Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Changes made by ComboFix?

  • Please log in to reply
No replies to this topic

#1 MenckenClemens


  • Members
  • 1 posts
  • Local time:01:51 PM

Posted 28 July 2010 - 03:28 PM

Hi all, first time poster here.

I work regularly with a commercial application, and I'm running into a rather odd situation that appears to be related to ComboFix.

As part of its basic functionality, the product creates log files of transactions that are transferred regularly (to the host server by a local service. For instance, when a user makes a data change in the application, the transaction is logged on the local computer; the service contacts the listener on the server, and assuming it receives a valid response from the listener, it pushes the transaction log up to the host.

I do know that the service is transferring the files via TCPIP. It determines the server name and port number of the listener based on the custom file extension of the transaction file.

Recently I've been doing some testing with ComboFix, based on reports that after running it, this process no longer works. I've been able to reproduce it myself - run ComboFix on a VMWare image (even without a malware infection), reboot, and afterward the transaction files are created but they are never transferred up to the host.

I've attempted to track down the exact cause of the problem myself, but haven't hit upon it yet. I do know that whatever change is made by ComboFix, it is not in the application's files or registry; if I run ComboFix on the image, then install the app, it's still broken. The only solution I've found so far is to reinstall the OS. The application vendor states that because they don't have any information on what ComboFix does, they can't help with a more graceful solution.

I'm hoping that someone can give me some thoughts on what ComboFix might change that could cause something like this. I understand that details on exactly what ComboFix does are guarded (and I understand WHY, as well), but if anyone could point me in the right direction, I would greatly appreciate it.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users