I am working on a computer that had a range of malware on it. When I try to run ComboFix to clean it ComboFix will not start because Windows appears to be Windows 2000 and ComboFix will not run on Windows 2000. I have reviewed FAQ's and KB discussions that discuss ComboFix compatibility but I do not believe that is the issue.
I THINK A MALWARE DESIGNER GOT SMART AND FIGURED OUT THAT IF HE MODIFIES WINDOWS TO LOOK LIKE WINDOWS 2000 COMBOFIX WILL THROW UP ITS HANDS AND REPORT BACK THAT IT CAN NOT RUN ON THIS PLATFORM. THE MALWARE IS SAFE AND AS IT CAN NOT BE, OR WILL NOT BE REMOVED.
I have looked through the registry (in some places) but I have not found where ComboFix looks to find out what O/s it is running on. I expect that if I simply modify the key or file back to proper settings for Windows 8 or 8.1 Combofix will be able to do its job. Can anyone tell me where Combofix looks to find out the O/S version.
Suggestion to SUBs: It may be time to get a bit more rigorous about confirming the Windows version.