Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Combofix not being updated anymore?


  • Please log in to reply
8 replies to this topic

#1 joemer

joemer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 May 2009 - 03:51 PM

Hi,

When cleaning fake antivirus I always first use Combofix and get the latest update. Today I was cleaning "Malware Catcher 2009" and Combofix did not find anything!

I then ran Malwarebytes' Anti-Malware and it cleaned it.

Is Combofix falling behind and now I should always use first Malwarebytes' Anti-Malware?

J.

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 08 May 2009 - 04:35 PM

Combofix is available for those getting assistance by experts in the HijackThis Logs and Malware Removal forum.

Why for only those members?

It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. As such, no one should be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. Please read Combofix's Disclaimer.

That's the decision by the creator and we will abide by that decision.

Please feel free to post your problem here joemer were you will be advised accordingly.

Edited by The weatherman, 08 May 2009 - 04:40 PM.


#3 joemer

joemer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 08 May 2009 - 04:54 PM

Combofix is available for those getting assistance by experts in the HijackThis Logs and Malware Removal forum.

Why for only those members?

It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. As such, no one should be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. Please read Combofix's Disclaimer.

That's the decision by the creator and we will abide by that decision.

Please feel free to post your problem here joemer were you will be advised accordingly.

Is this the right place to report lack of detection to Combofix programmers? Please advice. If so please answer my original question if you know.
I asked for a simple reason: Last several months, I MUST use Malwarebytes' Anti-Malware as Combofix has lower rate of detection and leaves stuff behind.
Thank you.

#4 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 08 May 2009 - 05:39 PM

I will pass on your concerns to the author of the tool. If and when I get a response from the author, I will pass it on as a response here. Thank you for your concerns and allowing us the opportunity to address them.

Regards,

The weatherman,
Bleeping Computer Staff

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:24 AM

Posted 08 May 2009 - 06:52 PM

Hello joemer,

MalwareBytes is a general purpose AntiMalware program that anyone can use. In contrast, Combofix is NOT a general purpose security program.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014

Continuing the heart surgery analogy, it is also better to prevent the need for it in the first place. True, there may be situations when it is unavoidable, but there are many actions a person can take with one's computer to avoid the kinds of infections that make using such drastic disinfection tools unnecessary.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#6 joemer

joemer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 08 May 2009 - 07:09 PM

Thank you both for your replies.

I am now sorry I tried to alert Combofix programmers for no detection of malware that MBAM picked up easily.
I just thought that this site is is the "home" to communicate such concerns.
My bad, won't happen again on this site.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:24 AM

Posted 08 May 2009 - 08:57 PM

Hi Joe,

Yes, combofix continues to be updated daily. As others have said, though, Combofix should not be compared to MBAM or any other anti-malware tool for that matter. It is more comparable to Hijackthis, but with removal functionality built in. That is what makes it so powerful. The ability for our helpers to diagnose and pretty much remove anything we want. The main design of combofix, though, is not to do the cleaning automatically, though in some cases it can.

What concern is it exactly that you want to relay to the programmers? That MBAM can remove more infections than Combofix? If so, then they know that as the program is not designed to be an anti-malware automatic removal tool. Now on the other hand, if CF is known to remove a particular infection, but is no longer able to, then yes we would like that information so that it can be fixed.

#8 joemer

joemer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 09 May 2009 - 07:56 AM

Hi Grinler

I see your writeup on this malware on this site here. I also see that other 6-7 sites copied your entire text, more or less, maybe without the pictures.

It is still incomplete!

For example, no one mention the \backup\ sub folder in the MC app data location.
Furthermore, no one mention the treatment on hosts file, changing attributes, permissions, and lookups.
Furthermore, no one mention that the MC2009 folder is random name.
Maybe more.

But I am not telling anyone, too much abuse...

J

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:24 AM

Posted 09 May 2009 - 02:23 PM

Joe, I am sorry you see our posts as abuse. They weren't meant to be taken that way.

You are right, I should have mentioned that the folders are random. I have updated the guide to reflect that.

Though the code does show some hosts file changes, in my testing nothing was ever changed. This could be triggered by a trojan that installs it that I do not have access to. I can only write a guide on what I have in front of me.

As for the backup folder, I just installed it again and it does not appear in my installation, which is the latest version. This may be installed by another malware that is bundled with it or that installs it.

Regardless, this has nothing to do with combofix as it typically does not target rogues.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users