Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pointers/Tips Reading Combofix log


  • Please log in to reply
6 replies to this topic

#1 bernie50

bernie50

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 16 November 2010 - 04:14 PM

Hi all. Got a question about reading the Combofix log. Basically my boss thinks that there are some computers in the building where I work that have bugs in them affecting their performance. We have computers with Windows XP/SP3 and McAfee VirusScan. He's asked me to run Combofix on all the computers to see if there is any malware and then report to him the results. My question mainly is "How do I tell?" He's used Combofix before and says basically that if I see anything in the log file that shows "Other Deletions" that it was infected. Being a newbie to using Combofix, I thought I'd ask ya'll and see if you can provide any pointers (what should I look for). Don't think you want me posting a dozen logs, you've got more important things to do. So could somebody give me a little advice on what to look for? Many thanks in advance for ANY help or tips you can offer.

Edited by Budapest, 16 November 2010 - 05:23 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 16 November 2010 - 05:24 PM

Sorry but discussions pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, updates, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers.

http://www.bleepingcomputer.com/forums/topic273628.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 bernie50

bernie50
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 November 2010 - 11:49 AM

Sorry, I thought that if somebody had a question about a bugged computer (or even a computer that MIGHT be bugged - maybe they don't know for sure), this was the place to go to ask for help. Is that an incorrect assumption then? And if I do need help, who would you recommend I take it up with?

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:45 PM

Posted 17 November 2010 - 12:11 PM

The place to ask the questions you just made mention of is here: Am I infected? What do I do?

Please read this for more complete information: How do I get help? Who is helping me?

Your first post was not phrased that way and that is why you got the reply you did. We are not able to explain the inner workings of the tools employed to remove malware for the reason explained. We will however help you diagnose potential issues and help you resolve them using the free tools at our disposal, and to the team members assisting you.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 bernie50

bernie50
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 November 2010 - 12:40 PM

Cool. BTW, did you read the actual post? All I really want to know is... if I run ComboFix, how do I know if it found and fixed any "bugs" or not? Is that a question you can answer? Or is that a question somebody in the "Am I infected. What do I do?" forum can answer?

#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:45 PM

Posted 17 November 2010 - 01:14 PM

You're welcome. And yes I actually did read your post. Unfortunately it's not a simple answer due to the complexities of having trained people give you honest quantified answers with forum provided information by both parties. The output of a log is complex and must be analyzed taking into account individual settings and software/hardware configurations. With malware analysis 'one size does not fit all'. Again the difficulty is in giving you self help information that doesn't violate the wishes of the malware tool author/s. My apologizes for being intentionally vague, but that is by design to conform to the wishes of our malware tool authors.

It's actually as simple as you describing the issues with the machine in as much detail as possible. The trained malware helper assessing the potential issue/s then offering a set of tool or tools to run, to give an output that they can analyze to be able to recommend a fix for, if issues are present.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:45 PM

Posted 17 November 2010 - 01:54 PM

He's used Combofix before and says basically that if I see anything in the log file that shows "Other Deletions" that it was infected.

That is not always true. Combofix, like any other security tool may falsely detect and remove a file. When a trained expert is assisting someone, they will know how to deal with such a scenario.

Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. When issues arise due to complex malware infections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise members what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Those are just some of the reasons we advise not to use ComboFix unless instructed to do so by a trained expert.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users