Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 SP1 x64 and ComboFix


  • Please log in to reply
12 replies to this topic

#1 Broyd

Broyd

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 30 June 2012 - 01:32 PM

Hi there.

When I attempt to run Combofix on my Win7 SP1 x64 bit system, I am now getting a message
stating that Combofix is only 32 bit compatible.

Can anyone advise me what has happened?

Up until about the beginning of June 2012, Combofix worked perfectly on this system.

Thanks for any light you can shed on this problem.

BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:02:29 PM

Posted 30 June 2012 - 01:49 PM

Hi

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Combofix is not meant to "fix" general computer problems.

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Publisher's Description
From sUBs:
Combofix was designed to scan a computer for known malware, spyware (SurfSideKick, QooLogic, and Look2Me as well as any other combination of the mentioned spyware applications) and remove them.

http://download.cnet.com/Combofix/3000-8022_4-75221073.html


Is there a problem that is leading you to run Combofix?

Roger

Edited by rotor123, 30 June 2012 - 01:50 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 Broyd

Broyd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 30 June 2012 - 02:01 PM

Thank you for taking the time to reply to my question.

I realize that Combofix IS very powerful and that it must be used with caution and normally under guidance
from someone who is familiar with the program.

I HAVE read the disclaimers ...

I do believe I have a virus infection ... ( which is why I attempted to use Combofix).



However, I am getting an error message popup after Combofix starts that Combofix is 32 bit only.

(I do have recent complete system backups so in the event that Combofix were to kill my system, I can
completely restore it).

My question was centered around why Combofix is giving me the 32 bit only message, whereas other threads in this
forum (or subforum), Combofix appears to be working on 64 bit systems.

Thanks again for your time.

#4 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:02:29 PM

Posted 30 June 2012 - 02:14 PM

Since you believe you have a virus I suggest you go to
http://www.bleepingcomputer.com/forums/forum79.html

Read the subforum descriptions and decide which one to post to for help.
Be sure to read the Forum Rules or guidelines first.

Good Luck
Roger

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#5 Broyd

Broyd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 30 June 2012 - 02:23 PM

Thanks Roger.

But I really don't understand why you have evaded my question regarding the 64 bit compatibility issue,
even though I can't find any reference to this change in Combofix's behavior. It claims to be 64 bit
compatible at all bleeping computer locations.

Anyway I guess your response suggests that you have no intension of answering my question directly.

#6 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:02:29 PM

Posted 30 June 2012 - 02:49 PM

Not to be evasive however:

Questions about ComboFix and how it works:

Sorry but discussions pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, updates, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. The only public information that is available can be found in this authorized guide:
How to use ComboFix


And that is all I can really say.

Roger

Edited by rotor123, 30 June 2012 - 02:53 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:29 PM

Posted 30 June 2012 - 04:05 PM

ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/topic273628.html

As to why we don't discuss ComboFix issues in this forum...this is the Win 7 forum, while ComboFix is a malware-neutralization tool which is only used in one forum here at BC. To ask the members in the Win 7 forum...about ComboFix issues...is asking in the wrong place. You don't go to a dentist when your foot hurts...we try to get the stated problem/situation in the right place for suggestions/resolution.

Louis

Edited by hamluis, 07 July 2012 - 01:59 PM.


#8 Broyd

Broyd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 30 June 2012 - 09:06 PM

To answer some points ...

1. I posted the question in the Win7 forum because although my question involves Combofix AND Win7 the problem
appears to be specifically a compatibility issue with Win7 64 bit systems. Combofix still runs fine on winXP.

2. Of the 100+ times I have run ComboFix without guidance (other than reading some of the threads in this forum)
Combofix has never hooped any system. I'm not saying that it could never or would never happen;
I am saying that if Combofix did routinely hoop systems, then Combofix would cease to exist as a useful tool.
I also take note that when you recommend a user run Combofix, that you do not take
any prior precautions to insure that a user's system doesn't get hooped by Combofix ...

In any case, this is why I always have fairly recent system images (not restore points, system images)
from which I can do a complete system restore.

