Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Re: Combofix has broken my dos shell...

  • This topic is locked This topic is locked
2 replies to this topic

#1 masterx81


  • Members
  • 6 posts
  • Local time:01:12 PM

Posted 17 February 2009 - 12:28 PM

Thanks everyone for the useful support :-)

I not want to speak with the author or disasseble the program (that i still consider really useful), but i want only to speak with someone that maybe have the same problem, and try to slove it.
Seem that the incompatibility is with Symantec Endpoint Protection (ALSO DISABLED), as on machines without it installed the ComboFix has run very well removing all the bad things without do a manual search of the rootkits/virus on the system, but on machines with it installed (AND NOT ACTIVE) it has screwed something. I not want to say that someone has broken some pc, i want only to find how to slove the problem.- only that!!!

You are not supposed to run combofix without supervision of an expert.

Sorry, who is as an expert? Only the coder of the program?
I consider myself at least a little bit expert, i know how to remove rootkits also by hand or sort all things of troubles on windows systems. I work it the computer world by about 15 years (personally i've started with win95), and i do it with passion.
I like combofix as it removes all the bad things with only few clicks, it save me time a lot of time.
For know what combofix has done on my system i can do a regmon and filemon while it run, but i will get a lot of data to analyze, and i not like too see what the coder has done. So i've searched ONLY a little bit of help.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

I've read the disclaimer, i'm trying to search only a bit of help, nothing more!
What you mean by trained? There are no public info about the program, so what training is necessary?

Unfortunately the author of the tool does not want information on how Combofix works on public forums.

The only public information that is available can be found at this guide:

How to use ComboFix

The title "Combofix has broken my dos shell..." maybe was a little bit aggressive, but i'm italian, and i not write english that well (as probbaly you have seen), so i'm sorry for that, but if possible, i want to share with someone this problem, and MAYBE found a way to slove it.

The original thread was:

This is my first post, so... Hi everybody
I'm a pc technician, programmer, know a bit of networking and much other things...
One of this things is remove virus in client's pc's...
On some of this infected pc's i've run combofix, that on most of the pc's has done it's job without problems, but on some machines when has finisched it has left the wrong date time settings and has broken the dos sessions...
The wrong datetime settings was easily sorted, but i not find a way to fix the dos shell...
It set a wrong keycode, that i sort using the kb16 command on the autoexec.nt (but it seem that affect only the command.com, not the cmd.exe) and also every time that i execute an external dos command for the first time on the dos shell, it beep an error with casual characters, ended by a - 1252, the are the only readable chars...
What can i do to fix this problem?
Really thanks!!!

So, now you can close also this thread, and probably also banning me from the forum, but will be more nice if we can speak freely and try to sort what has gone worng.

As said, seem that symantec endpoint is the problem (also disabled). Seem an user setting broken, as entering with the admin user there is no problem...

Really thanks for your attention (if you have read all without banning me :thumbsup: )...

BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Members
  • 35,905 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:12 AM

Posted 17 February 2009 - 04:49 PM

First of all, you will not be banned, because of your post above this one. However the author of ComboFix has requested that no discussions about ComboFix take place outside of specific trained malware technicians forums. Those forums are not open to the general public. This is to prevent malware writers from gaining an edge on the workings of the tool. We respect the wishes of the tool's author and will not discuss ComboFix in the open forums.

We apologize for the inconvenience that may cause you. However as you state yourself, that you are an 'expert' you can understand why we will not reveal how to resolve your issue with regard to ComboFix. As this is information that could potentially be used to render ComboFix less effective. And as an 'expert', I'm sure you will understand that is not an option that malware fighters can afford to take.

The following gives a list of places where malware removal is taught: UNITE Schools Many sites that are listed there, have limited capacity, such as our site at this time. If you should apply and become a trained malware fighter, you may gain access to more information to help you with your issue. That is the only way that we have available at this site that we can offer you, with regards to your situation as you have described.

Best of Luck to you.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 masterx81

  • Topic Starter

  • Members
  • 6 posts
  • Local time:01:12 PM

Posted 18 February 2009 - 04:18 AM

So, no way to try to slove this with someone else?
I will try to slove it myself with filemon and regmon work, and if i found a solution that not hurt someone and that not reveal how combofix works, i'll post it, as surely other people have the same problem, and maybe are searching for a solution...
Thanks for you time...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users