Do not use Combofix on your own!!

[tom982]

Well... I guess 14 years of using a program doesn't qualify me as an expert. Nor does 20+ years of working with computers. So I'll leave you *experts* to your certifications.

I don't think 14 years of double clicking on a file is comparable to a security expert with access to the restricted tutorials - of which I'm not an expert, but I have access to the tutorials. I'm not arguing whether you're well versed with a computer, of which I'm sure you are, we're on ComboFix here.

FYI- it says IT student because due to health issues I lost my career. I went to get a job in the field and couldnt due to a lack of certifications. Not a lack of knowledge. I would have hoped that you would have asked me pertinant questions about the program, etc instead of attacking me. But I can see that without those certs I may as well be trying to convince a congressman not to load a bill with earmarks.

No one is attacking you, if you felt that way then I'll happily apologise We're all here to learn and help others so I wanted to point out some things to you. I asked you plenty of questions, none got answered, so I gave up.

 

[Britton30]

I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.

Well... I guess 14 years of using a program doesn't qualify me as an expert. Nor does 20+ years of working with computers. So I'll leave you *experts* to your certifications.

14 years?
:shock:

 

[Dwarf]

I'm no security expert, nor do I profess to be one. If I see a post/thread where the OP is having some serious security issues and has already tried scanning with their chosen AV and MBAM without being able to resolve their issue (i.e. it is too deep rooted in their system), then it is possible that tools such as CF might help. I don't recommend its use directly though. Instead, I ask Jacee (either via a VM or PM) to take a look and then make her recommendations. I then let the OP know that I've requested assistance from an expert and ask them that they follow all instructions that she gives (including downloading and running any tools) explicitly and to the letter.

 

[rossfingal]

I have no real business to comment on using CF without trained supervision.
There's no problem doing that if you want to do, maybe, reformat and reinstall -
if things go wrong.
Things don't ever go wrong do they?!?
I wonder what "suBs" and compatriots would say about using it without DIRECT,
trained, guidance.
Here you've got "Jacee" on this forum -
I think I would go by what she says!
Just an opinion!
rossfingal

 

[ICIT2LOL]

I agree with Ross this Combofix and it must be pretty damn good or something to be left alone - so where does the training come from? Not that I particularly want to try it as my own security is up to the job.

But I have to say I don't like dummy spitters in here after all it is supposed to be teamwork.

 

[tom982]

I agree with Ross this Combofix and it must be pretty damn good or something to be left alone - so where does the training come from? Not that I particularly want to try it as my own security is up to the job.

But I have to say I don't like dummy spitters in here after all it is supposed to be teamwork.

Any of the UNITE schools

UNITE - Unified Network of Instructors and Trained Eliminators

 

[ICIT2LOL]

I agree with Ross this Combofix and it must be pretty damn good or something to be left alone - so where does the training come from? Not that I particularly want to try it as my own security is up to the job.

But I have to say I don't like dummy spitters in here after all it is supposed to be teamwork.

Any of the UNITE schools

UNITE - Unified Network of Instructors and Trained Eliminators

Hey Tom what a great ref mate I do look at some of those site but didn't know that training was run by them. Now it's just a matter of cost I suppose

 

[rossfingal]

I agree with Ross this Combofix and it must be pretty damn good or something to be left alone - so where does the training come from? Not that I particularly want to try it as my own security is up to the job.

But I have to say I don't like dummy spitters in here after all it is supposed to be teamwork.

Any of the UNITE schools

UNITE - Unified Network of Instructors and Trained Eliminators

Hey Tom what a great ref mate I do look at some of those site but didn't know that training was run by them. Now it's just a matter of cost I suppose

Training is free.
Note that "Jacee" is in the list of teachers.
Why would I listen to her advice, concerning CF!?!
(Maybe there's a reason?!)

 

[ICIT2LOL]

Any of the UNITE schools

UNITE - Unified Network of Instructors and Trained Eliminators

Hey Tom what a great ref mate I do look at some of those site but didn't know that training was run by them. Now it's just a matter of cost I suppose

Training is free.
Note that "Jacee" is in the list of teachers.
Why would I listen to her advice, concerning CF!?!
(Maybe there's a reason?!)

