Removing ComboFix

I was not sure where this question sits best, so apologies if this is not the right slot.

I have tried Windows R the ComboFix /uninstall ( also combofix /unintall) on my Windows7 Home Premium system, but in both cases I get an error that Windows cannot find ComboFix.

What else can I do to uninstall it? Please!

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

See here.

Afterwards, please do NOT run ComboFix again unless asked to do so by a member of the Malware Removal Team. Why? Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

I have Windows 7 so am following

To uninstall ComboFix from Windows Vista or Windows 7 please perform the following steps:

Click on the Start button () and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow. Please note that there is a space between combofix and /uninstall.


Windows 7 Start Menu



Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

AFAICS it does not work. All that happends when I press "enter" is that I am taken to the Windows libraries.

Did you try this?

If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.

Changing name on desktop does not work. Doubleclick makes UAC ask if the program is to run, but it does not remove the uninstall.exe. Also worryingly AVG produces a trojan warning.See here

Am I perhaps misunderstanding something?

Doubleclick makes UAC ask if the program is to run, but it does not remove the uninstall.exe.

If you received a UAC prompt asking if you would like to continue running the program, and pressed the Continue button, then it should have uninstalled and you should have seen a dialog box stating that "ComboFix has been uninstalled". After that, you can remove the uninstall.exe program from your computer (Desktop) by right-clicking on it and choosing delete.

If it did not uninstall properly, do this:

Download OTC by OldTimer and save to your Desktop.

• Double click on the OTC icon on your desktop.
  Vista/Windows 7 users right-click and select Run As Administrator.
  If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
• Click on the green CleanUp! button.
• Click Yes when prompted to Begin cleanup process.
• When it has finished, OTC will ask you to restart the computer.

-- Any leftover folders/files related to ComboFix which OTC did not remove can be deleted manually (right-click on it and choose delete).

Also worryingly AVG produces a trojan warning

You can ignore that. Combofix is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive".

Thank you. Only the OTC option seemed to work with final manual removal of laft overs.
A few entries remained in the registry even then.

You're welcome.