Do not use Combofix on your own!!

Page 5 of 18 FirstFirst ... 3456715 ... LastLast

  1. Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       #41

    Hiyya and welcome Shane but mate as Guy says in a very diplomatic way I thought no one is an expert even after 41 years in the health system and I have worked in many areas of medicine I do not and would not claim to be an expert my friend in any of them or all of them.

    Personally I think maybe you ought to be a tad more cautious when making statements like you did.
      My Computer


  2. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #42

    I was before I retired a Certified Master Mechanic by Ford Motor Company. I have enough diplomas to wall paper a room and I'm still not a expert. How a IT student can be a expert is way beyond my understanding.
      My Computer


  3. Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       #43

    Layback Bear said:
    I was before I retired a Certified Master Mechanic by Ford Motor Company. I have enough diplomas to wall paper a room and I'm still not a expert. How a IT student can be a expert is way beyond my understanding.
    As per my sentiment LB have a string of post grad certs myself and well the tech changes all the time so do certain apps and the like. Malware a classic example of change. So I think our young friend may have been a tad hasty in making that statement eh?
      My Computer


  4. Posts : 2,663
    Windows 8.1 Pro x64
       #44

    Alejandro85 said:
    Just a question (probably already answered thousand times).

    What does exactly that Combofix do? I saw much fuss around it but never saw any post explaining how to use or what it does or how it does that. Maybe it's a nice tool to have

    Is there any tutorial, documentation or something about it? Any where to download it?
    There is a lot of documentation on it, 162 A4 pages to be precise and ever growing as malware continues to develop. But this information is locked deep within the realms of the malware removal universities who allow their students (including me :) ) to access them. It is heavily controlled because it is a very powerful tool that is highly effective against a lot of today's malware - revealing how it works to the general public isn't the best of ideas as we'd see malware adapt very quickly to avoid detection by CF. Other, less intrusive, malware removal tools, however, have public tutorials:

    HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware

    There is further information held privately by the universities, but most of it is in that tutorial.

    If you are interested in learning to use CF, and other malware removal tools (OTL, DDS, GMER etc.) then drop me a message and I'll tell you about how to enrol with a malware removal university.

    Shane Williams said:
    I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.
    Why wouldn't you send that warning out unless the computer was networked? I've quoted it before, and I'll quote it again:

    ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.


    We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

    With these logs, we can determine the infections present and decide whether to deploy ComboFix
    Written by sUBs, the author of CF. If you wish to ignore our opinions (which I personally think would be an absurd thing to do seeing as the warning was written by an MVP), then surely you'll agree that the author of CF might just have a point here - after all, he did make the thing.

    Shane Williams said:
    A Guy said:
    Shane Williams said:
    I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.
    The OP is a Security expert, and a MVP. I can't get over people saying, "I used it myself, and had no problems". As if that means that will be the case for everyone. The original warning was for a valid reason, and it still applies. A Guy
    You will note that in my post I said "I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it." HMIC = Head man in charge. That would be the expert. on your own PC, you should be fine. I also said that I have used it on several machines as a last resort. Which makes me an expert on personal use of the program. I've used it on everything from 98SE to 7 and have never had an issue when used at default settings.
    I think that's a very bold statement to make seeing as you don't know how to use CF properly. CF isn't designed to be a one size fits all style of program, it's designed to be used under supervision of a trained expert as they will know what to look for, and do, with a log. Tell us, how do you know that your computer is fully clean?

    A Guy said:
    Shane Williams said:
    on your own PC, you should be fine.
    False. On your own PC you MAY be fine. I am amazed that you disagree with trained windows security experts, and feel the need to continue to belabor the issue.

    Shane Williams said:
    I also said that I have used it on several machines as a last resort. Which makes me an expert on personal use of the program. I've used it on everything from 98SE to 7 and have never had an issue when used at default settings.
    False. It means you have used it with no apparent issues, at least so you say. It in no way makes you an expert of any kind. We have hundreds of thousands of visitors here. We do not want to condone using Combofix on your own. Everyone has the right to do so if they please. But we will still warn them of the dangers!

    A Guy


    Tom
      My Computer


  5. Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       #45

    Hiyya tom I missed that one when I quoted the others - thanks
      My Computer


  6. Posts : 13
    Windows 7 Professional
       #46

    Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

    I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

    My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.
      My Computer


  7. Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       #47

    Shane Williams said:
    Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

    I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

    My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.
    Now Shane no one here is saying you are saying these things in folly and I for one think that maybe you are quite confident in using such apps but I would hazard a guess at the majority of members here would be using say Combofix with great caution or not at all for various reasons including liker myself inexperience or that they are super careful in what they do with their machines.

    I think perhaps my friend - and no offence intended your comment of being an expert may have put you a little off side with a few members because in my mind at least no-one can claim to be an expert at or using anything because that implies that one knows everything that there is to know about anything. That I am sure you will agree in all reality and reason is an impossibility.

    You are entitled to your own view but I think most would agree that every one of us has the right to our own opinion and the right to agree to not agree.
      My Computer


  8. Posts : 2,663
    Windows 8.1 Pro x64
       #48

    ICit2lol said:
    Hiyya tom I missed that one when I quoted the others - thanks
    No worries :) It's our standard reply for when people post CF logs from the onset in the malware removal forum. Quite a lot of the time, you will be able to get away without using CF. OTL is very powerful, but couldn't finish off malware like ZeroAccess by itself. GMER is also another good one - here's something I read on a Reddit AmA:

    Use GMER (GMER - Rootkit Detector and Remover
    ) every now and then when your spider sense is tingling. Srsly, you can't fool GMER, it scans from the deepest possible point in your system, at ring0 and is impossible to fool, there is nothing deeper than ring0 on a usual PC where malware can hide stuff from. I always wondered why other AV vendors don't do it like GMER, it can detect all rootkits. But when a AV can detect everything, who will pay 30$ a year for signature updates...
    Source: IAmA a malware coder and botnet operator, AMA : reddit.com

    It must be good if it has a botnet operator worried!

    Shane Williams said:
    Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.
    I don't understand why you choose to have a security system where you get infected, then remove the infection rather than impose barriers to begin with. There's bound to be traces of malware left all over your system as it's impossible to guarantee that, once infected, a system is can be 100% clean again - short of annihilating the disc with something like DBAN and doing a clean install. You will see experts tell OPs this when a backdoor is spotted in logs :)

    I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.
    Experience can only go so far with ComboFix. Searching around shows just how many times files have to be manually removed by CF:

    Adware.gameplaylab? Live Security Platinum?
    My comp won't run out of safe mode - Tech Support Forum

    I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP.
    I disagree. If you were right, then why would the author of ComboFix warn about unsupervised use during the installation?
      My Computer


  9. Posts : 24,479
    Windows 7 Ultimate X64 SP1
       #49

    Shane Williams said:
    Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

    I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

    My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.
    They are maligned because they are crap with w7. MS certification means some company paid a big fee for it. with so much computer experience it would seem you would know to use some security software mate. "Running naked" is like a target painted on your IP.
      My Computer


  10. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #50

    I think the big point is there/their are many people reading these post. Many may try such a program because they really don't understand the damage that can be caused by not having the proper training. When the creator of the program and well experienced security people give warning I would suggest to all, heed that warning. It's like a gun, a great tool but not a toy to be played with by the untrained.
    For the untrained like me I would suggest using
    Windows Defender Offline
    Very simple to use and so far has worked great.
      My Computer


 
Page 5 of 18 FirstFirst ... 3456715 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:47.
Find Us