Welcome Guest ( Log In | Register )

3 Pages  1 2 3 >Bottom
Bump TopicReply to this topicRSS feed Start new topic Start Poll

Outline · [ Standard ] · Linear+

> >>>>>About Combofix by sUBs<<<<<, READ BEFORE USING OR RECOMMENDING (Virus/Malware)

BlueWind
post Mar 11 2011, 12:19 AM, updated 4y ago

Sianzation
*******
Group: Senior Member
Posts: 2,881

Joined: Jan 2007



About Combofix and reasons behind
Combofix is intended to be used under a TRAINED MALWARE SPECIALIST because they have the knowledge on how to use Combofix properly and propose a special fix based on the log given. As powerful as it may seem, when helpers use Combofix as a tool, it often takes MORE THAN one round to properly eradicate stubborn infections which I hope this explains the powerful nature of this specialized tool. I believe we have seen enough people in LYN Tech Support forum most of the time suggest victims to run ComboFix based on their experience using it without supervision simply because they thought they had successfully disinfected the whole machine and absence of symptoms does not mean the infection is all gone. Frankly speaking, only trained specialist will only know the inner workings of CF and the way it behaves.

BEAR IN MIND that using this tool will also risk of causing BOOT FAILURE on the machine rendering it useless.

As described from Bleeping Computer :
QUOTE
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


I have seen enough people ignorant enough to propose the use of this tool whenever there appears to be a malware problem in someone's machine.

Therefore, we PLEAD everyone especially those who are untrained, DO NOT ever suggest victims to run CF and we would like to REMIND you once again that the logs generated each run from CF is solely intended use by a trained analyst.


Note : Combofix is in no way affiliated with combofix.org



Updated on 28/9/2011

This post has been edited by BlueWind: Sep 28 2011, 06:33 PM
kailoonthedog
post Mar 11 2011, 03:35 AM

I have no super cow power~~~
*******
Group: Senior Member
Posts: 2,462

Joined: Nov 2007
So how am i going to become a train specialist in using combofix??
BlueWind
post Mar 11 2011, 10:48 AM

Sianzation
*******
Group: Senior Member
Posts: 2,881

Joined: Jan 2007



These are the few options you can consider enrolling. The teaching style and method for different school varies. Click on the link below to see.

http://www.uniteagainstmalware.com/schools.php
kailoonthedog
post Mar 11 2011, 10:57 AM

I have no super cow power~~~
*******
Group: Senior Member
Posts: 2,462

Joined: Nov 2007
so every school must pay tuition fees??or is there school that offer teaching for free??style and method different,but in the end is it i gain the same knowledge in any school i learned ??
BlueWind
post Mar 11 2011, 11:33 AM

Sianzation
*******
Group: Senior Member
Posts: 2,881

Joined: Jan 2007



These are all free. All teachers and malware helpers come from all walks of life. They volunteer their time and effort to help people. This will not be an easy one as you need 6 to 9 months or more to complete depending on your ability and knowledge. So if you don't have the drive and passion to do it, then better not waste everyone's time. smile.gif

Yes they are all different, but our ultimate goal is always the same and that is to help people.
skeleton123
post Mar 19 2011, 06:37 PM

Getting Started
**
Group: Junior Member
Posts: 206

Joined: Aug 2010



thanks for the info!
joefbi
post Mar 22 2011, 05:19 PM

joefbi a.k.a roketx
*******
Group: Senior Member
Posts: 2,533

Joined: Nov 2010
From: Rawang


erm, i just run it...then close after done scanning. no manual handling after that.

my experience is, its works well...no others issues have to dizzy about.

ok then, after this i never recommend CF again to others.
but, i will and still use it even not having a class to learn how's to..

until bleepingcomp decide i need pay for it to use

tq 4 the infos
BlueWind
post Apr 17 2011, 11:07 AM

Sianzation
*******
Group: Senior Member
Posts: 2,881

Joined: Jan 2007



QUOTE(joefbi @ Apr 15 2011, 05:20 PM)
i used to be infected with the virus which is disable my task manager...

i just try running 'Hijackthis' and 'combofix' in the safe mode with System Restore OFF.

after that the infection gone...i dunno wether its the same virus or not...

another thing, there were some ppl are giving reminder to be carefull on using this kind of tools...i dunno why and i just using it without any problem, so far.
*
The initial post still not clear enough to you even you implied that you have understood? doh.gif
joefbi
post Apr 26 2011, 01:03 PM

joefbi a.k.a roketx
*******
Group: Senior Member
Posts: 2,533

Joined: Nov 2010
From: Rawang


Regarding to the issued about using COMBOFIX(CF) to fix ur virus/malware in your machine.
Im the one who use it on my fren suggestion, and yes...im not expert in using CF.
My pc just infected with some virus, cannot recall the type and name. Just follow my fren
tell me to run it in safe mode and turn off all system restore on all drives.
im just run CF(CF must be downloaded from bleeping computer for fresh copy, otherwise it useless)
Cf was not require me to do manual deleting or any others option...i just click to run and wait...

the method is:

