ComboFix is an Anti-Malware tool used by advanced malware technicians
specifically trained in its use.
Please DO NOT USE COMBOFIX on your own without supervision!!!
We ask that you obey the warnings about using this tool. Why? The warnings are given for a reason and one of them is to inform our members about the consequences that may occur when using ComboFix in an unsupervised environment. Yes, ComboFix is an excellent but powerful tool. I liken it to Acetaminophen (Tylenol). Used correctly, the drug will help with your aches and pains. Used incorrectly, it can destroy your liver and eventually kill you. The same scenario applies to ComboFix. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable. Further, trained helpers prefer to see preliminary scans from other tools like DDS and GMER before asking anyone to run Combofix because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows checking for the presence of rootkits, planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
A few comments from one of our malware experts, Papakid:
Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.
. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.
Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.
The following is our standard warning when we see its use mentioned outside of an advance malware forum:
No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read Combofix's Disclaimer.
ComboFix is provided as is, without warranty of any kind. All
implied warranties are expressly disclaimed. If you do not agree to the
terms stipulated by sUBs, use of his tool is at your own risk.
Bleeping Computer and sUBs will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own.
Questions about ComboFix and how it works:
Sorry but discussions pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, updates, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. The only public information that is available can be found in this authorized guide: How to use ComboFix
ComboFix System Requirements:
Currently, ComboFix is compatible with:
Windows XP - (32 bit only)
Vista and Windows 7 (32-bit and 64-bit).
Note: Although not listed in the Authorized Guide, ComboFix will run on Windows 8 (32-bit and 64-bit).
ComboFix is not compatible with Windows 8.1 yet so you cannot get it to run.
-- If used on Windows 2000, ComboFix will display this message:
ComboFix logs, where should I post them?
ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.
A Statement about Malware Removal:
There are no guarantees when it comes to malware removal and that includes the scanning and specialized fix tools we use. Infections will vary and some will cause more harm to your system than others. Thus, sometimes it takes several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and can produce disasterous results after using the available tools and security scanners for disinfection. How can that happen?
All scanning tools are susceptible to glitches, bugs and false positive detections and removal of critical files from time to time resulting in computers that become unbootable or get stuck in an endless reboot loop. Even major anti-virus vendors are not immune to such issues either and here are just a few reported examples.
- McAfee false-positive deletes critical svchost.exe causing system crashes and reboot loops
- McAfee false-positive glitch on crucial system files fells PCs worldwide
- Symantec false positive on system files cripples thousands of Chinese PCs
- Kaspersky False Positives Quarantine or Kill Windows Explorer in Windows Vista
- AVG virus scanner removes critical Windows file and renders machines unbootable
- Malwarebytes Atapi.sys and Registry False Positives
In most cases when these problems occur, the anti-virus vendors and security tool developers take quick action to correct the problem and provide support to those users who have been affected.
I used ComboFix on my own and encountered problems. What should I do?
Take responsibility for your decision to use ComboFix despite the numerous warnings that are provided not to use the tool in an unsupervised environment rather than attribute blame to others.
As a general policy, Bleeping Computer does not offer advice on how to run ComboFix on your computer unless we asked you to run it or there is a problem with your computer that is caused by running it. This is because people should not be using ComboFix without being advised to do so by someone (i.e. Malware Response Team) who is assisting a member deal a malware issue on that system. If you are being advised to run ComboFix by such a person, then you should contact that person and have them help you, as they should have the knowledge to do so.
With that said, the BC Staff will try to assist our members if they encounter a problem after using ComboFix on their own and ask for help. We understand that even under the supervision of an expert, something can go wrong to include false positives on critical system files resulting in unbootable machines or other issues. If such a scenario happened with you, here are some basic guidelines to follow:
- Start a new topic, give it a relevant title and provide a description of your problem, a summary of any anti-malware tools you have used and a summary of all steps that you have performed on your own.
- Please be specific and describe exactly what happened when you ran ComboFix. Include any error messages that you received. If your machine is bootable, providing a How to take and share a screen shot in Windows can be useful in helping to resolve your problem.
- After starting your topic, please be patient as it may take time to get an answer. False postives, glitches and bugs resulting in computer problems have to be reported first to the tool's developer and then investigated before anyone can advise what corrective action needs to be taken. That may require the developer to conduct some testing and obtain sample files for analysis. Also keep in mind that staff members are all volunteers and we assist other members as well as you when time permits. No one is paid for their work or assistance to members of our community.
- Unless you are an expert, do not reply to someone else's topic with instructions, especially if they are already in the process of getting help from a member of the Malware Response Team or trusted staff. If you have a similar issue, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware so please start your own topic. Those awaiting assistance, please read the pinned sticky How do I get help? Who is helping me?. It's important that you know who you should trust to take advice from.
Again, we ask that you please be patient. It may take a while to get a response but your problem will be reviewed and answered as soon as possible.
Thank you for understanding.
The BC Staff
Note if you find ComboFix unavailable: There may be times when the developer will remove ComboFix
in order to update or fix reported bugs so the tool may be unavailable for download.
Never attempt to download ComboFix from sites other than the authorized How to use ComboFix Guide.
Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix.
These outdated copies can contain bugs that may render some machines unbootable.
Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again.
Always wait wait for the official version to be fixed and released again.
Edited by quietman7, 08 November 2013 - 04:24 PM.