Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix odd behavior


  • Please log in to reply
4 replies to this topic

#1 dukeofurl

dukeofurl

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 31 August 2011 - 07:43 PM

I was at this place doing a malware removal job, but there was no internet connection. Usually I would just download the latest combofix at the time.

But no problem, I had an month old version on my flash drive.

I tried to run the version that I had, it said that it was outdated and (forgive me if details are fuzzy, I'm going from memory) it said something like Say Yes to exit, or no to run in reduced functionality.

It was all I had, so of course I said no to run in reduced functionality, but instead of running in reduced functionality, it exited itself and then deleted itself from my disk.

Why? Why did it not do what it said it would do?

Edited by Orange Blossom, 01 September 2011 - 12:16 AM.
Moved to AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 01 September 2011 - 08:25 AM

Using older versions of ComboFix is not recommended. sUBs frequently updates ComboFix with new versions not only to keep it effective against malware but to minimize the possibility of risk or serious side effects which could result in system damage after running his tool. When that occurs, older versions may no longer work properly. This is more of a protective measure since most folks are unaware of version changes and we do not discuss what they are or what ComboFix does in public to protect the integrity of the tool from malware writers.

ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or folders on a computer. When the tool is required for system disinfection, the most current version should always be downloaded before running it and outdated versions should be deleted.

This is just another reason why you should only use ComboFix under supervision. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dukeofurl

dukeofurl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 02 September 2011 - 05:57 AM

Yes yes, I know that using older versions is not recommended, this version was not that old, maybe a month. It couldn't be helped. What was I going to do, not use it? Use something that takes twice or three times as long to run? I've been using it for a long time. I'm a big boy, I feel that I was safe. If the program was any older, I would not have used it since there is not an easy way to update it.

The only point though that I'm trying to figure out is, why did the program not do what it said it was going to do? Why did it say one thing and do another? "The program was old" is not an answer to that. It was only a month old, not a year.

I'm not trying to be a jerk here, it's a legitimate question. If the program is not going to run, that's fine, then it should at least say so instead of saying that is is going to run, and then not do so. But if there's no internet connection, how does the program know that it's out of date anyhow?

Edited by dukeofurl, 02 September 2011 - 05:57 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:06 AM

Posted 02 September 2011 - 06:39 AM

I understand your frustration and that you're not trying to be a jerk by asking legitimate questions. There have been at least 3 updates in August.

Combofix has a built-in time out (expiration) feature which is there for protection against using outdated versions which may cause serious problems with a computer if used. This date check is a safety feature deliberately incorporated for that very reason. "Reduced Functionality" mode is intended to protect users from using outdated versions as most of the tool's features are disabled except for those known only by trained experts who can provide guided instructions.

With the amount of work and effort sUBs puts forth in CF, he does not have time to go back and correct older versions to ensure they continue to work so it's easier for him to allow them to expire.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 dukeofurl

dukeofurl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 02 September 2011 - 05:29 PM

Ok, that is a fine explanation and somewhat explains it, but at the same time, there was no "Reduced Functionality" mode even though it mentioned it, in fact there was no mode at all. The program exited and then deleted itself from disk, despite it saying that it was going to run in "Reduced Functionality", it did in fact not do that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users