Do not use Combofix on your own!!

[ICIT2LOL]

Hiyya and welcome Shane but mate as Guy says in a very diplomatic way I thought no one is an expert even after 41 years in the health system and I have worked in many areas of medicine I do not and would not claim to be an expert my friend in any of them or all of them.

Personally I think maybe you ought to be a tad more cautious when making statements like you did.

 

[Layback Bear]

I was before I retired a Certified Master Mechanic by Ford Motor Company. I have enough diplomas to wall paper a room and I'm still not a expert. How a IT student can be a expert is way beyond my understanding.

 

[ICIT2LOL]

I was before I retired a Certified Master Mechanic by Ford Motor Company. I have enough diplomas to wall paper a room and I'm still not a expert. How a IT student can be a expert is way beyond my understanding.

As per my sentiment LB have a string of post grad certs myself and well the tech changes all the time so do certain apps and the like. Malware a classic example of change. So I think our young friend may have been a tad hasty in making that statement eh?

 

[tom982]

Just a question (probably already answered thousand times).

What does exactly that Combofix do? I saw much fuss around it but never saw any post explaining how to use or what it does or how it does that. Maybe it's a nice tool to have

Is there any tutorial, documentation or something about it? Any where to download it?

There is a lot of documentation on it, 162 A4 pages to be precise and ever growing as malware continues to develop. But this information is locked deep within the realms of the malware removal universities who allow their students (including me ) to access them. It is heavily controlled because it is a very powerful tool that is highly effective against a lot of today's malware - revealing how it works to the general public isn't the best of ideas as we'd see malware adapt very quickly to avoid detection by CF. Other, less intrusive, malware removal tools, however, have public tutorials:

HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware

There is further information held privately by the universities, but most of it is in that tutorial.

If you are interested in learning to use CF, and other malware removal tools (OTL, DDS, GMER etc.) then drop me a message and I'll tell you about how to enrol with a malware removal university.

I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.

Why wouldn't you send that warning out unless the computer was networked? I've quoted it before, and I'll quote it again:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.


We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

With these logs, we can determine the infections present and decide whether to deploy ComboFix

Written by sUBs, the author of CF. If you wish to ignore our opinions (which I personally think would be an absurd thing to do seeing as the warning was written by an MVP), then surely you'll agree that the author of CF might just have a point here - after all, he did make the thing.

I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.

The OP is a Security expert, and a MVP. I can't get over people saying, "I used it myself, and had no problems". As if that means that will be the case for everyone. The original warning was for a valid reason, and it still applies. A Guy

You will note that in my post I said "I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it." HMIC = Head man in charge. That would be the expert. on your own PC, you should be fine. I also said that I have used it on several machines as a last resort. Which makes me an expert on personal use of the program. I've used it on everything from 98SE to 7 and have never had an issue when used at default settings.

I think that's a very bold statement to make seeing as you don't know how to use CF properly. CF isn't designed to be a one size fits all style of program, it's designed to be used under supervision of a trained expert as they will know what to look for, and do, with a log. Tell us, how do you know that your computer is fully clean?

on your own PC, you should be fine.

False. On your own PC you MAY be fine. I am amazed that you disagree with trained windows security experts, and feel the need to continue to belabor the issue.

I also said that I have used it on several machines as a last resort. Which makes me an expert on personal use of the program. I've used it on everything from 98SE to 7 and have never had an issue when used at default settings.

False. It means you have used it with no apparent issues, at least so you say. It in no way makes you an expert of any kind. We have hundreds of thousands of visitors here. We do not want to condone using Combofix on your own. Everyone has the right to do so if they please. But we will still warn them of the dangers!

A Guy

Tom

 

[ICIT2LOL]

Hiyya tom I missed that one when I quoted the others - thanks

 

[Shane Williams]

Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.

 

[ICIT2LOL]

Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.

Now Shane no one here is saying you are saying these things in folly and I for one think that maybe you are quite confident in using such apps but I would hazard a guess at the majority of members here would be using say Combofix with great caution or not at all for various reasons including liker myself inexperience or that they are super careful in what they do with their machines.

I think perhaps my friend - and no offence intended your comment of being an expert may have put you a little off side with a few members because in my mind at least no-one can claim to be an expert at or using anything because that implies that one knows everything that there is to know about anything. That I am sure you will agree in all reality and reason is an impossibility.

