Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Question


  • This topic is locked This topic is locked
5 replies to this topic

#1 bataAlexander

bataAlexander

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:39 PM

Posted 15 January 2008 - 12:45 PM

Hello i would like to ask if there is a furthergoing description on combofix and itīs scripting functions.

I already read this Link, but itīs not mentioned.

I mean the stuff with the

File::

Registry::

Collect:: (what does this stand for??)

So, if anyone would be that kind to tell me. :thumbsup:

Alex

Edited by bataAlexander, 15 January 2008 - 12:46 PM.


BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:39 PM

Posted 15 January 2008 - 03:37 PM

I'm afraid there is no public information on those commands and CFScripts. There is a very good reason for this.

ComboFix is a very powerful tool, and should really be used at all without supervision. Those commands are equally (if not more) powerful and, with a bit of carelessness, ignorance or even an honest mistake, they can render your machine un-bootable.

Malware helpers go through extensive training on how and when to use this feature of ComboFix.

It is for these reasons that you are strongly advised not to use them, and that if you are having malware problems that cannot be solved easily, you are advised to post a HijackThis (and ComboFix, if applicable) log in the Malware Removal Forum.

Hope that info helps, sorry it wasn't what you were looking for.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 bataAlexander

bataAlexander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:39 PM

Posted 16 January 2008 - 10:20 AM

It is for these reasons that you are strongly advised not to use them, and that if you are having malware problems that cannot be solved easily, you are advised to post a HijackThis (and ComboFix, if applicable) log in the Malware Removal Forum.


Thanks for your reply! :thumbsup:

But itīs the thing i always have to read. I know that combofix is a powerfull tool, and i know that misusage would end i trouble, but that is, why iīm asking here.

Iīam a regular in the german forum trojaner-board and some else.
Combofix is in use there, but nobody knows a dokumentation about this functions.
So I ask, if it is more dangerous to spread a tool, without a dokumentation, that answering a concrete question on this Programm.

I do not want to complain, but why do I have to go through everyoneīs training to get this litte information?

Alex

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:39 PM

Posted 16 January 2008 - 10:55 AM

The developer of ComboFix does not want to 'spread' the tool as such. It is only intended for supervised use, not as a general scan. I know you have heard this before, but I'm afraid that is the underlying fact.

As you mentioned, there are many warnings about how ComboFix should only be used under supervision. You mentioned there was a German board using ComboFix. The developer has noted that there are 3 german forums that are 'authorized' to use ComboFix:
HijackThis.de
PCMasters
CastleCops

If, in the future, the developer wants to release more information on how to use this tools features to the public, then so be it. But until then, not me, nor anyone else is going to disclose anything about the tool other than what is already out there.

I am sorry that I cannot be of more use in answering your question.

May I just ask, why is it that you want to know about this feature, what is it you are trying to do? Chances are, it is achievable with any number of other tools. If you know enough to be able to use ComboFix safely, you should be able to take another path to achieving your goal.

Edited by jpshortstuff, 16 January 2008 - 10:56 AM.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 bataAlexander

bataAlexander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:39 PM

Posted 16 January 2008 - 11:20 AM

May I just ask, why is it that you want to know about this feature, what is it you are trying to do? Chances are, it is achievable with any number of other tools. If you know enough to be able to use ComboFix safely, you should be able to take another path to achieving your goal.


:flowers: You may and youre right, everything i like a user to do, i can do with an other tool. And as I say this, CF is a Tool, which i like to you use and this correctly.

Since now iīve just used some functions like file and registry and now i wondered if there are any further commands.

Thynx so far. :thumbsup:

#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:39 PM

Posted 16 January 2008 - 11:56 AM

Due to the fact that the developer does not want information released regarding this powerful tool. Further discussion on it is impossible. With that in mind This thread is closed.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users