Thanks Ross and well I suppose you wouldn't argue with the wife would you?? :roflmao:

 

[rossfingal]

"argue with the wife"?
Hmmmmm?!?
Probably NOT!!!
rossfingal
(How does it go - "digression before valor"?!?)

 

[Hydranix]

I'm sorry, but I just don't understand how anyone could consider a certification a requirement for something as trivial and simple as removing malware from a computer running windows.

I understand not recommending that someone who cannot do something as simple as recovering their personal files and reinstalling windows, which is all GUI drag-and-drop and point-and-click, to use combofix.

But seriously, I have no formal training, and no "certification" (LOL!), but doing anything mentioned here is so unbelievably easy, it's disheartening to see such pompous smugness exhibited in this thread.

 

[Dwarf]

I'm sorry, but I just don't understand how anyone could consider a certification a requirement for something as trivial and simple as removing malware from a computer running windows.

Removing malware, especially some of the newer variants that are around and which integrate themselves into Windows and its core files (including as rootkits) far more strongly than ever before is certainly NOT TRIVIAL. In fact, some are so nasty that the only recourse of action, even after following the advice of Jacee and other malware specialists, would be to do a clean install of the OS and selecting a full format instead of the default quick. We would rather not have to go down this line, but sometimes, unfortunately, there is no other way to get rid of the malware.

 

[Layback Bear]

To Hydranix. Sometimes removing a infection is simple and sometimes if very difficult. That is only the start of the problem. Now one must repair the damage the infected caused. Most of the time removing the infection does not repair the damage it caused. This can take a lot of time and expert help. That is why sometimes a clean installed is used as Dwarf has posted. The people who create these infections are very talented all though miss guided using those talents. Example in laymen terms.

You get infected with a Trojan, (The Door Keeper) Trojan holds the back door open and let all his buddy infections in and they go to their assigned places and wait for the signal to start doing their nasty things. Removing the Trojan Door Keeper will not fix your computer. All his buddy infection are hiding in all kinds of places. They must be found and removed. These nasty buddy infection tear up Windows 7 house before they are removed. Someone has to right Windows 7 house so it will be happy again. The answer in most cases is the proper programs run in the proper fashion with proper guidance in removing all the infections and repairing the damage. Some times that will mean a clean install.

 

[tom982]

I'm sorry, but I just don't understand how anyone could consider a certification a requirement for something as trivial and simple as removing malware from a computer running windows.

I understand not recommending that someone who cannot do something as simple as recovering their personal files and reinstalling windows, which is all GUI drag-and-drop and point-and-click, to use combofix.

But seriously, I have no formal training, and no "certification" (LOL!), but doing anything mentioned here is so unbelievably easy, it's disheartening to see such pompous smugness exhibited in this thread.

I've been training for coming up to two years now and, if what you say is correct, then that's all completely pointless? The idea of the training isn't to get you to learn how to tell people to double click on the CF icon to run it, it's to develop the skills required to remove today's malware. Despite what many (and what looks like, including you) think, Combofix isn't designed as a one size fits all removal tool that will get you completely clean with just a double click, it's designed to work alongside a trained helper (hence the warning in the splash screen). Just look at the number of threads that have required the use of a CFScript to remove the remnants. It's the training that teaches you what to look for in a log, then what to do with it - with ~40 directives, it takes a while to learn which to use for a malicious line in a log. Being ignorant to the facts will only leave you in a false state of security.

it's disheartening to see such pompous smugness exhibited in this thread.

I appreciate the kind words

Tom

 

[rossfingal]

Well -
You've got people out there writing "Mal-ware" -
Then - you've got people out there that are trying to prevent people's computers
from being "infected", "co-opted", "hi-jacked" ...

It's an on-going "run and gun job" - for the people trying to fight this stuff.
The mal-ware writers are very crafty, creative -
one "ploy" don't work anymore - they will try to come up with another one.
Anything to try and circumvent things; that are already in-place - to prevent
"malware"!

Some one doesn't know how to retrieve files, folders, pictures...???
They can be instructed how to do that.

