ComboFix – last resort against malware

This is an antivirus that run s in comand mode this make s it difficult to use for an average user (like the average JO or Jonny ). For example the interfaces of the bitdefender 2010 antivirus that i use has only 3 buttons in novice mode for usability and performence needed this help the user moi a lot . And if you really want aantivirus that runs in comand mode you can have is in bitdefender from i can see by using bdc.exe from the AV of bitdefender . The engines that are in use have good international award from what i read in a artcile in washingtonpost .

@Jonny SMith ComboFix must only be used by qualified person or on request by such person I wonder where had you found "average user" in this phrase?ComboFix is tool for when things get desperate, not your daily antivirus. :) On awards - my opinion is AV awards are more or less bonkers. They can't evaluate real performance by definition. They are useful to point out products that absolutely suck, but useless to evaluate how good decent products really are.

Sorry my bad about the average user but in any case i think what i wrote will help any average user that read to not try his luck with no info clear about what we are explaining here. In the award for AV cases ,man it depends most are like you say me personaly i have a good impresion about a german consumers organisation the try out anything and if they are not past good in the review they are dead . Maybe i m a germany fan because of the holiday and the experience i had but i remained with the ideea that they are very strict in what they eat ,work with etc then american s

Combofix is the big gun I pull out when I've already tried my Avira disc and superantispyware and malwarebytes and a-squared and STILL have a nagging doubt or have lost some functionality. It's a great tool but not to be used if you're not too sure what you are doing. Nice review!

@Jonny Is Avira livecd free as well? Need to do some more antivirus livecd reviews, they draw tasty amount of search traffic. :)

Yeah it's brilliant it's their rescue cd and is available here: http://www.avira.com/en/download/product/avira-rescue-system

[...] ComboFix may be last resort that to blow away stubborn malware (with parts of Windows while at it :) but when even that fails there is no choice left except down and dirty hunt after pesky malware. [...]

Don't see why Combofix is dangerous. It uses the same rootkit removing methods than the top av products. Well let see all the top av products remove rootkits which leaves you with a damage os. Combofix installs the recover console for you aswell as make backup of your registery. I've been running it for years now weekly after the last virut outbreak which all the antivirus products failed to remove and messed up my os. So if Combofix damages your os any antivirus products will do the same because it removed a rootkit. Don't know what this fuss about the danger of the program. Its noob prove and idiot can use it without problems.

@Rudolph I think the "danger" of ComboFix is in usability rather than techniques. Generic AV products try to play nice with user - GUI, quarantine, etc. ComboFix doesn't really bother.

Like other have commented, ComboFix is my last resort. I've had viruses that would not even let me start malwarebytes even in safe mode. ComboFix to the rescue! Combo Fix does not even blink when executing within a badly infected system. Read the tutorial first! If you are not very techish, best to let a pro remove it.

@Russ It is rising (and nasty as usual) trend in malware to block anti-malware tools from running. Most of the time it is easy to circumvent by renaming executable. And naturally the more known apps are more likely to get blocked, so ComboFix flies under radar as less mainstream tool.

Another good command line tool is norman malware cleaner. It can be started from the command line and is alot easier to use than combofix

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections. . . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points. Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for. BS! -----> I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points. BS!Combofix backs up the registry and create a restore point before it starts. If you go over to these malware forums its basically one tune they play. Malwarebytes superantispyware tdsskiler and combofix. It hunts down names of known malware. It doesnt use signatures so how can it have a false positive? tools are susceptible to glitches, bugs and false positive detections and removal of critical files from time to time resulting in computers that become unbootable or get stuck in an endless reboot loop. Even major anti-virus vendors are not immune to such issues either and here are just a few reported examples. McAfee false-positive deletes critical svchost.exe causing system crashes and reboot loops McAfee false-positive glitch on crucial system files fells PCs worldwide Symantec false positive on system files cripples thousands of Chinese PCs Kaspersky False Positives Quarantine or Kill Windows Explorer in Windows Vista AVG virus scanner removes critical Windows file and renders machines unbootable Malwarebytes Atapi.sys and Registry False Positives Wheres Combofix? If combofix makes your OS unbootable then any antivirus would as well. It uses Gmner catch me. All the scanners use it. Combofix can delete the wrong things if you make your own scripts to delete files. But that you cant do by accident

