Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix cannot run with AVG installed ?????


  • This topic is locked This topic is locked
6 replies to this topic

#1 julio quadros

julio quadros

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 12 November 2010 - 03:35 AM

Hello there

a week ago I noticed combofix will not run if AVG is installed. I think that is ridiculous, absolutely ridiculous, unless someone explains that to me. I would say that disabling the resident shield would be enough !

Can you imagine to clean a network of 100 PC's with AVG installed ???????

I can't believe someone did that, honestly

julio

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:10 AM

Posted 12 November 2010 - 03:52 AM

Hi,

why do you come here and insult us and demand answers, when all you have to do is install AVG on a PC and run ComboFix for yourself? You can easily check this yourself.

AVG will kill off ComboFix even if its resident shield is disabled. Hence we ask for AVG to be uninstalled. Talk to AVG about this, ComboFix is just trying to make do with the situation it is presented with.

Edited by myrti, 12 November 2010 - 03:52 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:10 AM

Posted 12 November 2010 - 07:44 AM

To expand on what myrti advised. ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove these files resulting in the tool not working correctly which in turn can cause damaging or "unpredictable results". This is an issue with AVG and since it cannot be effectively disabled before running ComboFix, the author recommends users to uninstall AVG first in order to avoid any possible issues.

AVG also has issues with other security tools like Malwarebytes' Anti-Malware. Please read Section H here. Related discussions at AVG:
Further, no one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Tonedef

Tonedef

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 18 November 2010 - 11:20 AM

Can you please explain how AVG would falsely detect ComboFix as a threat if the AVG resident shield (and all of its other components/services/processes) are temporarily disabled, stopped and/or ended?

Scenario: Your computer is infected, and a Malware Removal Expert recommends running ComboFix.

1. Disable all AVG services and reboot computer into Safe Mode.
2. Run ComboFix. Let it run and reboot the PC as needed.
3. Reboot into Normal Mode and restart/re-enable AVG services.

There will/can be absolutely no conflict or false threat detection at all. It's not like you'd run a manual AVG scan while ComboFix is running.

I understand the intent behind the warning message from ComboFix's developer's perspective, but CF should detect whether AVG is *running* ...not whether it is *installed*.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:10 AM

Posted 18 November 2010 - 11:34 AM

The issue is with AVG since it cannot be effectively disabled, not ComboFix. The developer of ComboFix is a well known security expert who knows what works best or doesn't work while using his tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Tonedef

Tonedef

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 18 November 2010 - 12:44 PM

That is not true. Maybe it is true for certain versions of AVG, or for users without administrative privileges. But just yesterday I was working on a computer with AVG 9.0 installed, logged in as domain administrator, and I was able to disable all AVG services and end all AVG processes. There was no AVG component running at all. Also, I have run older versions of ComboFix (without this warning) on several computers running various versions of AVG, while AVG is running, and ComboFix has cleaned the infected computers 95% of the time. (I do IT support for several different companies, and AVG is one of our main antivirus applications, and so I have encountered this combination of AVG/ComboFix on approximately 50 different computers on ~10 different companies' networks over the last several years).

The point is that ComboFix does not need to *refuse* to run if AVG is installed, it only needs to notify the MALWARE REMOVAL EXPERT, who can then make an educated/informed decision about whether or not they want to accept the risks and run both tools (or disable AVG and then run ComboFix).

Right now I am working on a computer that is infected with a trojan, and I have run Malwarebytes Antimalware, Spybot and AVG. I would normally run ComboFix but I am encountering this error. Also, due to damage done to Windows by the malware, Add or Remove programs is not populating and the AVG uninstaller is failing due to an error accessing a Windows Registry key. ComboFix is the most powerful and effective malware tool that I have used, and it is now completely unavailable to me due to other users' inability to disable their AVG antivirus software. Does that seem right to you?

Edited by Tonedef, 18 November 2010 - 12:46 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:10 AM

Posted 18 November 2010 - 01:38 PM

That is not true....The point is that ComboFix does not need to *refuse* to run if AVG is installed,....

THe developer feels differently and until he determines otherwise, AVG users will have to follow his instructions.


(I do IT support for several different companies, and AVG is one of our main antivirus applications, and so I have encountered this combination of AVG/ComboFix on approximately 50 different computers on ~10 different companies' networks over the last several years).


Posted Image

As you can see ComboFix is meant for private use. The developer did not intend for his tool to be used any other way and it certainly was not intended for those running a computer business or for use in a business/corporate environment. Those are the terms of usage and we will abide by them.

This thread is closed. If you have any further questions, please PM a Moderator or Site Admin.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users