BleepingComputer.com: Pointers/Tips Reading Combofix log

Hi all. Got a question about reading the Combofix log. Basically my boss thinks that there are some computers in the building where I work that have bugs in them affecting their performance. We have computers with Windows XP/SP3 and McAfee VirusScan. He's asked me to run Combofix on all the computers to see if there is any malware and then report to him the results. My question mainly is "How do I tell?" He's used Combofix before and says basically that if I see anything in the log file that shows "Other Deletions" that it was infected. Being a newbie to using Combofix, I thought I'd ask ya'll and see if you can provide any pointers (what should I look for). Don't think you want me posting a dozen logs, you've got more important things to do. So could somebody give me a little advice on what to look for? Many thanks in advance for ANY help or tips you can offer.

This post has been edited by Budapest: 16 November 2010 - 05:23 PM
Reason for edit: Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

Quote

http://www.bleepingcomputer.com/forums/topic273628.html

Sorry, I thought that if somebody had a question about a bugged computer (or even a computer that MIGHT be bugged - maybe they don't know for sure), this was the place to go to ask for help. Is that an incorrect assumption then? And if I do need help, who would you recommend I take it up with?

The place to ask the questions you just made mention of is here: Am I infected? What do I do?

Please read this for more complete information: How do I get help? Who is helping me?

Your first post was not phrased that way and that is why you got the reply you did. We are not able to explain the inner workings of the tools employed to remove malware for the reason explained. We will however help you diagnose potential issues and help you resolve them using the free tools at our disposal, and to the team members assisting you.

Cool. BTW, did you read the actual post? All I really want to know is... if I run ComboFix, how do I know if it found and fixed any "bugs" or not? Is that a question you can answer? Or is that a question somebody in the "Am I infected. What do I do?" forum can answer?

You're welcome. And yes I actually did read your post. Unfortunately it's not a simple answer due to the complexities of having trained people give you honest quantified answers with forum provided information by both parties. The output of a log is complex and must be analyzed taking into account individual settings and software/hardware configurations. With malware analysis 'one size does not fit all'. Again the difficulty is in giving you self help information that doesn't violate the wishes of the malware tool author/s. My apologizes for being intentionally vague, but that is by design to conform to the wishes of our malware tool authors.

It's actually as simple as you describing the issues with the machine in as much detail as possible. The trained malware helper assessing the potential issue/s then offering a set of tool or tools to run, to give an output that they can analyze to be able to recommend a fix for, if issues are present.

Quote

That is not always true. Combofix, like any other security tool may falsely detect and remove a file. When a trained expert is assisting someone, they will know how to deal with such a scenario.

Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. When issues arise due to complex malware infections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise members what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Those are just some of the reasons we advise not to use ComboFix unless instructed to do so by a trained expert.