Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Do not use Combofix on your own!!


23 Sep 2012   #41

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Hiyya and welcome Shane but mate as Guy says in a very diplomatic way I thought no one is an expert even after 41 years in the health system and I have worked in many areas of medicine I do not and would not claim to be an expert my friend in any of them or all of them.

Personally I think maybe you ought to be a tad more cautious when making statements like you did.

My System SpecsSystem Spec
.

23 Sep 2012   #42

Windows 7 Pro. 64/SP-1
 
 

I was before I retired a Certified Master Mechanic by Ford Motor Company. I have enough diplomas to wall paper a room and I'm still not a expert. How a IT student can be a expert is way beyond my understanding.
My System SpecsSystem Spec
23 Sep 2012   #43

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
I was before I retired a Certified Master Mechanic by Ford Motor Company. I have enough diplomas to wall paper a room and I'm still not a expert. How a IT student can be a expert is way beyond my understanding.
As per my sentiment LB have a string of post grad certs myself and well the tech changes all the time so do certain apps and the like. Malware a classic example of change. So I think our young friend may have been a tad hasty in making that statement eh?
My System SpecsSystem Spec
.


23 Sep 2012   #44

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
Just a question (probably already answered thousand times).

What does exactly that Combofix do? I saw much fuss around it but never saw any post explaining how to use or what it does or how it does that. Maybe it's a nice tool to have

Is there any tutorial, documentation or something about it? Any where to download it?
There is a lot of documentation on it, 162 A4 pages to be precise and ever growing as malware continues to develop. But this information is locked deep within the realms of the malware removal universities who allow their students (including me ) to access them. It is heavily controlled because it is a very powerful tool that is highly effective against a lot of today's malware - revealing how it works to the general public isn't the best of ideas as we'd see malware adapt very quickly to avoid detection by CF. Other, less intrusive, malware removal tools, however, have public tutorials:

HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware

There is further information held privately by the universities, but most of it is in that tutorial.

If you are interested in learning to use CF, and other malware removal tools (OTL, DDS, GMER etc.) then drop me a message and I'll tell you about how to enrol with a malware removal university.

Quote   Quote: Originally Posted by Shane Williams View Post
I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.
Why wouldn't you send that warning out unless the computer was networked? I've quoted it before, and I'll quote it again:

Quote:
ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.


We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

With these logs, we can determine the infections present and decide whether to deploy ComboFix
Written by sUBs, the author of CF. If you wish to ignore our opinions (which I personally think would be an absurd thing to do seeing as the warning was written by an MVP), then surely you'll agree that the author of CF might just have a point here - after all, he did make the thing.

Quote   Quote: Originally Posted by Shane Williams View Post
Quote   Quote: Originally Posted by A Guy View Post
Quote   Quote: Originally Posted by Shane Williams View Post
I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.
The OP is a Security expert, and a MVP. I can't get over people saying, "I used it myself, and had no problems". As if that means that will be the case for everyone. The original warning was for a valid reason, and it still applies. A Guy
You will note that in my post I said "I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it." HMIC = Head man in charge. That would be the expert. on your own PC, you should be fine. I also said that I have used it on several machines as a last resort. Which makes me an expert on personal use of the program. I've used it on everything from 98SE to 7 and have never had an issue when used at default settings.
I think that's a very bold statement to make seeing as you don't know how to use CF properly. CF isn't designed to be a one size fits all style of program, it's designed to be used under supervision of a trained expert as they will know what to look for, and do, with a log. Tell us, how do you know that your computer is fully clean?

Quote   Quote: Originally Posted by A Guy View Post
Quote   Quote: Originally Posted by Shane Williams View Post
on your own PC, you should be fine.
False. On your own PC you MAY be fine. I am amazed that you disagree with trained windows security experts, and feel the need to continue to belabor the issue.

Quote   Quote: Originally Posted by Shane Williams View Post
I also said that I have used it on several machines as a last resort. Which makes me an expert on personal use of the program. I've used it on everything from 98SE to 7 and have never had an issue when used at default settings.
False. It means you have used it with no apparent issues, at least so you say. It in no way makes you an expert of any kind. We have hundreds of thousands of visitors here. We do not want to condone using Combofix on your own. Everyone has the right to do so if they please. But we will still warn them of the dangers!

