Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why shall the Combofix log take so long?


  • Please log in to reply
5 replies to this topic

#1 Dignan17

Dignan17

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 25 March 2014 - 06:35 PM

Sorry for the disjointed headline, I couldn't resist a jab at the funny language in the Combofix application.

 

I was just curious, why does it take such an extremely long time for Combofix to create the log file? It's a two step process that takes at least 5 minutes and as much (I've experienced) as 15-20. All the other tools available on Bleeping Computer that create log files (JRT, for example) write their log files in no time.

 

Sorry, it's just something I've been curious about for a long time, and I thought I'd check if anyone here knew why.

 

I'm also sorry if I posted this in the wrong area. I'm fairly new here.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:23 PM

Posted 26 March 2014 - 07:31 AM

ComboFix is a specialized first responder tool that has the ability to deal with multiple malware infections and has built in removal functionality which makes it very powerful. Combofix is intended by its creator to do two things: 1) automatically remove known infections and 2) provide a detailed system report similar to DDS that a trained expert can use to further investigate and remove malicious files and registry entries.

In most cases ComboFix should not take more than 20 minutes to complete its routine if malware is detected. However, in some cases it could take longer depending on a variety of factors. If a system is badly infected, ComboFix may take more time to complete all it's routines (various stages) than it normally does or fail to run properly. There are also circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD, etc) so that it takes longer to run or may not complete successfully. While that is not normal behavior, it is not unusual.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Dignan17

Dignan17
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 26 March 2014 - 07:36 AM

Thanks for your reply!

 

Sorry, I think there might be some confusion. I completely understand if Combofix takes a long time to do virus removal. I'm asking about the point when all of that is done and all it appears to be doing is creating the log file. There are even two different screens about how it's creating the log file.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:23 PM

Posted 26 March 2014 - 08:25 AM

Discussion pertaining to how Combofx works, the routines it performs, what it can or cannot do, what the log results mean, future plans, development, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions.

Safeguarding ComboFix from malware writers is necessary and important so that we can continue to use it without attackers having knowledge how to defeat it. Everything we discuss can be read by the bad guys. Yes, they read these forum topics looking for clues (knowledge) on how to circumvent our tools and removal techniques. We don't want to provide any information they can use against us so we deliberately do not provide specific information on the specific inner workings of our tools and how we use them in areas where attackers can see that information. As such, our discussion in public areas is limited and sometimes may appear vague or not fully address a specific question so it should not be taken personal.

Please read the ComboFix usage, Questions, Help? - Look here thread, especially the section: :step1: Questions about ComboFix and how it works:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Dignan17

Dignan17
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 26 March 2014 - 11:06 PM

I can totally understand and respect that. I actually think that's awesome.

 

In that case, let me just shout into the void:

 

I would very much love it if Combofix didn't take so long to create its log file!

 

If that finds its way to the ears of people who can make a change, great. If not, so be it :)



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:23 PM

Posted 27 March 2014 - 06:00 AM

Noted.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users