Combofix What Does It Do And When Is It Used Options

[fozzie]

Can somebody explain why in some instances combofix is used?
Is it for a specific treatment?

[Orange Blossom]

Combofix is a specialized cleaning tool. I'm not sure what infection it is designed for.

Orange Blossom

This post has been edited by Orange Blossom: Dec 11 2006, 02:27 PM

[Orange Blossom]

Here's just a tad more information: a combofix log will show a bunch of registry entries in different categories including what was installed in the recent past - I think 30 days.

Once again, I don't know specifically what it is designed for. Our malware experts can give you much more information on that.

Orange Blossom

[-David-]

Combofix is a general tool that helps the helper cleaning up a Hijackthis log.
It is able to remove some common infections and helps a user detect files that general scanners cannot find.
It also lists registry keys such as the key keys, the desktop keys, and other areas where malware hide.
The tool has some rootkit detectors too, allowing a helper to see if a rootkit is present on the PC.

[peteyg67]

I used combofix.exe to help get rid of smeitfruad but it wasnt all down to that it was down to the great help on smeitfruad mike
If u detect smeitfruad on your computer through spybot it does not remove it there is certain processes to go through. Mines got to the stage were it denied me access to my internet

Regards
Peter

[quietman7]

If u detect smeitfruad on your computer through spybot it does not remove it there is certain processes to go through.

That's why we have the Spyware and Malware Removal Guides and Reading Room with instructions for removing it and other common malware types. Did you see the self-help guide "How to remove the Smitfraud / Generic Zlob"?

[fozzie]

Combofix is a general tool that helps the helper cleaning up a Hijackthis log.
It is able to remove some common infections and helps a user detect files that general scanners cannot find.
It also lists registry keys such as the key keys, the desktop keys, and other areas where malware hide.
The tool has some rootkit detectors too, allowing a helper to see if a rootkit is present on the PC.

Thanks for the reply. Is there a place where I can get some more detailed info. i am not going to do things on my own, just am interested to see how what and where to read- and use it.

[quietman7]

fozzie, there is little information posted for public viewing in regards to this tool and many other specialized fix tools. We don't want the bad guys to see or know how everything we use works. We also don't want folks using some of these tools without the supervison of an expert to guide them along. When you are accepted into a formal training program to learn more about malware removal, there will be ample opportunity for such questions in more detail. Just be patient until then.

[fozzie]

Okido...

[Grinler]

Just a heads up that there is an official guide for ComboFix here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix - English Version

http://www.bleepingcomputer.com/combofix/f...iliser-combofix - French Version

ComboFix is not a general purpose cleaning tool and should not be as such. ComboFix should only be used when asked by someone experienced in the use of this tool. Using this tool without supervision can cause problems with your computer.

[Ziah]

fozzie, there is little information posted for public viewing in regards to this tool and many other specialized fix tools. We don't want the bad guys to see or know how everything we use works. We also don't want folks using some of these tools without the supervison of an expert to guide them along. When you are accepted into a formal training program to learn more about malware removal, there will be ample opportunity for such questions in more detail. Just be patient until then.

I second this for sure on keeping it secret....even though I am sure they are working on getting around Combofix now. Hello all, my name is Ziah and I am new here. I have been a tech for about 15 years now. I wanted to sign up to reply to this. I totally agree that we should try to keep our tools away from the bad guys. And yes, Combofix is a tool that should only be used by someone that knows what he/she is doing. Recently we have had to even rename some of the tools we use because some spyware is so good at hiding...it can even detect when a tool is looking for it, therefore disguising itself and remaining hidden. I clean many machines daily......the bad guys...just get "badder" and their spyware gets nastier. A smitfraud variant on a customer machine today completely deleted Combofix right as I ran it. I had to pull my usual tricks to get it to run and was finally able to clean the machine. Anyway, it's good to be here and hopefully I can lend some of my years of knowledge to the forum.

[boopme]

Thanks for the informed response Ziah. I would also like to say welcome to Bleeping Computer.

[Ultraseamus]

Just wanted to say that I Just used Combofix to remove some nasty spyware, and it worked wonders, could not be happier or more impressed with the results, keep up the good work.