Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix - possible to exclude a process from termination?


  • Please log in to reply
2 replies to this topic

#1 Tim Farren

Tim Farren

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 11 December 2009 - 09:17 AM

Hey everyone.. I'm new here, so I apologize if I posted this in the wrong place.

I am an IT Professional and have been using Combofix for over a year and love it. It kills most any problem infection I have run up against - except for a couple of occasions where the nasty virus was preventing combofix from running..

Anyhow.. I use a product to remotely administer my machines. The problem is, when I run ComboFix it always terminates the executable that I use for remote admin, so I usually end up telling the customer to watch and reconnect me when ComboFix has finished running.

Is there a way to launch ComboFix and tell it to leave a certain process or executable image name alone?

Help is much appreciated!!

- Tim

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:36 AM

Posted 11 December 2009 - 10:29 AM

Unfortunately the author of the tool does not want information on how Combofix works on public forums. This is in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. That's the decision by the creator and we will abide by that decision.
Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

The only public information that is available can be found at this guide:

How to use ComboFix


This link may help answer questions you may have. ComboFix usage, Questions, Help? - Look here

~Blade

Edited by Blade Zephon, 11 December 2009 - 10:30 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:36 AM

Posted 11 December 2009 - 12:16 PM

ComboFix is an Anti-Malware tool used by advanced malware technicians


specifically trained in its use.


Please DO NOT USE COMBOFIX on your own without supervision!!!


We ask that you obey the warnings about using this tool. Why? The warnings are given for a reason and one of them is to inform our members about the consequences that may occur when using ComboFix in an unsupervised environment. Yes, ComboFix is an excellent but powerful tool. I liken it to Acetaminophen (Tylenol). Used correctly, the drug will help with your aches and pains. Used incorrectly, it can destroy your liver and eventually kill you. The same scenario applies to ComboFix. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable.

A few comments from one of our malware experts, Papakid:

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


The following is our standard warning when we see its use mentioned outside of an advance malware forum:

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Bleeping Computer and sUBs will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own.


:inlove: Questions about ComboFix and how it works:

Sorry but discussions pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, updates, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. The only public information that is available can be found in this authorized guide: How to use ComboFix


:flowers: ComboFix logs, where should I post them?

ComboFix logs are not permitted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the HJT Team Experts.


:thumbsup: A Statement about Malware Removal:

There are no guarantees when it comes to malware removal and that includes the scanning and specialized fix tools we use. Infections will vary and some will cause more harm to your system than others. Thus, sometimes it takes several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and can produce disasterous results after using the available tools and security scanners for disinfection. How can that happen?

All scanning tools are susceptible to glitches, bugs and false positive detections and removal of critical files from time to time resulting in computers that become unbootable or get stuck in an endless reboot loop. Even major anti-virus vendors are not immune to such issues either and here are just a few reported examples.In most cases when these problems occur, the anti-virus vendors and security tool developers take quick action to correct the problem and provide support to those users who have been affected.


:trumpet: I used ComboFix on my own and encountered problems. What should I do?

Take responsibility for your decision to use ComboFix despite the numerous warnings that are provided not to use the tool in an unsupervised environment rather than attribute blame to others.

With that said, we at Bleeping Computer will try to assist our members if they encounter a problem and ask for help. We understand that even under the supervision of an expert, something can go wrong to include false positives on critical system files resulting in unbootable machines or other issues. If such a scenario happened with you, here are some basic guidelines to follow:
  • Start a new topic, give it a relevant title and provide a description of your problem, a summary of any anti-malware tools you have used and a summary of all steps that you have performed on your own.
  • Please be specific and describe exactly what happened when you ran ComboFix. Include any error messages that you received. If your machine is bootable, providing a How to take and share a screen shot in Windows can be useful in helping to resolve your problem.
  • After starting your topic, please be patient as it may take time to get an answer. False postives, glitches and bugs resulting in computer problems have to be reported first to the tool's developer and then investigated before anyone can advise what corrective action needs to be taken. That may require the developer to conduct some testing and obtain sample files for analysis. Also keep in mind that staff members are all volunteers and we assist other members as well as you when time permits. No one is paid for their work or assistance to members of our community.
  • Unless you are an expert, do not reply to someone else's topic with instructions, especially if they are already in the process of getting help from a member of the HJT Team or trusted staff. If you have a similar issue, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware so please start your own topic. Those awaiting assistance, please read the pinned sticky How do I get help? Who is helping me?. It's important that you know who you should trust to take advice from.
Again, we ask that you please be patient. It may take a while to get a response but your problem will be reviewed and answered as soon as possible.

Thank you for understanding.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users