QUOTE(joefbi @ Apr 26 2011, 01:03 PM)
Regarding to the issued about using COMBOFIX(CF) to fix ur virus/malware in your machine.
Im the one who use it on my fren suggestion, and yes...im not expert in using CF.
My pc just infected with some virus, cannot recall the type and name. Just follow my fren
tell me to run it in safe mode and turn off all system restore on all drives.
im just run CF(CF must be downloaded from bleeping computer for fresh copy, otherwise it useless)
Cf was not require me to do manual deleting or any others option...i just click to run and wait...
Actually CF is best run in normal mode because the scans itself is best optimized this way and we would never advise people to turn off their system restore and only clear infected system restore cache once we are done with disinfection process.
the method is:
1. accept the terms(of coz CF author wont take any responsibilty on the used, also others free-apps author do so)
2. disable Active AV protection, to ensure no conflicts with CF while scanning
3. Asking to download Windows Recovery Console(need internet connection) u can skip this step (optional)
4. CF will make a restore point (if anything goes wrong, u can restore previous state)
5. CF will start scan, stage by stage (including automatic delete on malicious detection) it will be 50 stage if not mistaken.
6. If CF make deletion, it will required u to restart ur machine(in same account e.g safe mode) to complete the task
7. After that, CF will log u a scan report in txt file which u can use it to show it to experts for further action.
CF will tell u where is location/folders this log will be keept, so u can retreive them later.
8. by this point, user still not required to do anything e.g manual delete or another options. and CF will close automatically.
im been told that u have to show the scan report to experts, so they can guide you what to do...my Qs is,
if u dont run it for the 1st time, how come u can get the scan report?
Because when we request victims to run CF, that is the time when we deem that the computer has enough questionable entries (i.e. diagnosis logs namely DDS coupled with anti-rookit scan). So once they requested victims to run CF for the first time, they will need the CF log to plan for further action should the problem persists and like I mentioned on my initial post, it takes more than one round to eradicate which happens quite often.
CF if bit differ from hijackthis(HT) which after scan u are able to choose to fix (require to thick the list box)
or just leave it unchange(just view the log's or show the log's to experts, its your choice) but in CF, there was no choice.
For this helpers will know the directives to put CF into good use and this is not publicly published because CF is very intrusive. Unlike HJT which only modifies registry that's all, and CF on the other hand performs much deeper level of scan and fixes.
im just notify CF was fix back some register i was delete before scan like 'isshortcut' (to remove small arrow on shortcut icon on your desktop) after scan done, this small arrow comes back...others than that was not noticeable to me(yes, im not expert)
Others than that, i have no problem or difficulties in my system, everything seem ok and normal. Iv been using CF
many times on my rigs, my relatives pc's and lappy's also some of my frens. thier probs of insfection gone and
their system were ok since long time ago were using CF.
i dunno if others have a bad experience using CF (not because of others reason, but CF itself) may share your
experience here...dont get me wrong, make this topic clean and discuss in the good means, for sharing and caring.
U may post the log's u have, so experts here(i hope we have) can give some advise...if can do so, u may edit ur log
for some privacy reason.
Admittedly, yes during its first initial scan sometimes it can be very effective in clearing up junks for us, and usually the log will show there is more to clean. I always tell people that the absence of symptom does not equate to a clean system and in fact we can never be 100% sure about it.
Trust me, I've borked people's system using CF alone and that is where helpers try to salvage the computer using recovery console.
For log editing, it is not encouraged to do that but obviously sometimes when the log is short and easier to eyes, people will tend to do that to avoid the helper from refraining themselves to continue further in helping especially when the OS is not legit.