: If you ran or want to run ComboFix on your own due to malware infection, please be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS
should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. ComboFix was never meant to be used
as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses.
Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here
With that said, ComboFix automatically disables autoruns
the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that attack vector, configured ComboFix to disable the autorun feature. Many security applications disable this feature as well and even Microsoft recommends doing the same
Microsoft Security Advisory (967940): Update for Windows AutorunMicrosoft Article ID: 971029: Update to the AutoPlay functionality in Windows
...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715
Note: If using Windows 7
, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes
and improvements to AutoPlay
so that it will no longer support the AutoRun functionality for non-optical removable media.
Disabling autorun/autoplay does not
prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled
and get into the habit of accessing your media devices manually.
If you are insistent on enabling Autorun again, please refer to Microsoft Article ID: 330135 - The AutoRun feature does not work
Edited by quietman7, 10 February 2011 - 01:37 PM.