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


QUOTE(BlueWind @ Mar 16 2014, 10:08 PM)
You could run Windows 8 on it but not 8.1.
*
Hoping that cf will support every window.. im strunging with other method bcoz cf is simply the best

XeMoAsLaM91
post Mar 14 2015, 06:16 AM

I ❤ BooBs
*******
Senior Member
2,154 posts

Joined: Jan 2013
From: PLUTO


QUOTE(SlamberGamer @ Mar 5 2015, 06:02 PM)
Malwarebyte
*
oh thx hahah
Variants
post Mar 26 2015, 04:07 PM

<3 Mill
****
Junior Member
503 posts

Joined: Sep 2010



i've been asked by my friend by this ComboFix. and i've run it. is it gonna do anything?
SlamberGamer
post Mar 29 2015, 08:35 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


QUOTE(Variants @ Mar 26 2015, 04:07 PM)
i've been asked by my friend by this ComboFix. and i've run it. is it gonna do anything?
*
run in in safe mode and with administrator for the best cleaning process.. it will remove almost all of the virus malware in your pc..
TSBlueWind
post Mar 30 2015, 06:57 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



QUOTE(SlamberGamer @ Mar 29 2015, 08:35 PM)
run in in safe mode and with administrator for the best cleaning process.. it will remove almost all of the virus malware in your pc..
*
Really? Since when CF is best run under safe mode?
SlamberGamer
post Mar 30 2015, 11:42 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


QUOTE(BlueWind @ Mar 30 2015, 06:57 PM)
Really? Since when CF is best run under safe mode?
*
Since i have used it for every pc that i ever repaired.. and it works like charm...
TSBlueWind
post Apr 1 2015, 08:41 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



It was designed to run best under normal mode. Not safe mode. Anyhow the development for CF has slow down quite a lot lately.
SlamberGamer
post Apr 1 2015, 08:46 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


QUOTE(BlueWind @ Apr 1 2015, 08:41 PM)
It was designed to run best under normal mode. Not safe mode. Anyhow the development for CF has slow down quite a lot lately.
*
Yes... maybe their optimize it to use under normal mode for normal user.. every it guy know safe mode is the best way to get rid of the virus process and program.. its just my habit.. and always work like charm for me..
netmatrix
post Apr 1 2015, 09:01 PM

The machine... it sees everything.
*******
Senior Member
6,491 posts

Joined: Jan 2003
From: Zion


Combofix should be used as a last resort. Inside bleepingcomputer site has at least 3 useful tools to start disinfecting malware and viruses.

Combofix it actually a combination of the anti malware softwares listed in its site. Hence the name Combofix.

You can run combofix in normal windows mode provided the pc does not have aggresive memory resident programs that could disable combofix or any malware cleaner. If you have encountered that kind of virus that disables everything to clean it, that would be hardest and require an external boot disk to clean the hdd.

Running combofix in Safe mode, may or not help in the cleaning process. The 1 camp i know would run it in normal mode so it could catch the memory resident programs in action. The other camp runs it in safe mode citing the saved time bypassing auto loading memory resident malwares. Both has its merits and can be used depending on need.

Some malwares can be packaged together with system Restore and can come back as a repaired anomaly of lost windows files. So disabling System Restore can be done if needed also. Most anti malware programs will scan system restore files these days. But it never hurts to learn old techniques.


tomrichard618
post Jul 26 2017, 09:58 AM

New Member
*
Newbie
3 posts

Joined: Jul 2017
So how am i going to become a train specialist in using combofix??
joefbi
post Dec 12 2018, 05:14 PM

joefbi a.k.a roketx
*******
Senior Member
2,558 posts

Joined: Nov 2010
From: Rawang


Thread Closed. No more combofix support for Win10..haha

 

Change to:
| Lo-Fi Version
0.0184sec    0.31    5 queries    GZIP Disabled
Time is now: 28th March 2024 - 10:50 PM