You are entitled to your own view but I think most would agree that every one of us has the right to our own opinion and the right to agree to not agree.

 

[tom982]

Hiyya tom I missed that one when I quoted the others - thanks

No worries It's our standard reply for when people post CF logs from the onset in the malware removal forum. Quite a lot of the time, you will be able to get away without using CF. OTL is very powerful, but couldn't finish off malware like ZeroAccess by itself. GMER is also another good one - here's something I read on a Reddit AmA:

Use GMER (GMER - Rootkit Detector and Remover
) every now and then when your spider sense is tingling. Srsly, you can't fool GMER, it scans from the deepest possible point in your system, at ring0 and is impossible to fool, there is nothing deeper than ring0 on a usual PC where malware can hide stuff from. I always wondered why other AV vendors don't do it like GMER, it can detect all rootkits. But when a AV can detect everything, who will pay 30$ a year for signature updates...

Source: IAmA a malware coder and botnet operator, AMA : reddit.com

It must be good if it has a botnet operator worried!

Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I don't understand why you choose to have a security system where you get infected, then remove the infection rather than impose barriers to begin with. There's bound to be traces of malware left all over your system as it's impossible to guarantee that, once infected, a system is can be 100% clean again - short of annihilating the disc with something like DBAN and doing a clean install. You will see experts tell OPs this when a backdoor is spotted in logs

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

Experience can only go so far with ComboFix. Searching around shows just how many times files have to be manually removed by CF:

Adware.gameplaylab? Live Security Platinum?
My comp won't run out of safe mode - Tech Support Forum

I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP.

I disagree. If you were right, then why would the author of ComboFix warn about unsupervised use during the installation?

 

[Britton30]

Ok.... I made the assumption that people that are viewing this have the means to retrieve their data, have a disk to clean install etc. should they have any issues. And while I may not have a windows security certification, I have been playing with my own computers since the comodore64 portable, dont use AV software and have used Combofix, Spybot search and destroy and a host of other softwares that are constantly being maligned (and maligned IMHO, because they are not MS certified programs) with no issues.

I am not arguing with this security expert. I am saying that if you are using it on your own machine, leave it at the preset settings, and use it as a last resort. I am also saying that if you are on a network to think twice and make sure you let the admin (HMIC-Head man in charge) descide on whether or not to use it. In other words, I am offering a different point of view. A PoV that is from years of experience with the product. As a matter of fact, I just used it on this machine not more than a week ago.

My opinions are not expressed here in folly. And I do not claim that there is no possibility of problems. I am saying that there needn't be the extreme fear about it when used on your own machine, that was expressed by the OP. As with any product that is not MS certified, you should use at your own risk.

They are maligned because they are crap with w7. MS certification means some company paid a big fee for it. with so much computer experience it would seem you would know to use some security software mate. "Running naked" is like a target painted on your IP.

 

[Layback Bear]

I think the big point is there/their are many people reading these post. Many may try such a program because they really don't understand the damage that can be caused by not having the proper training. When the creator of the program and well experienced security people give warning I would suggest to all, heed that warning. It's like a gun, a great tool but not a toy to be played with by the untrained.
For the untrained like me I would suggest using
http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html
Very simple to use and so far has worked great.

 

[Shane Williams]

Well- again, Im not arguing with the OP other than to say that he was a little overly scarey about a program I have used for years and had no issues with.

I made sure to be cautionary and say *...as a last resort* and that you should always let the admin make the descision on a network. I also stated that with any program that doesnt have MS cert, you use it at your own risk.

The responses to my posting seems to be an attack. I stated my experince with the program and the cautions that should be implimented. You wish me to be silent instead of letting people know that this isn't a scarey program to use on your own machine?

#1 If you dont have your machine backed up and you dont have a disk to restore your machine, you shouldn't be playing with any program like this.

#2 If you have followed the protocols in #1 then use any program you like and learn how it works and what it will do to your machine. Or use a secondary machine to test things on like I do. You learn much more by doing than you will learn anywhere.

#3 If you are working with a network machine, unless you are the Admin, dont do anything on your own. Build a server and play with it so you can make your mistakes in a situation where you dont have to worry about compromising security and or crashing the machine.

#4 The title is system security not network security and Combofix, in my experience, does nothing to mess with your security. I dont use an AV software so my machine is secured by me and since I am not perfect, I run into security issues occationally. And when I go to fix those issues, I do everything else before using Combofix. It has helped me recover from situations I have been told were unrecoverable.

