Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Combofix - "Authorized helper"?

  • Please log in to reply
2 replies to this topic

#1 skitrees


  • Members
  • 1 posts
  • Local time:10:21 AM

Posted 05 August 2009 - 01:19 AM

I am a late comer to Combofix, but that silly vundo pops up on customer computers from time to time. I've only used the Combofix a couple times, but I think I understand the scripts offered by the authorized helpers. The problem is, I'm not 100% certain, and I've had a terrible time finding much documentation about how a person learns to decipher the Combofix logs. Is there a resource available to those who want it?

(Basically, this is my (mis?)understanding of the log reports so far: the potentially infected drivers or files are listed in the R and S sections...the odd-named drivers (usually random-character-type stuff) is listed, followed by identical characters (or description), followed by the file path to the file in question. If the file is known bad, there is no question mark, but if there is a question mark, the file might or might not be infected, if there are two question marks, the file is doubtfully infected - in either question mark case, a person (not the program) should do further investigation in order to figure out if the files are valid or not. So - the non-questionmarked files (and possibly the questionmarked files - depending on research) need to be included in the Combofix script: KillAll:: <file paths of infected files - one to each line> Drivers:: <usually the "random" names given prior to the file paths in the R or S section - one to each line>. Is this close to being accurate at all?

Combofix appears to be a great tool, but I am not usually in a situation where I can post a logfile and then wait for a reply.

Any thoughts or information would be appreciated.


BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,111 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:21 AM

Posted 05 August 2009 - 11:39 PM

The author of the tool does not want information on how Combofix works on public forums.

Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

The only public information that is available can be found at this guide:

How to use ComboFix

I will contact the administration of the malware school about your request.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


#3 harrythook


  • Security Colleague
  • 4,152 posts
  • Gender:Male
  • Location:Philadelphia
  • Local time:09:21 AM

Posted 06 August 2009 - 05:22 AM

Hello skitrees,
Please do yourself a favor, do not attempt to repair things on your own using any of the directives available in Combofix. If you do, there is a very good chance you will either be back asking how to undo the damage, or you could destroy the machine. Combofix is a very powerful tool, and it will do what you instruct it to, including removing critical system files.

Please read the guide to getting started HERE before posting any questions about your computer problems.


Veni Vidi Vici

Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users