The warning and disclaimers that accompany Combofix are pretty much standard.
Besides, how many antivirus companies have issued antivirus definition updates that have
destroyed user's systems? Almost all of them at one time or another. Caveat emptor ...

3. My own guess about Combofix's current behavior is 1. that the author included some code
that did damage some systems and is currently preventing execution of the program on win7 64 bit systems
or 2. the author now detects the DAZ loader and no longer wishes to help users of such systems.

Anyway, I was just interested in trying to find out about the 64 bit issue
and I was not try to subvert or contaminate your boards by posting in the wrong place
or asking questions that, by no account, deserved a reasonable answer.. Sorry.

I'll now kneel down on grains of Buckwheat and say my 1759 'Hail Mary's.' :wink:

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:29 PM

Posted 01 July 2012 - 08:35 AM

Your sarcasm is appreciated :). Sorry if you don't like the answers that you receive to questions you raise...but that happens sometimes in life. Those answers seem to make sense to most members here, IMO...we don't get any satisfaction out of irritating members and you seem to be interpreting the responses in that manner.

Louis

#10 Broyd

Broyd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 01 July 2012 - 12:29 PM

Hey Louis,

Yes, my responses were/are sarcastic - at least you haven't yet deleted this post or banned me.
I have been working with computers since the first generation of IBM 360 mainframes and have written in assembly language for mainframes, mini's and micro's as well as a whole set of other languages and systems. For 15 years I wrote process control programs and ended my career as a senior system programmer on a mainframe. Computer crashes, bugs, and problems and finding necessary solutions aren't new to me.

But I appreciate the 'protocol' that you (BC) have set up here to help those people who use their PC as tools, without knowing anything about internals. A procedure like this is essential since you aren't right next door to help someone, who by their own efforts may have gotten themselves into a situation from which they can't recover (PC wise).

I've cleaned my PCs, my relatives PCs, and friends PCs on numerous occasions; none of these folks know anything about internals, and if they think they know, they are more dangerous than not! :hysterical:

Combofix is an excellent tool! The author(s) of this code deserve(s) the highest accolades. I am quite sure that many retail anti-virus companies could learn a great deal from this code. Combofix behaves like a precision surgeon and deserves the highest respect. I also understand that it is necessary not to reveal any essential information about how the code works; not only to prevent malware writers from exploiting any weaknesses in the code but to prevent commercial vendors from copying the methods used. And as I have already mentioned it has never hooped any of the systems I have used it on. It can fix systems in a lot less time than system restores, which is why I applaud it so highly and why I am trying to pursue the reason it no longer runs on (my) Win7 x64 system.

Life is a learning experience - and if we don't treat it that way, we lose something valuable. For me, I found your response (you Louis, and Roger) to my question both evasive and arrogant; perhaps not intended, especially in light of the requirements of your 'protocol'. But people's interactions to any situation are not only what YOU intend but how other react to you.

I do hope the author(s) of Combofix see fit to re-enable the code for use on Win7 X64 systems but that is strictly in their hands.

Regards, Pete.

#11 Broyd

Broyd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 01 July 2012 - 03:08 PM

Final update: Important

I restored my system from a system image from before the time that 'Combofix' quit working.

It now works as before, namely it works on Win7 x64.

Conclusion: I got infected with malware that prevented Combofix from running.

I didn't think that could happen!


PS. I was always extremely careful to download Combofix only from www.bleepingcomputer.com

Learn something new every day!

#12 Broyd

Broyd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 July 2012 - 12:43 PM

One final update! Really this time I mean it.

After fighting with this problem since I first reported it here, it turns out that the problem appears to have been a problem with Combofix itself, not being compatible with certain Microsoft updates. Since yesterday July 6, I have noticed Combofix go through quite a number of updates. The latest version runs fine on the original system image in which I noticed the problem first.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 07 July 2012 - 01:16 PM

Conclusion: I got infected with malware that prevented Combofix from running.

I didn't think that could happen!

Just like malware can prevent an AV or other security tool from running, it can hamper Combofix as well, that is really not uncommon. If you suspect you're infected then my best advice is indeed to follow the prep guide in order to see it properly removed. This is not a Combofix bug.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users