Sponsored By

shanenin

Combofix Question

Recommended Posts

I understand combofix is dangerous and not to be used by non trained users. For my own personal use(I am willing to risk damaging Windows and my data), I noticed combofix would not run on two different computers in the same day. Is their a new spyware threat that is causing this? Any info from you trained malware experts would be appreciated.

It just gets to

Please wait:

Combofix is preparing to run.

Share this post


Link to post
Share on other sites

The "privateness" of malware removal drives me crazy, it is what it is and I just need to accept it. Since this info is not shared openly, I guess i just will have to run it with out knowing. What s shame :-\

Share this post


Link to post
Share on other sites

Not to end on a sour note

Methods are kept private because malware writers do monitor their infections at work. If we can keep something private as long as possible it will help a huge amount of people.

If you don't have access to information about ComboFix, then suggesting people run it is extremely dangerous and foolish.

Share this post


Link to post
Share on other sites

I think that is only part of the reason. I had a trained malware expert give me information on how to use the recovery console to recover from a combofix mishap. He got reprimanded for helping me. That info obviously is not helping the malware coders to get extra help.

Sorry I am just grumpy because valuable info is available in forums, but only if you are a member. Its my problem, you are just following the rules. No hard feelings :-)

Share this post


Link to post
Share on other sites

Just throwing in my $0.02

As I used to be an active part of the malware community, I understand the need for privateness. Yes. we don't want malware writers to have full access to out defense methods. Yes, some tools should require some special training.

On the other hand, I don't know anyone in the malware community who won't admit that the system is flawed. Different sites have different rules. Different members of different ranks at different sites have different ideals. ASAP is a good example of this.

Personally, I think that the "politics" of malware removal has gotten a bit corrupted. It's part of the reason why I'm no longer active in it. The topic is often handled as a black/white issue: if you aren't trained, you get no access. In reality, many of the topic fall in the gray area.

Those are just my thoughts. As you said shanenin, it just is that way and there's not much most of us can do about it.

Share this post


Link to post
Share on other sites

Personally I think matt has an excellent point. I've used combofix quite a bit, and it hasn't as of yet crushed a computer. At the same time I'm extremely wary of it, because it is quite powerful.

Mostly I run MBAM and if there is something major I might try combofix.

However there are a few questions I have that are similar to shanenin's.

1. I understand the removal process has to be completely secret or obviously they could code malware around it. However what would cause your computer to be trashed by combofix?

2. When they say (you're computer might not run again after running combofix), does that mean a hardware corruption or does that mean the OS will be unusuable and you can simply reformat it?

3. I don't understand why clear instructions on how to recover from a bad run of combofix is protected? Does the recovery method reveal in anyway how combofix works?

4. Are there different ways to run combofix? People keep telling me, don't use it unless your trained, but my question is, trained in what? Its not exactly like you do much, combofix is extremely automated? Do they mean training as in recovering from a bad run?

Or does the malware prevention community simply not want combofix to become widely used?

Share this post


Link to post
Share on other sites
1. I understand the removal process has to be completely secret or obviously they could code malware around it. However what would cause your computer to be trashed by combofix?

I know a little bit. Back in February of 2007, almost 2 years ago, their was a bug in combofix that if it was ran while a computer was infected with a certain piece of malware it would recursively deleted everything on your C: drive. Their may be other issues, but I don't know, since the info is kept from the public.

2. When they say (you're computer might not run again after running combofix), does that mean a hardware corruption or does that mean the OS will be unusuable and you can simply reformat it?

The os may not be bootable. As far as I know, no virus or software in practice(in theory it is probably possible) can harm your hardware. As to the computer not running after using it, many programs can do this. Any program that deletes files or adds files to your system can do this: registry cleaners, antivirus programs, anti malware programs, and windows updates, among many others. I personally have never had combofix cause any harm to the hundreds of computers I have used it on, but I may just be lucky. The few times I have used "Super Anti Spyware", it has caused the computer I used it on to be unbootable in normal mode, by blue screening. I have had XP sp3 and vista sp1 both casued several computer I used it one to be unbootable.