Hi all, this all depends on your ability. You are either quite happy with writing your own registry values and running bootfix/mbr repairs or you are not. This just depends on your confidence! You can see how to perform these operations with a quick Google. Sure; I admit to really screwing my first com, but after the reinstall, I realised that it was only my time and loss of files that hurt; the machine was not burnt out or anything. It worked faster with its new install, and that started to matter to me. This was win ME. A race horse that fell often. I also tried Mandrake Linux and quite quickly learnt that it is NOT advisable to run as 'Administrator'. I had thousands of dangling symbiotic links, WTF? Yes, we all start and fall at the first fences, but it does get better, especially with good software like ComboFix. I have used ComboFix for years, never, ever had a single problem with it. Remember, a computer may be infected with several different types of 'bug' at the same time. To be sure to remove ALL, you need to get a strategy together. Which type to attack first, to enable continuing without crashing. For some very good sound advice; try visiting MAJORGEEKS.COM Chaslang has a really good set of web pages, that give a priority lesson for your attack mode. Save the pages (4?) to your desktop and download all the apps suggested to the desktop. Read the pages and simply follow the instructions for a CLEAN computer :-) IMO the Windows firewall is about as useful as a chocolate fireguard. I use COMODO. Try the free version. kind regards and happy harvesting Nick

A technician at bleepingcomputer advised me to run COMBOFIX on my Toshiba Laptop Windows 7. It seemed to finish all its phases normally and then rebooted. Upon reboot, it has been running for several hours flashing blank blue screens at various positions. Is this NORMAL? How many hours should I let it run before I know that it is in a loop? I think this behavior should be documented or else some more meaningful information should be displayed during this reboot phase. I received quick initial response from Bleeping Computer instructing me what to run but now that it is in a loop for several hours, I have no response yet from bleeping computer. Thanks.

@williambuell Hours definitely sounds like too long. I am not sure those blue screens come from Combofix, boot issues after malware cleanup are usually caused by removal of infected files that were involved in boot process.

@Rarst

@Rudolph I think the “danger” of ComboFix is in usability rather than techniques. Generic AV products try to play nice with user – GUI, quarantine, etc. ComboFix doesn’t really bother.

Wait wait wait... are we saying this AV is the last resort because it is ugly? Really? And it´s hard to use for the "average user"? Man, i ran it and it worked all by itself in a few minutes (oh, and it easily solved a nasty problem i couldn´t solve without avira and malwarebits). I am starting the average pc user is somewhat like a retarded monkey. Anyways, why should we care about people who can´t use it? And back to the beggining, since when simple plain text is "dangerous"???

@gabriel If command line was perfect interface we would never move on from it.

Anyways, why should we care about people who can´t use it?

I don't see anyone forcing or suggesting you to do so. :)

@williambuell Stick with Bleeping, CF has about 50 processes. When infected files are removed, all sorts of problems arise.

I have been using ComboFix for 2-3 years now and it is the only program that really works. I used to waste hours and hours running several other AV programs and cleaning tools, but now I just run ComboFix and get the job done right the first time. It finds things TDSS Killer programs never find. I have never run into any problems in 2-3 years and I have used it maybe 100 times on 100 differant PC's.

Combo Fix - Last resort? -I use it all the time as first resort. It works/ed for me every single time for last one year. I am a trained professional if something goes wrong. I usually have backup of data files and can restore the system if needed. I do see point of having it as a last resort. In case, something goes wrong, average user will have no idea how to restore their computer. Before using combo fix I used to pull my hairs out. But eversince, I just seatback relax and let combofix do the work.