Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Virus/Malware >>>>>About Combofix by sUBs<<<<<, READ BEFORE USING OR RECOMMENDING

views
     
TSBlueWind
post Mar 11 2011, 12:19 AM, updated 9y ago

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



About Combofix and reasons behind
Combofix is intended to be used under a TRAINED MALWARE SPECIALIST because they have the knowledge on how to use Combofix properly and propose a special fix based on the log given. As powerful as it may seem, when helpers use Combofix as a tool, it often takes MORE THAN one round to properly eradicate stubborn infections which I hope this explains the powerful nature of this specialized tool. I believe we have seen enough people in LYN Tech Support forum most of the time suggest victims to run ComboFix based on their experience using it without supervision simply because they thought they had successfully disinfected the whole machine and absence of symptoms does not mean the infection is all gone. Frankly speaking, only trained specialist will only know the inner workings of CF and the way it behaves.

BEAR IN MIND that using this tool will also risk of causing BOOT FAILURE on the machine rendering it useless.

As described from Bleeping Computer :
QUOTE
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


I have seen enough people ignorant enough to propose the use of this tool whenever there appears to be a malware problem in someone's machine.

Therefore, we PLEAD everyone especially those who are untrained, DO NOT ever suggest victims to run CF and we would like to REMIND you once again that the logs generated each run from CF is solely intended use by a trained analyst.


Note : Combofix is in no way affiliated with combofix.org



Updated on 28/9/2011

This post has been edited by BlueWind: Sep 28 2011, 06:33 PM
TSBlueWind
post Mar 11 2011, 10:48 AM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



These are the few options you can consider enrolling. The teaching style and method for different school varies. Click on the link below to see.

http://www.uniteagainstmalware.com/schools.php
TSBlueWind
post Mar 11 2011, 11:33 AM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



These are all free. All teachers and malware helpers come from all walks of life. They volunteer their time and effort to help people. This will not be an easy one as you need 6 to 9 months or more to complete depending on your ability and knowledge. So if you don't have the drive and passion to do it, then better not waste everyone's time. smile.gif

Yes they are all different, but our ultimate goal is always the same and that is to help people.
TSBlueWind
post Apr 17 2011, 11:07 AM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



QUOTE(joefbi @ Apr 15 2011, 05:20 PM)
i used to be infected with the virus which is disable my task manager...

i just try running 'Hijackthis' and 'combofix' in the safe mode with System Restore OFF.

after that the infection gone...i dunno wether its the same virus or not...

another thing, there were some ppl are giving reminder to be carefull on using this kind of tools...i dunno why and i just using it without any problem, so far.
*
The initial post still not clear enough to you even you implied that you have understood? doh.gif
TSBlueWind
post Apr 26 2011, 06:24 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



QUOTE(joefbi @ Apr 26 2011, 01:03 PM)
Regarding to the issued about using COMBOFIX(CF) to fix ur virus/malware in your machine.
Im the one who use it on my fren suggestion, and yes...im not expert in using CF.
My pc just infected with some virus, cannot recall the type and name. Just follow my fren
tell me to run it in safe mode and turn off all system restore on all drives.
im just run CF(CF must be downloaded from bleeping computer for fresh copy, otherwise it useless)
Cf was not require me to do manual deleting or any others option...i just click to run and wait...
Actually CF is best run in normal mode because the scans itself is best optimized this way and we would never advise people to turn off their system restore and only clear infected system restore cache once we are done with disinfection process.

QUOTE
the method is:

1. accept the terms(of coz CF author wont take any responsibilty on the used, also others free-apps author do so)
2. disable Active AV protection, to ensure no conflicts with CF while scanning
3. Asking to download Windows Recovery Console(need internet connection) u can skip this step (optional)
4. CF will make a restore point (if anything goes wrong, u can restore previous state)
5. CF will start scan, stage by stage (including automatic delete on malicious detection) it will be 50 stage if not mistaken.
6. If CF make deletion, it will required u to restart ur machine(in same account e.g safe mode) to complete the task
7. After that, CF will log u a scan report in txt file which u can use it to show it to experts for further action.
CF will tell u where is location/folders this log will be keept, so u can retreive them later.
8. by this point, user still not required to do anything e.g manual delete or another options. and CF will close automatically.

im been told that u have to show the scan report to experts, so they can guide you what to do...my Qs is,
if u dont run it for the 1st time, how come u can get the scan report?