1. accept the terms(of coz CF author wont take any responsibilty on the used, also others free-apps author do so)
2. disable Active AV protection, to ensure no conflicts with CF while scanning
3. Asking to download Windows Recovery Console(need internet connection) u can skip this step (optional)
4. CF will make a restore point (if anything goes wrong, u can restore previous state)
5. CF will start scan, stage by stage (including automatic delete on malicious detection) it will be 50 stage if not mistaken.
6. If CF make deletion, it will required u to restart ur machine(in same account e.g safe mode) to complete the task
7. After that, CF will log u a scan report in txt file which u can use it to show it to experts for further action.
CF will tell u where is location/folders this log will be keept, so u can retreive them later.
8. by this point, user still not required to do anything e.g manual delete or another options. and CF will close automatically.

im been told that u have to show the scan report to experts, so they can guide you what to do...my Qs is,
if u dont run it for the 1st time, how come u can get the scan report?

CF if bit differ from hijackthis(HT) which after scan u are able to choose to fix (require to thick the list box)
or just leave it unchange(just view the log's or show the log's to experts, its your choice) but in CF, there was no choice.

im just notify CF was fix back some register i was delete before scan like 'isshortcut' (to remove small arrow on shortcut icon on your desktop) after scan done, this small arrow comes back...others than that was not noticeable to me(yes, im not expert)

Others than that, i have no problem or difficulties in my system, everything seem ok and normal. Iv been using CF
many times on my rigs, my relatives pc's and lappy's also some of my frens. thier probs of insfection gone and
their system were ok since long time ago were using CF.

i dunno if others have a bad experience using CF (not because of others reason, but CF itself) may share your
experience here...dont get me wrong, make this topic clean and discuss in the good means, for sharing and caring.

U may post the log's u have, so experts here(i hope we have) can give some advise...if can do so, u may edit ur log
for some privacy reason.

TQ's
WebWalker
post Apr 26 2011, 02:25 PM

Computer Geek
********
Group: Senior Member
Posts: 12,527

Joined: May 2005
From: Puchong, Selangor



Maybe you can post your question to the pinned Virus/Rootkits thread here :-

http://forum.lowyat.net/topic/474671
joefbi
post Apr 26 2011, 04:52 PM

joefbi a.k.a roketx
*******
Group: Senior Member
Posts: 2,533

Joined: Nov 2010
From: Rawang


i dont think im asking something here...just a discussion only on CF itself.
btw, CF is not an antivirus though...

i open this topic to discuss only on CF matter, the good, and the bad it is...
BlueWind
post Apr 26 2011, 06:24 PM

Sianzation
*******
Group: Senior Member
Posts: 2,881

Joined: Jan 2007



QUOTE(joefbi @ Apr 26 2011, 01:03 PM)
Regarding to the issued about using COMBOFIX(CF) to fix ur virus/malware in your machine.
Im the one who use it on my fren suggestion, and yes...im not expert in using CF.
My pc just infected with some virus, cannot recall the type and name. Just follow my fren
tell me to run it in safe mode and turn off all system restore on all drives.
im just run CF(CF must be downloaded from bleeping computer for fresh copy, otherwise it useless)
Cf was not require me to do manual deleting or any others option...i just click to run and wait...
Actually CF is best run in normal mode because the scans itself is best optimized this way and we would never advise people to turn off their system restore and only clear infected system restore cache once we are done with disinfection process.

QUOTE
the method is:

1. accept the terms(of coz CF author wont take any responsibilty on the used, also others free-apps author do so)
2. disable Active AV protection, to ensure no conflicts with CF while scanning
3. Asking to download Windows Recovery Console(need internet connection) u can skip this step (optional)
4. CF will make a restore point (if anything goes wrong, u can restore previous state)
5. CF will start scan, stage by stage (including automatic delete on malicious detection) it will be 50 stage if not mistaken.
6. If CF make deletion, it will required u to restart ur machine(in same account e.g safe mode) to complete the task
7. After that, CF will log u a scan report in txt file which u can use it to show it to experts for further action.
CF will tell u where is location/folders this log will be keept, so u can retreive them later.
8. by this point, user still not required to do anything e.g manual delete or another options. and CF will close automatically.

im been told that u have to show the scan report to experts, so they can guide you what to do...my Qs is,
if u dont run it for the 1st time, how come u can get the scan report?

Because when we request victims to run CF, that is the time when we deem that the computer has enough questionable entries (i.e. diagnosis logs namely DDS coupled with anti-rookit scan). So once they requested victims to run CF for the first time, they will need the CF log to plan for further action should the problem persists and like I mentioned on my initial post, it takes more than one round to eradicate which happens quite often.

QUOTE
CF if bit differ from hijackthis(HT) which after scan u are able to choose to fix (require to thick the list box)
or just leave it unchange(just view the log's or show the log's to experts, its your choice) but in CF, there was no choice.

For this helpers will know the directives to put CF into good use and this is not publicly published because CF is very intrusive. Unlike HJT which only modifies registry that's all, and CF on the other hand performs much deeper level of scan and fixes.

