Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, thanks, and question about ComboFix


  • Please log in to reply
5 replies to this topic

#1 permutations

permutations

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 June 2012 - 11:50 AM

Hello. I found this site when I got the S.M.A.R.T. Check virus on my main computer yesterday. The "Trial Version" notice in S.M.A.R.T. Check (where did THAT come from??), and the fact that I could not exit from it OR SHUT DOWN, made it clear within seconds that I had a virus and not a HD problem. I aborted what it was doing fast enough to prevent installation of the rootkit, so there's that. (((sigh))) Still, it took many hours to get rid of it because the computer it infected was already somewhat ill (genuine HD problems). I couldn't boot into Safe Mode at first and I couldn't do anything in normal mode with the virus running. I finally resolved that.

Anyway, in googling this virus I found your excellent removal instructions, and the computer in question is now virus-free, as far as I can tell. I'm still running scans with different software to make sure I got it all. S.M.A.R.T. Check got straight through Comodo, so that's not adequate. I need to buy the Pro version of something for real-time scanning. I'm testing different anti-spyware software, and so far SuperAntiSpyware seems the best. Malwarebytes Anti-Malware did not find the executables. I found them myself by launching MSCONFIG and seeing what was being started with Windows. SAS finds them, though (I have them zipped up now, and SAS found them within the zip). I manually removed the registry entry with RegEdit.

I have a question ... I am very expert with computers, I'm a programmer and was a long-time computer journalist. I know where my Windows system files are stored and I can edit the registry without crashing anything. I can be trusted with ComboFix, but as far as I can tell it lacks documentation. I haven't installed it yet, but I haven't seen any documentation online except for "find an expert to help you". Is there documentation somewhere for someone who does have computer expertise?

Thanks for what you do here!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:47 PM

Posted 02 June 2012 - 12:41 PM

There is no documentation on how to run Combofix, because the author of the tool wants it that way.

Since you want to use combofix, Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:47 AM

Posted 02 June 2012 - 01:54 PM

sUBs, the developer of ComboFix, has asked that the inner workings of the tool not be discussed in public in order to safeguard and protect the integrity of the tool from malware writers.

:step1: Questions about ComboFix and how it works:

ComboFix usage, Questions, Help? - Look here

Safeguarding ComboFix from malware writers is necessary and important so that we can continue to use it without attackers having knowledge how to defeat it. Everything we discuss can be read by the bad guys. Yes, they read forum topics looking for clues on how to circumvent our tools. We don't want to provide any information they can use against us so we deliberately limit discussion which sometimes may appear vague or not fully address a specific question. That's the decision by the creator of ComboFix so we hope you understand and it should not be taken personal.

The only public information that is available can be found in this authorized guide: How to use ComboFix.


The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#4 permutations

permutations
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 June 2012 - 02:23 PM

CrypoDan - I don't have a current problem I'm looking for help with or need to post logs about. I removed "S.M.A.R.T. Check" on my own last night.

Animal - Thanks for the info. I understand. I guess it's not a tool I will use, then, since I'm usually able to figure things out on my own. But there are plenty of other tools for me to use.

Thanks for the site - great site.

#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:47 AM

Posted 02 June 2012 - 02:42 PM

Your understanding the situation regarding ComboFix is greatly appreciated. Thank you for the kind words regarding the site.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:47 PM

Posted 02 June 2012 - 02:44 PM

Also my post above was there if you needed help with removing the malware that you had. It can be very tricky with the latest rogues out there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users