A Guy


Tom
My System SpecsSystem Spec
23 Sep 2012   #45

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Hiyya tom I missed that one when I quoted the others - thanks
My System SpecsSystem Spec
24 Sep 2012   #46

Windows 7 Professional
 
 

Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.
My System SpecsSystem Spec
24 Sep 2012   #47

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

Quote   Quote: Originally Posted by Shane Williams View Post
Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.
Now Shane no one here is saying you are saying these things in folly and I for one think that maybe you are quite confident in using such apps but I would hazard a guess at the majority of members here would be using say Combofix with great caution or not at all for various reasons including liker myself inexperience or that they are super careful in what they do with their machines.

I think perhaps my friend - and no offence intended your comment of being an expert may have put you a little off side with a few members because in my mind at least no-one can claim to be an expert at or using anything because that implies that one knows everything that there is to know about anything. That I am sure you will agree in all reality and reason is an impossibility.

You are entitled to your own view but I think most would agree that every one of us has the right to our own opinion and the right to agree to not agree.
My System SpecsSystem Spec
24 Sep 2012   #48

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by ICit2lol View Post
Hiyya tom I missed that one when I quoted the others - thanks
No worries It's our standard reply for when people post CF logs from the onset in the malware removal forum. Quite a lot of the time, you will be able to get away without using CF. OTL is very powerful, but couldn't finish off malware like ZeroAccess by itself. GMER is also another good one - here's something I read on a Reddit AmA:

Quote:
Use GMER (GMER - Rootkit Detector and Remover
) every now and then when your spider sense is tingling. Srsly, you can't fool GMER, it scans from the deepest possible point in your system, at ring0 and is impossible to fool, there is nothing deeper than ring0 on a usual PC where malware can hide stuff from. I always wondered why other AV vendors don't do it like GMER, it can detect all rootkits. But when a AV can detect everything, who will pay 30$ a year for signature updates...
Source: IAmA a malware coder and botnet operator, AMA : reddit.com

It must be good if it has a botnet operator worried!

Quote   Quote: Originally Posted by Shane Williams View Post
Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.
I don't understand why you choose to have a security system where you get infected, then remove the infection rather than impose barriers to begin with. There's bound to be traces of malware left all over your system as it's impossible to guarantee that, once infected, a system is can be 100% clean again - short of annihilating the disc with something like DBAN and doing a clean install. You will see experts tell OPs this when a backdoor is spotted in logs

Quote:
I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.
Experience can only go so far with ComboFix. Searching around shows just how many times files have to be manually removed by CF:

Adware.gameplaylab? Live Security Platinum?
My comp won't run out of safe mode - Tech Support Forum

Quote:
I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP.
I disagree. If you were right, then why would the author of ComboFix warn about unsupervised use during the installation?
My System SpecsSystem Spec
24 Sep 2012   #49
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by Shane Williams View Post
Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.
They are maligned because they are crap with Windows 7. MS certification means some company paid a big fee for it. with so much computer experience it would seem you would know to use some security software mate. "Running naked" is like a target painted on your IP.
My System SpecsSystem Spec
24 Sep 2012   #50

Windows 7 Pro. 64/SP-1
 
 

I think the big point is there/their are many people reading these post. Many may try such a program because they really don't understand the damage that can be caused by not having the proper training. When the creator of the program and well experienced security people give warning I would suggest to all, heed that warning. It's like a gun, a great tool but not a toy to be played with by the untrained.
For the untrained like me I would suggest using
Windows Defender Offline
Very simple to use and so far has worked great.
My System SpecsSystem Spec
Reply

 Do not use Combofix on your own!!




Thread Tools



Similar help and support threads for2: Do not use Combofix on your own!!
Thread Forum
Combofix infected System Security
Solved After ComboFix: Illegal Operation, Registry Key Marked for Deletion General Discussion
DDOS Attacks UDP files comeing in please take a look at this Combofix System Security
Solved cannot open combofix.exe System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:00 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33