Windows 7: Do not use Combofix on your own!!

I'm sorry, but I just don't understand how anyone could consider a certification a requirement for something as trivial and simple as removing malware from a computer running windows.

I understand not recommending that someone who cannot do something as simple as recovering their personal files and reinstalling windows, which is all GUI drag-and-drop and point-and-click, to use combofix.



But seriously, I have no formal training, and no "certification" (LOL!), but doing anything mentioned here is so unbelievably easy, it's disheartening to see such pompous smugness exhibited in this thread.

Removing malware, especially some of the newer variants that are around and which integrate themselves into Windows and its core files (including as rootkits) far more strongly than ever before is certainly NOT TRIVIAL. In fact, some are so nasty that the only recourse of action, even after following the advice of Jacee and other malware specialists, would be to do a clean install of the OS and selecting a full format instead of the default quick. We would rather not have to go down this line, but sometimes, unfortunately, there is no other way to get rid of the malware.

To Hydranix. Sometimes removing a infection is simple and sometimes if very difficult. That is only the start of the problem. Now one must repair the damage the infected caused. Most of the time removing the infection does not repair the damage it caused. This can take a lot of time and expert help. That is why sometimes a clean installed is used as Dwarf has posted. The people who create these infections are very talented all though miss guided using those talents. Example in laymen terms.

You get infected with a Trojan, (The Door Keeper) Trojan holds the back door open and let all his buddy infections in and they go to their assigned places and wait for the signal to start doing their nasty things. Removing the Trojan Door Keeper will not fix your computer. All his buddy infection are hiding in all kinds of places. They must be found and removed. These nasty buddy infection tear up Windows 7 house before they are removed. Someone has to right Windows 7 house so it will be happy again. The answer in most cases is the proper programs run in the proper fashion with proper guidance in removing all the infections and repairing the damage. Some times that will mean a clean install.

I've been training for coming up to two years now and, if what you say is correct, then that's all completely pointless? The idea of the training isn't to get you to learn how to tell people to double click on the CF icon to run it, it's to develop the skills required to remove today's malware. Despite what many (and what looks like, including you) think, Combofix isn't designed as a one size fits all removal tool that will get you completely clean with just a double click, it's designed to work alongside a trained helper (hence the warning in the splash screen). Just look at the number of threads that have required the use of a CFScript to remove the remnants. It's the training that teaches you what to look for in a log, then what to do with it - with ~40 directives, it takes a while to learn which to use for a malicious line in a log. Being ignorant to the facts will only leave you in a false state of security.

I appreciate the kind words

Tom

Well -
You've got people out there writing "Mal-ware" -
Then - you've got people out there that are trying to prevent people's computers
from being "infected", "co-opted", "hi-jacked" ...

It's an on-going "run and gun job" - for the people trying to fight this stuff.
The mal-ware writers are very crafty, creative -
one "ploy" don't work anymore - they will try to come up with another one.
Anything to try and circumvent things; that are already in-place - to prevent
"malware"!

Some one doesn't know how to retrieve files, folders, pictures...???
They can be instructed how to do that.

However, what if the "mal-ware" writers have figured out a way to hide their
"nasty" stuff in some files.
(They know how to do that - "MBR", PBR", "System Restore" .... ?!?
Other places.)
I don't like to tell somebody - "Reformat/Reinstall" - everything is gone.
Even if they have a "Partitioned" drive - not just a "C" drive -
maybe a "D" drive, too - where they have their files and folders at.
How do you know, there's not something "hidden" there?!?
They wouldn't do that!!!
Let's "roll the dice" and see!

I was on another forum where somebody asked what "Combo-Fix" does -
Somebody showed up and told the person - nobody is telling.
(Also, the developer of "Combo-Fix" showed up)
"CF" ain't no toy!!
I think that's called - "from the horse's mouth"!

Peace!

rossfingal

Hum I was certified years ago to just listen to the folks who know what they are talking about and in any case it very often comes down to how one uses your machine - you swim in croc infested waters and you have every possibility of getting bitten

Me too, yours, specifically.

Perhaps you will be lucky enough to have a blackholeexploit and see how simple and easy it is to remove and recover your financial info that was stolen.

So glad you joined here to call us pompous and smug. A Guy

Well Bill if the fellow has any sense of responsibility he will front up and maybe own up to being a tad hasty in making such a judgment after all I don't know him personally and he me or any of us in here and a little decorum and manners would be appreciated.

Well thats my view anyway - remains to be seen after all he may be a very nice person even after that hasty remark/s.

I am willing to give him the benefit of the doubt - so we'll see eh?

Oh, I can tell I will like my stay here very much--

OT:
Absolutely true, though I don't see how booting an OS read-only, recovering what can be recovered, without risk of reinfection, and filling the drives with zeroes, reinstalling Windows, and getting on with life can be difficult.

I acknowledge in full though when a company/corporation/institution is hit by targeted malware, that an expert with legally recognized skill is required.


A format and install though, is about the only thing these so-called "professionals" seem to do. Yet they charge as much as $200 for an hour of their time, and complete data-loss. Even for simple infections.

I always found a particular piece of malware quite interesting, after it infected my flash drive at my college, which in-turn infected my home network, completely under my nose. It was conficker. Such an impressive worm. Infects removable media instantly, uses brute force attacks on computers connected via domain or workgroup, with seemingly unlimited time to preform its crack. Once inside, it stops at nothing to spread itself further. Reinfection is almost guaranteed if you cannot completely format each computer on the network, and all others that may connect. At least in early 2006.


Well it would be illegal technically to tell anybody to use ComboFix and charge them money afterwards seeing as it violates the GPL by refusing it's source.

I'm not trying to insult anybody, as this is a noble pursuit, but spotting a line in a log from Hijackthis or whatever tool might be used doesn't exactly require intimate esoteric knowledge that must be purchased. Which is more where my negativity is directed.


The master boot record is very small, and cannot contain close to any sort of malware. It would just render a disk temporarily unable to be booted, which can be fixed fairly easily. System restore is a useless feature that should be replaced with compressed disk images as backups. I know that I shut off system restore, to save my SSD some stress.


I agree, common-sense is the best anti-virus.


Saddened to see most of the folks here feel as if I was directing that towards them. I'm sorry, I was definitely NOT trying to insult anybody at all. I was just pointing out the unjustified gains that are sought for easily obtained knowledge.


Regards,
~Hydranix