ComboFix is an Anti-Malware tool used by advanced malware technicians
specifically trained in its use.
Please DO NOT USE COMBOFIX on your own without supervision!!!
We ask that you obey the warnings about using this tool. Why? The warnings are given for a reason and one of them is to inform our members about the consequences that may occur when using ComboFix in an unsupervised environment. Yes, ComboFix is an excellent but powerful tool. I liken it to Acetaminophen (Tylenol). Used correctly, the drug will help with your aches and pains. Used incorrectly, it can destroy your liver and eventually kill you. The same scenario applies to ComboFix. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable. Further, trained helpers prefer to see preliminary scans from other tools like DDS, FRST, OTL Zoek and RSIT before asking anyone to run Combofix because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows checking for the presence of rootkits, planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
A few comments from one of our malware experts, Papakid:
Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections...CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.
Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.
ComboFix is meant for private use. It should never be used in an unsupervised environment...This software is provided 'as is', without warranty of any kind. All implied warranties are expressly disclaimed. If you do not agree to the above terms, please click No to exit.
As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert who is assisting them deal with a malware problem. When issues arise due to complex malware infections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.
While our policy is not to offer advice on running ComboFix unless we asked someone to run it, we are willing to assist with resolving problems caused after using it and we are certainly willing to help with malware disinfection.
Questions about ComboFix and how it works:
General discussions about ComboFix and support questions are permitted. This includes anything about ComboFix that is publicly known and available in Internet articles and in the authorized guide: How to use ComboFix. Information about the private scripting directives and certain specifics not available to the public (i.e. how Combofx works, the routines it performs, development, etc) is not permitted to be discussed publicly.
ComboFix System Requirements:
System requirements for ComboFix are provided in the Authorized How to guide and on the authorized download page.
At this time ComboFix can only run on the following Windows versions:
Windows XP (32-bit only)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)
Windows 8 (32-bit/64-bit)
Windows 8.1 and Windows 2000 are NOT supported by ComboFix.
If you attempt to use ComboFix on Windows 8.1, it should provide a message alert: ComboFix is not meant to run in 'Compatibility Mode' and exit.
This message is intentional by design when attempting to run ComboFix on that operating system.
-- if used on Windows 2000, ComboFix will display this message:
ComboFix logs, where should I post them?
ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.
A Statement about Malware Removal:
There are no guarantees when it comes to malware removal and that includes the scanning and specialized fix tools we use. Infections will vary and some will cause more harm to your system than others. Thus, sometimes it takes several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and can produce disasterous results after using the available tools and security scanners for disinfection. How can that happen?
All scanning tools are susceptible to glitches, bugs and false positive detections and removal of critical files from time to time resulting in computers that become unbootable or get stuck in an endless reboot loop. Even major anti-virus vendors are not immune to such issues either and here are just a few reported examples.
- McAfee false-positive deletes critical svchost.exe causing system crashes and reboot loops
- McAfee false-positive glitch on crucial system files fells PCs worldwide
- Symantec false positive on system files cripples thousands of Chinese PCs
- Kaspersky False Positives Quarantine or Kill Windows Explorer in Windows Vista
- AVG virus scanner removes critical Windows file and renders machines unbootable
- Malwarebytes Atapi.sys and Registry False Positives
In most cases when these problems occur, the anti-virus vendors and security tool developers take quick action to correct the problem and provide support to those users who have been affected.
I used ComboFix on my own and encountered problems. What should I do?
Take responsibility for your decision to use ComboFix despite the numerous warnings that are provided not to use the tool in an unsupervised environment rather than attribute blame to others. We understand that even under the supervision of an expert, something can go wrong to include false positives on critical system files resulting in unbootable machines or other issues. If such a scenario happened with you, here are some basic guidelines to follow:
- Start a new topic here, give it a relevant title and provide a description of your problem and a summary of all steps that you have performed on your own.
- Please be specific and describe exactly what happened when you ran ComboFix. Include any error messages that you received. If your machine is bootable, providing a How to take and share a screen shot in Windows can be useful in helping to resolve your problem.
- If you need individual assistance with a malware infection, please follow the instructions in the Preparation Guide For Requesting Help and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.
- After starting your topic, please be patient as it may take time to get an answer. False postives, glitches and bugs resulting in computer problems have to be reported first to the tool's developer and then investigated before anyone can advise what corrective action needs to be taken. That may require the developer to conduct some testing and obtain sample files for analysis. Also keep in mind that staff members are all volunteers and we assist other members as well as you when time permits. No one is paid for their work or assistance to members of our community.
- Unless you are an expert, do not reply to someone else's topic with instructions, especially if they are already in the process of getting help from a member of the Malware Response Team or trusted staff. If you have a similar issue, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware so please start your own topic. Those awaiting assistance, please read the pinned sticky How do I get help? Who is helping me?. It's important that you know who you should trust to take advice from.
Again, we ask that you please be patient. It may take a while to get a response but your problem will be reviewed and answered as soon as possible.
The BC Staff
Note if you find ComboFix unavailable: There may be times when the developer will remove ComboFix
in order to update or fix reported bugs so the tool may be unavailable for download.
Never attempt to download ComboFix from sites other than the authorized How to use ComboFix Guide.
Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix.
These outdated copies can contain bugs that may render some machines unbootable.
Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again.
Always wait for the official version to be fixed and released again.
Edited by quietman7, 13 April 2015 - 02:16 PM.