Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix problem


  • Please log in to reply
6 replies to this topic

#1 peterlonz

peterlonz

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 22 July 2013 - 01:05 AM

I wished to try this SW & I did see the "don't use unless asked to" warning on the BC download page.

I thought I was familiar with how it would run but I immediately came across an unexpected problem.

 

Combofix started & advised I had two AV programs running which I should close before proceeding.

BUT ................ how the hell do you disable Avast & MSSE?

A quick Google & MSS was disabled for one hour but Avast demanded a password & then refused my passwords.

Now I can't go forward or backwards because Combofix can't be aborted.

I would have liked to have been warned of this.

I have no option but to reboot with Combofix still "waiting" - don't wish to proceed bearing in mind the warnings!

 

OK so now it takes forever but eventually after downloading a special Avast uninstaller & using Safe Mode I have Avast uninstalled.

 

I try Combofix again but now it refuses to run saying:

"Combofix can not be run in compatibility mode".

This is a trap anyone could fall into & I suggest Combofix has a back or abort button for such situations.

Is there anyway to restore whatever has happened to prevent Combofix from running?

 

Thanks

 

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:26 AM

Posted 22 July 2013 - 02:00 AM

How to Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

Your first problem is that you had / have 2 Antivirus programs installed - Please first Uninstall one Fully -

Go to their site, or Google How to Uninstall ............

 

Was there a problem that caused you to run ComboFix unsupervised in the first place ??

 

If you are infected badly please read Preparation Guide and post a new topic in Virus, Trojan, Spyware, and Malware Removal Logs

 

This topic may be transferred by a Moderator, but please read the linked Prep Guide, and post any requested logs -

 

Please post to the Malware Removal Logs area and describe your problem, even if you are unable to produce the requested logs, and an Expert will assist you with removal of the problem -

 

Thank You -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:26 AM

Posted 22 July 2013 - 09:23 AM

Compatibility mode allows an older program written for an earlier versions of Windows to run on a new version. Running ComboFix in Compatibility mode may result in applying certain registry fixes specifically intended for a different operating system which can result in serious damage. As such, ComboFix will provide a warning message:
CF_compatibilityMode.png

This is one of the reasons why we recommend not to use ComboFix on your own. There are risks involved and we would prefer it if someone who knows how to resovle any issues that may arise is supervising its use.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 peterlonz

peterlonz
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 22 July 2013 - 08:16 PM

It looks as though I may not have been as clear as I intended:

1) I considered using Combofix because my PC has become very slow.

2) My OS is Win7-64; CPU = Intel I7 860 quad core 2.9GHz; RAM = 4Gb'

3) I have run Avast & MSSE together without problems for just over one year, yes some minor slowing seen but accepted.

4) Additionaly I run AdWare cleaner, JRT, & SASW at least weekly & very rarely see anything except the occasional false positive.

5) Except for the relatively sudden onset of extreme slowness I have no reason to think I may mave malware present.

6) Very slow but everything still works.

7) Had I been able to easily remove Avast without the use of Safe Mode I probably would not have this problem now.

8) I considered disabling both running AV's before running Combofix, but that is not what the instruc tions I read advised. I wanted to follow exactly the documented procedure.

9) The process I describe above inevitably resulted in a reboot whilst Combofix was waiting for the AV's to be disabled. I had no alternative & no abort or back button.

10) Now Combofix refuses to run & of course I haver not selected compatability mode, presumably this is the result of the forced reboot.

11) I describe this mainly because I see it likely that most AV's will become password protected & others might find themselves in a similar position in which case it would seem highly desirable that Combofix can be safely aborted which at present it seems it can not.

 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:26 AM

Posted 22 July 2013 - 08:42 PM

Except for the relatively sudden onset of extreme slowness I have no reason to think I may mave malware present.

Then you should not have tried to run it. ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for malware.

With that said, there are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual. In such cases, it is helpful to know at what stage ComboFix stalled/crashed and to provide that information to the Helper who is assisting you so they can investigate. Usually using Task Manager to stop ComboFix's related process is enough to abort it...If doing that did not free ComboFix, then you will need to reboot the computer manually.

Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is necessary.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 mb from md

mb from md

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 22 July 2013 - 11:36 PM

Here is another Combofix scenario:

 

I have used Combofix successfully for over three years without problems on various machines of mine and of friends. \

 

Superantispyware and.or Malwarebytes run as a "cocktail" seem to clear most virus problems.  I am working on a friend's machine (Dell PP10, 2005 vintage, 1.8 GHz pentium, 1.25 GB of RAM, OS is Win XP Pro, with service packs).  Machine had only 512 mb of DDR RAM; I dropped in 1 GB to boost it.  Ran Superantispyware and Malwarebytes in succession, which cleared viruses and trojans.  Nero is installed on the HDD..didn't remove it.  There is a program called "Bandino" (or something like it) installed.  Removed Google Chrome and other "NSA certified" stuff.  Defragged the HDD.

 

I attempted to load and run Combofix on this machine.  Combofix booted and ran up to the point where the DOS box appeared and the last item which showed was "scan times for badly infected machines may easily double" with the blinking line below. The program does not get to where any of the "stages" appear.  Any suggestions for clearing this "hang", or is Nero or that "Bandino" program causing trouble?  Haven't tried RootkitBuster, but I thought that asking about Combofix first is appropriate.

 

Is 1.25 GB of RAM acceptable, or does it have to be integral (i.e. 1.5 or 2 GB)?   Has any of the bundled Dell stuff been known to block Combofix?   Any other suggestions to get a successful run of Combofix on this machine?



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:26 AM

Posted 23 July 2013 - 07:16 AM

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. Per the developer, people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

While our policy is not to offer advice on running ComboFix unless we asked someone to run it, we are willing to assist with resolving problems caused after using it and we are certainly willing to help with malware disinfection. If that assistance requires running ComboFix, you will be advised what to do in order to get the tool to run properly or investigate any error messages. If you need such assistance, please read the "Preparation Guide For Requesting Help" starting at Step 6. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users