Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

To the Combofix programmers


  • Please log in to reply
8 replies to this topic

#1 elementalwindx

elementalwindx

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 27 October 2014 - 09:46 AM

Would you guys PLEASE look into GFI Max Remote Management and please script in a method that will not kill their programs so that we can remotely fix computers with our software? :) We use teamviewer to remote in as well. 

 

It seems that combofix kills all remote methods this company provides to get into the computer and even see if it is still online or not. 

 

 

Thanks.



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 AM

Posted 27 October 2014 - 05:31 PM

Create a dedicated folder under program files or in the C:\ drive and it wont be terminated. The problem is its either running from the user's profile or a temp folder and being seen as malware.

#3 elementalwindx

elementalwindx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 27 October 2014 - 07:54 PM

ah okay. Yea I typically run it from the desktop or downloads folder, renamed to something random of course.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:45 AM

Posted 27 October 2014 - 09:33 PM

Yes...programs should not be running from a temp folder or user profile which is meant to hold data, preferences, settings, and configuration files. Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from and both the user profile and temp folders are common hiding places for malicious files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 elementalwindx

elementalwindx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 December 2014 - 12:10 PM

I've created c:\CF\blah.exe (combofix.exe) and it is still killing teamviewer......



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 AM

Posted 04 December 2014 - 12:32 PM

It doesnt matter where ComboFix runs from, the locations of the tools you do not want terminated does. Make sure teamviewer is not running from a user profile.

#7 elementalwindx

elementalwindx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 December 2014 - 12:35 PM

It doesnt matter where ComboFix runs from, the locations of the tools you do not want terminated does. Make sure teamviewer is not running from a user profile.

Unfortunately I have no control over that as I am using GFI's "take control" feature which uses teamviewer to remote to these computers. :(

 

To my knowledge it runs from C:\program files(x86)\teamviewer\


Edited by elementalwindx, 04 December 2014 - 12:36 PM.


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 AM

Posted 04 December 2014 - 12:58 PM

Sorry, forgot something. You are getting disconnected because CF terminates the internet connection while running. Nothing that can be done about that.

As useful as CF, its not designed to be a remote support tool.

#9 elementalwindx

elementalwindx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 December 2014 - 01:00 PM

Yea I love CF. Just wish it would work remotely. Or at least have a flag I can run like blah.exe /remote to where it would allow the computer to come back online after it was finished. Kind of like a "don't prompt me for questions and just do your job and come back online when your done" kind of thing.


Edited by elementalwindx, 04 December 2014 - 01:01 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users