However, what if the "mal-ware" writers have figured out a way to hide their
"nasty" stuff in some files.
(They know how to do that - "MBR", PBR", "System Restore" .... ?!?
Other places.)
I don't like to tell somebody - "Reformat/Reinstall" - everything is gone.
Even if they have a "Partitioned" drive - not just a "C" drive -
maybe a "D" drive, too - where they have their files and folders at.
How do you know, there's not something "hidden" there?!?
They wouldn't do that!!!
Let's "roll the dice" and see!

I was on another forum where somebody asked what "Combo-Fix" does -
Somebody showed up and told the person - nobody is telling.
(Also, the developer of "Combo-Fix" showed up)
"CF" ain't no toy!!
I think that's called - "from the horse's mouth"!

Peace!

rossfingal

 

[ICIT2LOL]

I'm sorry, but I just don't understand how anyone could consider a certification a requirement for something as trivial and simple as removing malware from a computer running windows.

I understand not recommending that someone who cannot do something as simple as recovering their personal files and reinstalling windows, which is all GUI drag-and-drop and point-and-click, to use combofix.

But seriously, I have no formal training, and no "certification" (LOL!), but doing anything mentioned here is so unbelievably easy, it's disheartening to see such pompous smugness exhibited in this thread.

Hum I was certified years ago to just listen to the folks who know what they are talking about and in any case it very often comes down to how one uses your machine - you swim in croc infested waters and you have every possibility of getting bitten

 

[Britton30]

I'm sorry, but I just don't understand how anyone could consider a certification a requirement for something as trivial and simple as removing malware from a computer running windows.

I understand not recommending that someone who cannot do something as simple as recovering their personal files and reinstalling windows, which is all GUI drag-and-drop and point-and-click, to use combofix.

But seriously, I have no formal training, and no "certification" (LOL!), but doing anything mentioned here is so unbelievably easy, it's disheartening to see such pompous smugness exhibited in this thread.

Me too, yours, specifically.:shock:

Perhaps you will be lucky enough to have a blackholeexploit and see how simple and easy it is to remove and recover your financial info that was stolen.

 

[A Guy]

So glad you joined here to call us pompous and smug. A Guy

 

[ICIT2LOL]

So glad you joined here to call us pompous and smug. A Guy

Well Bill if the fellow has any sense of responsibility he will front up and maybe own up to being a tad hasty in making such a judgment after all I don't know him personally and he me or any of us in here and a little decorum and manners would be appreciated.

Well thats my view anyway - remains to be seen after all he may be a very nice person even after that hasty remark/s.

I am willing to give him the benefit of the doubt - so we'll see eh?

 

[Hydranix]

Oh, I can tell I will like my stay here very much--

OT:

Removing malware, especially some of the newer variants that are around and which integrate themselves into Windows and its core files (including as rootkits) far more strongly than ever before is certainly NOT TRIVIAL. In fact, some are so nasty that the only recourse of action, even after following the advice of Jacee and other malware specialists, would be to do a clean install of the OS and selecting a full format instead of the default quick. We would rather not have to go down this line, but sometimes, unfortunately, there is no other way to get rid of the malware.

Absolutely true, though I don't see how booting an OS read-only, recovering what can be recovered, without risk of reinfection, and filling the drives with zeroes, reinstalling Windows, and getting on with life can be difficult.

I acknowledge in full though when a company/corporation/institution is hit by targeted malware, that an expert with legally recognized skill is required.

To Hydranix. Sometimes removing a infection is simple and sometimes if very difficult. That is only the start of the problem. Now one must repair the damage the infected caused. Most of the time removing the infection does not repair the damage it caused. This can take a lot of time and expert help. That is why sometimes a clean installed is used as Dwarf has posted. The people who create these infections are very talented all though miss guided using those talents. Example in laymen terms.

You get infected with a Trojan, (The Door Keeper) Trojan holds the back door open and let all his buddy infections in and they go to their assigned places and wait for the signal to start doing their nasty things. Removing the Trojan Door Keeper will not fix your computer. All his buddy infection are hiding in all kinds of places. They must be found and removed. These nasty buddy infection tear up Windows 7 house before they are removed. Someone has to right Windows 7 house so it will be happy again. The answer in most cases is the proper programs run in the proper fashion with proper guidance in removing all the infections and repairing the damage. Some times that will mean a clean install.