QUOTE
im just notify CF was fix back some register i was delete before scan like 'isshortcut' (to remove small arrow on shortcut icon on your desktop) after scan done, this small arrow comes back...others than that was not noticeable to me(yes, im not expert)

Others than that, i have no problem or difficulties in my system, everything seem ok and normal. Iv been using CF
many times on my rigs, my relatives pc's and lappy's also some of my frens. thier probs of insfection gone and
their system were ok since long time ago were using CF.

i dunno if others have a bad experience using CF (not because of others reason, but CF itself) may share your
experience here...dont get me wrong, make this topic clean and discuss in the good means, for sharing and caring.

U may post the log's u have, so experts here(i hope we have) can give some advise...if can do so, u may edit ur log
for some privacy reason.

TQ's
*
Admittedly, yes during its first initial scan sometimes it can be very effective in clearing up junks for us, and usually the log will show there is more to clean. I always tell people that the absence of symptom does not equate to a clean system and in fact we can never be 100% sure about it.

Trust me, I've borked people's system using CF alone and that is where helpers try to salvage the computer using recovery console.

For log editing, it is not encouraged to do that but obviously sometimes when the log is short and easier to eyes, people will tend to do that to avoid the helper from refraining themselves to continue further in helping especially when the OS is not legit.
joefbi
post Apr 27 2011, 05:26 PM

joefbi a.k.a roketx
*******
Group: Senior Member
Posts: 2,533

Joined: Nov 2010
From: Rawang


yeah, this is it...good discussion we have here...

i believe CF also fix registry like HJT do..rite?
chrisling
post Apr 27 2011, 06:59 PM

Helper Trainee+
******
Group: Senior Member
Posts: 1,663

Joined: Nov 2006
From: KL


QUOTE(joefbi @ Apr 27 2011, 05:26 PM)
yeah, this is it...good discussion we have here...

i believe CF also fix registry like HJT do..rite?
*
Yes definitely it does. Registry fixing is the way to learn to against malware infection, the very beginning one. If you want to know how far it does, change the Combofix extension to compress filed format eg. .zip, .7z. And then open it up. Read through those .bat files, you would understand more if you really interested on it. Credit to sUBs, our former Moderator in lowyat Technical Support. smile.gif He is a genius. biggrin.gif
blackmachine
post May 25 2011, 03:18 PM

Enthusiast
*****
Group: Senior Member
Posts: 721

Joined: Jan 2003
From: SG Wang Plaza



thank you for the info TS, i've tried using Combofix then Sdfix, sometimes it can erase the problem, but sometimes need to use extra tools in order to clear the issue, but i just only use it like that, because didnt have knowledge on how to use it properly, just click click click and hoping nothing bad happened to the pc. in everyday use, i need combofix with SDfix to clear all the malware in order to makesure all the pc running fine, if any sifu would like to share how to use the combifix properly, that would be very good
BlueWind
post May 25 2011, 05:50 PM

Sianzation
*******
Group: Senior Member
Posts: 2,881

Joined: Jan 2007



Just so you know, recently there was a bug in CF version which caused program files to be deleted in an alphabetical order and was quickly rectified soon after.

We can't share info for using it, but you can choose to enroll training schools as given link on my third post.
H4XF4XTOR
post May 26 2011, 03:06 PM

【ツ】PANDAMON 【ツ】
*******
Group: Senior Member
Posts: 3,072

Joined: May 2011
From: ▁ ▂ ▃ ▄ ▅ ▆ █ 100 %



ive been using CF for a while now..im using it at XP without problem but on 7.. CF will unhide your system folder like program data etc etc... so not recommended. . and I take CF as a last resort.. usually when i dont have any other option rather than format.. But. CF loose to virut.. a patching virus... hahaha.. it cant even run when my pc infected with this virut virus
joefbi
post Jun 1 2011, 09:08 AM

joefbi a.k.a roketx
*******
Group: Senior Member
Posts: 2,533

Joined: Nov 2010
From: Rawang


virut virus? never experienced before...is it very bad?
Coldf3ar
post Jun 8 2011, 02:00 AM

Casual
***
Group: Junior Member
Posts: 431

Joined: Jul 2008

QUOTE(H4XF4XTOR @ May 26 2011, 03:06 PM)
ive been using CF for a while now..im using it at XP without problem but on 7.. CF will unhide your system folder like program data etc etc... so not recommended. . and I take CF as a last resort.. usually when i dont have any other option rather than format..  But. CF loose to virut.. a patching virus... hahaha.. it cant even run when my pc infected with this virut virus
*
Is it? I've been infected by Virut before. 1 time Combo-Fix is enuf to settle it down. Not sure if there any thing left behind. But my pc working well after that wink.gif
rikimtasu
post Jun 8 2011, 10:48 AM

Tired...
****
Group: Senior Member
Posts: 656

Joined: Apr 2008


It better to do a combofix,and then install MBAM and do a full scan.It never hurt to do that.

3 Pages  1 2 3 >Top
Bump TopicReply to this topicTopic OptionsStart new topic
 

Switch to:
| Lo-Fi Version
0.0814sec    4.56    5 queries    GZIP Disabled
Time is now: 20th October 2018 - 10:36 PM