to BC N8LBV
As a general policy, Bleeping Computer does not offer advice
on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. This is because people should not be using ComboFix without being advised to do so by a trained expert (see here
) who is assisting them deal with a malware problem.
With that said, if you receive a message that "Combofix has detected the presence of rootkit activity and needs to reboot
", you should have been instructed to write down the list of any files present in the message before continuing, and then to provide that information to the Helper who instructed you to run the tool.
Detecting "rootkit activity
" is not the same as detecting an actual malicious rootkit which would show in the Stealth MBR rootkit section of a log if it were present.
I'd prefer to ask & learn how I can get combofix to tell me WHY and HOW it is making this determination.
Discussion pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, updates, etc is not available to the public
in order to safeguard and protect the integrity of the tool
from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. Safeguarding
ComboFix from malware writers is necessary and important
so that we can continue to use it without attackers having knowledge how to defeat it. Everything we discuss can be read by the bad guys. Yes, they read forum topics looking for clues on how to circumvent our tools. We don't want to provide any information they can use against us so we deliberately limit discussion which sometimes may appear vague or not fully address a specific question. That's the decision by the creator of ComboFix so we hope you understand and it should not be taken personal.
The only public information that is available can be found in this authorized guide: How to use ComboFix
If you want to learn more about ComboFix you will have to enroll in the Malware Removal Training Program
here at BC (if space is available) or one of the other various Unite Schools
where such training is offered. In that environment experts will train those interested in assisting others with malware removal and how to use specialized fix tools like ComboFix. Once training has been completed, you will have access to the ComboFix discussion thread to learn more specific information about the tool and ask any questions.