A format and install though, is about the only thing these so-called "professionals" seem to do. Yet they charge as much as $200 for an hour of their time, and complete data-loss. Even for simple infections.

I always found a particular piece of malware quite interesting, after it infected my flash drive at my college, which in-turn infected my home network, completely under my nose. It was conficker. Such an impressive worm. Infects removable media instantly, uses brute force attacks on computers connected via domain or workgroup, with seemingly unlimited time to preform its crack. Once inside, it stops at nothing to spread itself further. Reinfection is almost guaranteed if you cannot completely format each computer on the network, and all others that may connect. At least in early 2006.

I've been training for coming up to two years now and, if what you say is correct, then that's all completely pointless? The idea of the training isn't to get you to learn how to tell people to double click on the CF icon to run it, it's to develop the skills required to remove today's malware. Despite what many (and what looks like, including you) think, Combofix isn't designed as a one size fits all removal tool that will get you completely clean with just a double click, it's designed to work alongside a trained helper (hence the warning in the splash screen). Just look at the number of threads that have required the use of a CFScript to remove the remnants. It's the training that teaches you what to look for in a log, then what to do with it - with ~40 directives, it takes a while to learn which to use for a malicious line in a log. Being ignorant to the facts will only leave you in a false state of security.

Well it would be illegal technically to tell anybody to use ComboFix and charge them money afterwards seeing as it violates the GPL by refusing it's source.

I'm not trying to insult anybody, as this is a noble pursuit, but spotting a line in a log from Hijackthis or whatever tool might be used doesn't exactly require intimate esoteric knowledge that must be purchased. Which is more where my negativity is directed.

Well -
You've got people out there writing "Mal-ware" -
Then - you've got people out there that are trying to prevent people's computers
from being "infected", "co-opted", "hi-jacked" ...

It's an on-going "run and gun job" - for the people trying to fight this stuff.
The mal-ware writers are very crafty, creative -
one "ploy" don't work anymore - they will try to come up with another one.
Anything to try and circumvent things; that are already in-place - to prevent
"malware"!

Some one doesn't know how to retrieve files, folders, pictures...???
They can be instructed how to do that.

However, what if the "mal-ware" writers have figured out a way to hide their
"nasty" stuff in some files.
(They know how to do that - "MBR", PBR", "System Restore" .... ?!?
Other places.)
I don't like to tell somebody - "Reformat/Reinstall" - everything is gone.
Even if they have a "Partitioned" drive - not just a "C" drive -
maybe a "D" drive, too - where they have their files and folders at.
How do you know, there's not something "hidden" there?!?
They wouldn't do that!!!
Let's "roll the dice" and see!

I was on another forum where somebody asked what "Combo-Fix" does -
Somebody showed up and told the person - nobody is telling.
(Also, the developer of "Combo-Fix" showed up)
"CF" ain't no toy!!
I think that's called - "from the horse's mouth"!

Peace!

rossfingal

The master boot record is very small, and cannot contain close to any sort of malware. It would just render a disk temporarily unable to be booted, which can be fixed fairly easily. System restore is a useless feature that should be replaced with compressed disk images as backups. I know that I shut off system restore, to save my SSD some stress.

Hum I was certified years ago to just listen to the folks who know what they are talking about and in any case it very often comes down to how one uses your machine - you swim in croc infested waters and you have every possibility of getting bitten

I agree, common-sense is the best anti-virus.

So glad you joined here to call us pompous and smug. A Guy

Saddened to see most of the folks here feel as if I was directing that towards them. I'm sorry, I was definitely NOT trying to insult anybody at all. I was just pointing out the unjustified gains that are sought for easily obtained knowledge.

Well Bill if the fellow has any sense of responsibility he will front up and maybe own up to being a tad hasty in making such a judgment after all I don't know him personally and he me or any of us in here and a little decorum and manners would be appreciated.

Well thats my view anyway - remains to be seen after all he may be a very nice person even after that hasty remark/s.

I am willing to give him the benefit of the doubt - so we'll see eh?

Regards,
~Hydranix