Because when we request victims to run CF, that is the time when we deem that the computer has enough questionable entries (i.e. diagnosis logs namely DDS coupled with anti-rookit scan). So once they requested victims to run CF for the first time, they will need the CF log to plan for further action should the problem persists and like I mentioned on my initial post, it takes more than one round to eradicate which happens quite often.

QUOTE
CF if bit differ from hijackthis(HT) which after scan u are able to choose to fix (require to thick the list box)
or just leave it unchange(just view the log's or show the log's to experts, its your choice) but in CF, there was no choice.

For this helpers will know the directives to put CF into good use and this is not publicly published because CF is very intrusive. Unlike HJT which only modifies registry that's all, and CF on the other hand performs much deeper level of scan and fixes.

QUOTE
im just notify CF was fix back some register i was delete before scan like 'isshortcut' (to remove small arrow on shortcut icon on your desktop) after scan done, this small arrow comes back...others than that was not noticeable to me(yes, im not expert)

Others than that, i have no problem or difficulties in my system, everything seem ok and normal. Iv been using CF
many times on my rigs, my relatives pc's and lappy's also some of my frens. thier probs of insfection gone and
their system were ok since long time ago were using CF.

i dunno if others have a bad experience using CF (not because of others reason, but CF itself) may share your
experience here...dont get me wrong, make this topic clean and discuss in the good means, for sharing and caring.

U may post the log's u have, so experts here(i hope we have) can give some advise...if can do so, u may edit ur log
for some privacy reason.

TQ's
*
Admittedly, yes during its first initial scan sometimes it can be very effective in clearing up junks for us, and usually the log will show there is more to clean. I always tell people that the absence of symptom does not equate to a clean system and in fact we can never be 100% sure about it.

Trust me, I've borked people's system using CF alone and that is where helpers try to salvage the computer using recovery console.

For log editing, it is not encouraged to do that but obviously sometimes when the log is short and easier to eyes, people will tend to do that to avoid the helper from refraining themselves to continue further in helping especially when the OS is not legit.
TSBlueWind
post May 25 2011, 05:50 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



Just so you know, recently there was a bug in CF version which caused program files to be deleted in an alphabetical order and was quickly rectified soon after.

We can't share info for using it, but you can choose to enroll training schools as given link on my third post.
TSBlueWind
post Sep 27 2012, 01:11 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



I did not update the first post and a lot of changes have been done on ComboFix since then.

Like I said, CF can be a very powerful tool to use in dealing with infections as you can see for yourself. But the fact remains that depending on the kinds of malware you're getting, especially the stubborn ones may cause BSOD.

I can only warn but not stopping from anybody using it.
TSBlueWind
post Mar 16 2014, 10:08 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



You could run Windows 8 on it but not 8.1.

TSBlueWind
post Mar 30 2015, 06:57 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



QUOTE(SlamberGamer @ Mar 29 2015, 08:35 PM)
run in in safe mode and with administrator for the best cleaning process.. it will remove almost all of the virus malware in your pc..
*
Really? Since when CF is best run under safe mode?
TSBlueWind
post Apr 1 2015, 08:41 PM

Sianzation
*******
Senior Member
2,898 posts

Joined: Jan 2007



It was designed to run best under normal mode. Not safe mode. Anyhow the development for CF has slow down quite a lot lately.

 

Change to:
| Lo-Fi Version
0.0137sec    0.41    6 queries    GZIP Disabled
Time is now: 29th March 2024 - 10:28 AM