#5 Combofix should NEVER be used as a primary fix. It is a last ditch to recover your system from hijacks, etc.

#6 When you use programs that aren't certified by microsoft, you are using them at your own risk.

 

[tom982]

The responses to my posting seems to be an attack. I stated my experince with the program and the cautions that should be implimented. You wish me to be silent instead of letting people know that this isn't a scarey program to use on your own machine?

Yes, because a large proportion of people here are the ones looking for help, not giving it out, so it's quite likely that they're not very confident with using a computer. If they see ComboFix fixing lots of issues in this forum they might think that it's a good idea for them to try it without knowing what it could do to their computer.

#1 If you dont have your machine backed up and you dont have a disk to restore your machine, you shouldn't be playing with any program like this.

If you want to play with it, then get the necessary training beforehand so you know what you're doing.

#2 If you have followed the protocols in #1 then use any program you like and learn how it works and what it will do to your machine. Or use a secondary machine to test things on like I do. You learn much more by doing than you will learn anywhere.

So the 162 A4 pages of ComboFix tutorials are useless then? When everyone can apparently learn on the job.

#4 The title is system security not network security and Combofix, in my experience, does nothing to mess with your security. I dont use an AV software so my machine is secured by me and since I am not perfect, I run into security issues occationally. And when I go to fix those issues, I do everything else before using Combofix. It has helped me recover from situations I have been told were unrecoverable.

#5 Combofix should NEVER be used as a primary fix. It is a last ditch to recover your system from hijacks, etc.

You see, you're wrong again. ComboFix performs certain subroutines dependent on what files it detects in the initial scan, if you remove some of these then there's a good chance that others will be missed as a consequence. Perform initial scans (OTL, DDS, GMER etc.), diagnose problems then use the appropriate tools.

 

[Britton30]

Tom, you forgot

#6 When you use programs that aren't certified by microsoft, you are using them at your own risk.

If we follow this, most would have no software to use.

 

[Shane Williams]

ComboFix: A guide and tutorial on using ComboFix

ok then... there's the help with Combo fix

And if you DL it, be sure to note that this version has been downloaded over 4 million times

Also note that Combofix themselves give the warnings I stated and the warnings the OP stated.

 

[Britton30]

Did you forget you posted this drivel Shane?!?:shock:

I've never had any training with it. I have used it on several machines to recover from bad virus intrusion where the AV just wasn't enough to fix it. I wouldn't send that kind of warning out unless you are referring to a network situation. Then I would let the HMIC take care of it. On your own machine, I wouldn't use it unless it was a last resort but I wouldn't be sending fear out like the OP did.

The OP is a Security expert, and a MVP. I can't get over people saying, "I used it myself, and had no problems". As if that means that will be the case for everyone. The original warning was for a valid reason, and it still applies. A Guy

 

[tom982]

ComboFix: A guide and tutorial on using ComboFix

ok then... there's the help with Combo fix

That's a general guide on the installation, not the usage. It's designed to save the malware removal experts the hassle of having to explain it each time, instead we give warnings and links. So yes, it's help, but not the help that would make you know how to use CF properly and safely.

And if you DL it, be sure to note that this version has been downloaded over 4 million times

Sorry to be blunt, but what's that got to do with anything?

Also note that Combofix themselves give the warnings I stated and the warnings the OP stated.

Are these the warnings that you are arguing against?

 

[Jacee]

I can't give some 'rep' to the people who totally "get" this topic (need to spread more around), but the rebuttle of not using Combofix on your own is well documented by them! Thank you team!!

 

[A Guy]

Thank you Jacee for the original post. Let's hope it educates some. A Guy

 

[Britton30]

Thank you Jacee for the original post. Let's hope it educates some. A Guy

Yes! Jacee you've saved many a butt around here.

 

[Shane Williams]

Well... I guess 14 years of using a program doesn't qualify me as an expert. Nor does 20+ years of working with computers. So I'll leave you *experts* to your certifications.

FYI- it says IT student because due to health issues I lost my career. I went to get a job in the field and couldnt due to a lack of certifications. Not a lack of knowledge. I would have hoped that you would have asked me pertinant questions about the program, etc instead of attacking me. But I can see that without those certs I may as well be trying to convince a congressman not to load a bill with earmarks.

I wish you all well and hope that you have as much luck with your other programs as I have had with this one.