3. I don't understand why clear instructions on how to recover from a bad run of combofix is protected? Does the recovery method reveal in anyway how combofix works?

Their is no good reason why we cant post the instructions. I personally think it is irresponsible to not have these be posted publicly. If you wanted to read through hundreds of HJT logs, eventually you will find the preferred method to recover from a bad run. I think this is how it works: when combofix runs it makes a backup of the registry and keeps a backup of the files it deletes. I think the recovery method just allows you to restore the registry and files to the way they were before running it. I have the instructions, feel free to PM me, I can send them to you :-)

4. Are there different ways to run combofix? People keep telling me, don't use it unless your trained, but my question is, trained in what? Its not exactly like you do much, combofix is extremely automated? Do they mean training as in recovering from a bad run?

Or does the malware prevention community simply not want combofix to become widely used?

I personally think it is our God given right to destroy our computers. I have ruined many computers doing reckless things all the time. It is how we learn :-) I don't like being told I am not qualified to run combofix(I equally get annoyed when people tell me not to run as root) I personally think they don't want us to use the tool because it gives them a since of power being the only ones allowed.

To end on a positive note, I have great respect for the people who do train in malware removal. They are helping people everyday to keep their computers healthy. They provide a wonderful service to many individuals for free.

Share this post


Link to post
Share on other sites

Thanks shanenin, you've brought me a boatload of good news.

I was a little wary about using it, I still am knowing that it can crush an OS. However the fact that it doesn't really do any permanent damage doesn't bother me overly.

Most comps I work on have hardly any software, and before I work on them I back up all files, pictures, movies, the registry and a system restore point.

The worst that happens is that I reformat their computer which takes 2 hours (provided they have their driver disks)

Thanks for the response!

Also I agree on the whole you're not qualified to look at HiJack this logs, you're not qualified to look at combofix logs.

It's not like it takes all that much to understand them. I just think there's a touch of snobiness in the malware community. But I do highly respect those who willingly help others in their spare-time for free

Share this post


Link to post
Share on other sites
Also I agree on the whole you're not qualified to look at HiJack this logs, you're not qualified to look at combofix logs.

It's not like it takes all that much to understand them.

This is where you are wrong. It takes a lot to look at a log, identify the infections, and know how to work with them.

Share this post


Link to post
Share on other sites

My advice may be flawed(maybe even bad). I have had good luck, but maybe it causes more issue then I am aware of. When we(people who repair computers for a living) work on computers it is different. We have physical access and can fix our mistakes(backup and reload). Not everyone is able to do that.

As a disclaimer: to clean up spyware/malware, with greatly reduced risk, it is best to follow the directions of a malware expert. They are trained very well. They take many precautions. Without question, running tools like combofix unsupervised is riskier then running them with supervision.

Share this post


Link to post
Share on other sites

I wasn't attempting to insult Malware experts, so if that was what you picked up from my post then I apologize.

I was attempting to put into words what I think shanenin worded fairly well. Your average computer techie who has a working knowledge of the registry, task processes, and access to google can determine which processes are running and which ones are bad processes.

That is if a scan doesn't fix it.

Share this post


Link to post
Share on other sites

Well the fact of the matter is that this is the situation. These are rules decided upon by other groups at other websites. We don't have an active anti-malware info-base here at BestTechie that's hidden from everyone. Because of that, all of our helpers come here from other sites.

Like it's been stated, helpers are simply following the rules. Many of the people who have come to this decision are at

GeeksToGo

WhatTheTech

SpywareInfo

MalwareRemoval

ASAP/Maddoktor2

BleepingComputer

UNITE

And some other places.

Share this post


Link to post
Share on other sites

I have never had to use combofix on my good machines. I wouldn't want to. I don't need to.

I sometimes have heavily infected test computers and I still dont need to run it.

If you have to run combofix on a machine because you've downloaded or done something, you clearly dont know what you are doing (in respect to fixing computers) in the first place.

Hence the reason why people come here for Malware Removal and we ask them to use it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...