Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Hosts File Backup?


  • This topic is locked This topic is locked
5 replies to this topic

#1 tianvh

tianvh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 21 September 2008 - 06:15 PM

Hi,
I was having problems on my XPSP2 rig (lsass.exe crashed after every reboot shortly after logging in), I followed the advice on a forum post to download and run ComboFix.exe.
After the run, I now find that my hosts file has been cleaned out and now only contains the default 127.0.0.1 loopback entry...
Does combofix make a backup of my original file somewhere before screwing it up?
I am a developer and have - had! - several important entries that I'd dearly like to retrieve...

Please help!

BC AdBot (Login to Remove)

 


m

#2 perr

perr

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 September 2008 - 07:08 PM

Download and run spybot search and destroy. Google it. It will reinstall a host file of bad hosts it has designated as bad guys.

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:03 AM

Posted 21 September 2008 - 07:27 PM

As a developer you should read directions and follow them better

Combofix by sUBs was never intended to be used in the way that that software such as SuperAntispyware or Malwarebytes Antimalware is done. There are several excellent reasons for this Disclaimer shown when you start the program:
Some that I have observed:

About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.

There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the deletion of the folder C:\Windows\System32, requiring a clean install to repair.

Combofix makes some rather significant changes to the internals of XP and Vista in order to work. It has to be removed with special instructions to fully and safely revert these changes. Experienced Helpers are aware of how to accomplish the uninstallation of Combofix.

The real power of Combofix comes not as a general purposed malware remover. It is rather modest in that capacity. Combofix is powerful because it provides to the experienced Helper a convenient and powerful front-end to Scripts. It is because of its scripting strengths, and its unique reporting capabilities, that you see Combofix often recommended. But not because of its abilities as a general malware scanner.

Many malware removal experts will not respond to a request for help if they see that Combofix was run by the end-user without supervision. You might find after running Combofix that your system problems are worse, and nobody is willing to help you.

There are several general purpose anti-malware utilities where the Author(s) intended the application for general use by end-users without Supervision. Combofix is not one of them, and you would be advised to honor that position taken by its Author.

Best regards,
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member



http://www.dslreports.com/forum/r20950947-
Chewy

No. Try not. Do... or do not. There is no try.

#4 tianvh

tianvh
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 22 September 2008 - 07:07 AM

As a developer you should read directions and follow them better

Combofix by sUBs was never intended to be used in the way that that software such as SuperAntispyware or Malwarebytes Antimalware is done. There are several excellent reasons for this Disclaimer shown when you start the program:
Some that I have observed:



http://www.dslreports.com/forum/r20950947-


That must be the most unhelpful bit of "help" I've ever seen. What are you actually telling me (and others in my position)? That we're simply screwed and shouldn't have made use of a tool that is put out there and freely available but without any guidelines to its use except from the initiated?
Who and where are these fabled "helpers" who can restore my configuration? You don't say.

Why make combofix.exe directly downloadable on the net to the public WITHOUT any further info? These so-called "instructions" you refer to are hidden on a forum on some OTHER site, and are nothing more than warnings not to use the app ... therefore hardly qualify as instructions.

I had a very simple request: if anybody knows where/if combofix backs up the hosts file then please tell me where to find it. However, I've restored most of the contents by relying on my stupendous developer-memory which you can only ever dream of possessing...

If you can't answer someone's question then rather say nothing - the last thing someone in a pickle needs will be your sarcasm.

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:10:03 AM

Posted 22 September 2008 - 08:20 AM

However, I've restored most of the contents by relying on my stupendous developer-memory which you can only ever dream of possessing...

Hmmm, one could only dream of such powers.
Take a look:
Restoring from C:\Qoobox\ComboFix-quarantined-files.txt
From the ComboFix-quarantined-files.txt, you can find the files/folders & restore them if needed.

This tool (Combofix) is intended to be used by trained professionals. It has been copied/mirrored at so many sites that the developer thought it prudent to have it open to the public with the information about the possibility of disaster when used by a novice.
Even though this information is provided, it is still launched and problems like yours arise.

Launching applications without reading and understanding them is not a good idea :thumbsup:

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:03 AM

Posted 22 September 2008 - 08:26 AM

Combofix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users