Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix removal tool


  • Please log in to reply
10 replies to this topic

#1 danorse

danorse

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 23 May 2014 - 03:21 PM

Combofix leaves folders/files in root of C: that is not easy to remove manually.
Do you have a removaltool for Combofix?

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:49 PM

Posted 23 May 2014 - 03:32 PM

Hi danorse and welcome to BC.

If you don't understand Combofix, you really shouldn't be running it without supervision.

If Combofix is uninstalled the correct way, those folders/files won't be a problem to remove.

The correct way to uninstall ComboFix is by:
Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok
cfu.png

This action will uninstall Combofix and also perform a few cleanup measures

Alternatively:

Download OTC and save it your Desktop.
Double click the OTC icon to run the program.
Click the 'CleanUp' button.

This utility will cleanup an assortment of tools used during malware removal, plus itself

BBPP6nz.png


#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:49 AM

Posted 23 May 2014 - 03:32 PM

There are 2 easy ways to remove Combofix

 

1. type "combofix /uninstall" in the run box (win+R) and hit enter.

2. rename the Combofix.exe file on your desktop to Uninstall.exe, and double click it.

 

:busy:

 

(Beat me to it by seconds, Starbuck... you keyboard ninja)


Edited by TsVk!, 23 May 2014 - 03:34 PM.


#4 danorse

danorse
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 23 May 2014 - 04:38 PM

Thanks.

But why does Combofix need supervision --  spesifically? What harm does it do to a computer without supervision?

So far it has not given me any problems, and it seems to do its job perfectly well all by its own... except it leaves some files behind.

 

p.s. I am a computer professional



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 PM

Posted 23 May 2014 - 04:48 PM

There are risks involved when using Combofix...BleepingComputer recommends that people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:49 AM

Posted 23 May 2014 - 04:50 PM

Some malware hooks itself deep into the system, remove essential files and replace its' own malicious version in place.

 

Combofix can see these infected files then remove them, making your Windows installation unbootable.


Edited by TsVk!, 23 May 2014 - 04:56 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 PM

Posted 23 May 2014 - 05:02 PM

One other thing danorse...

Bleeping Computer is a family oriented site where we offer assistance to those who know very little about computing. As such, our forum discussion board is primarily targeted more for the novice user as they comprise most of our membership. We provide help based on that premise since it is impossible for us to know the extent of a member's background, knowledge level and experience until we get to know them. We also keep this in mind when writing replies since we know many novice members read various topics searching for answers without ever posting a reply.

I hope you can appreciate and understand why we do this so please don't take some of our comments as an affront to you personally in regards to your knowledge, skill or abilities as a computer professional.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 danorse

danorse
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 23 May 2014 - 08:44 PM

Ok, thanks, I understand your concern...

I basically do the same thing as you -- except I repair computers in my local community, physically -- 4-5 PCs per week... and I have routiniously run combofix on all of them for 5 years now without any problems at all.. (not once) -- most of these computers are heavily infected to say the least...

This is the background for my question, so again, do you have a reference manual or something more specific?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 PM

Posted 23 May 2014 - 09:03 PM

The only public information that is available can be found in this authorized Guide and tutorial on using ComboFix hosted by BleepingComputer.

It provides the instructions for How to uninstall ComboFix
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 danorse

danorse
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 26 May 2014 - 07:15 PM

Thanks for your response, it was actually what I missed.

Xplode also has a utility that is quite useful called DelFix.

https://toolslib.net/downloads/viewdownload/2-delfix/



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 PM

Posted 27 May 2014 - 06:12 AM

Yes, DelFix is a utility which is used after a system is cleaned of malware to automatically clean up an assortment of specialized fix and removal tools used at that time during the disinfection process.

It can be used as an alternative if the normal method of removing ComboFix does not work properly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users