Background antivirus monitors are most known measure against malware, but they are hardly flawless. Complicated install and need for constant online updates creates openings that malware often exploits.
And creates niche for portable scanners that are easier to get to work and harder to circumvent. ComboFix is anti-malware tool that uses basic and bulletproof techniques.
What it does
ComboFix it relatively small (~3MB) utility. Instead of relying on usual technologies it is basically complex command line script. It implements collection of pre-made fixes for large amount of known malware and hunts down all files associated with it.
Scan process
- App works purely in console window with occasional message boxes. It asks to close rest of programs and especially other antivirus software so they don’t interfere. Official guide says that ComboFix requires Windows recovery console installed locally but recent versions I used make no such request.
- Before actual scan it attempts to creates system restore point and backup registry.
- On run it performs lengthy system scan, with little feedback of current stage. Internet connection and few other things are temporarily disabled and restored later. If needed for virus removal computer is rebooted.
- Upon finishing extensive log file is formed and opened. It has information both on operations performed by ComboFix (like files deleted) and some extras like list of files created in system folders in last month.
- Since criteria for killing files are vague (file name) and process is streamlined (no questions asked) official guide stresses that ComboFix must only be used by qualified person or on request by such person, preferably on one of authorized forums.
Overall
ComboFix fix may look primitive and somewhat weird comparing to generic antivirus. However it is brutally efficient. From my experience it had more than once dealt with infections that rendered installed antivirus useless and helpless.
It is not best choice to begin with (I usually suggest CureIt for that) but can be last and only capable measure to save the day.
Guide&download www.bleepingcomputer.com/combofix/how-to-use-combofix
Local install of Windows Recovery Console
eSarcasm.com – tech snark (over)dose
Emsisoft (a-squared) Anti-Malware portable
AVZ Antiviral Toolkit – advanced scanner and manager
HijackThis – unofficial standard for startup entries log
Panda Cloud Antivirus – slim compact solution
SUPERAntiSpyware Online (portable)
Comodo Firewall and why you need one
Free Kaspersky Virus Removal Tool
DrWeb LiveCD – free bootable antivirus
How to cleanup viruses hijacking executables
This is an antivirus that run s in comand mode this make s it difficult to use for an average user (like the average JO or Jonny ). For example the interfaces of the bitdefender 2010 antivirus that i use has only 3 buttons in novice mode for usability and performence needed this help the user moi a lot .
And if you really want aantivirus that runs in comand mode you can have is in bitdefender from i can see by using bdc.exe from the AV of bitdefender .
The engines that are in use have good international award from what i read in a artcile in washingtonpost .
@Jonny SMith
ComboFix must only be used by qualified person or on request by such person
I wonder where had you found “average user” in this phrase?ComboFix is tool for when things get desperate, not your daily antivirus. :)
On awards – my opinion is AV awards are more or less bonkers. They can’t evaluate real performance by definition. They are useful to point out products that absolutely suck, but useless to evaluate how good decent products really are.
Sorry my bad about the average user but in any case i think what i wrote will help any average user that read to not try his luck with no info clear about what we are explaining here.
In the award for AV cases ,man it depends most are like you say me personaly i have a good impresion about a german consumers organisation the try out anything and if they are not past good in the review they are dead .
Maybe i m a germany fan because of the holiday and the experience i had but i remained with the ideea that they are very strict in what they eat ,work with etc then american s
Combofix is the big gun I pull out when I’ve already tried my Avira disc and superantispyware and malwarebytes and a-squared and STILL have a nagging doubt or have lost some functionality.
It’s a great tool but not to be used if you’re not too sure what you are doing.
Nice review!
@Jonny
Is Avira livecd free as well? Need to do some more antivirus livecd reviews, they draw tasty amount of search traffic. :)
Yeah it’s brilliant it’s their rescue cd and is available here:
http://dl.antivir.de/down/vdf/rescuecd/rescuecd.exe
Don’t see why Combofix is dangerous. It uses the same rootkit removing methods than the top av products. Well let see all the top av products remove rootkits which leaves you with a damage os. Combofix installs the recover console for you aswell as make backup of your registery. I’ve been running it for years now weekly after the last virut outbreak which all the antivirus products failed to remove and messed up my os. So if Combofix damages your os any antivirus products will do the same because it removed a rootkit. Don’t know what this fuss about the danger of the program. Its noob prove and idiot can use it without problems.
@Rudolph
I think the “danger” of ComboFix is in usability rather than techniques.
Generic AV products try to play nice with user – GUI, quarantine, etc. ComboFix doesn’t really bother.
Like other have commented, ComboFix is my last resort. I’ve had viruses that would not even let me start malwarebytes even in safe mode. ComboFix to the rescue! Combo Fix does not even blink
when executing within a badly infected system. Read the tutorial first! If you are not very techish, best to let a pro remove it.
@Russ
It is rising (and nasty as usual) trend in malware to block anti-malware tools from running. Most of the time it is easy to circumvent by renaming executable.
And naturally the more known apps are more likely to get blocked, so ComboFix flies under radar as less mainstream tool.
Another good command line tool is norman malware cleaner. It can be started from the command line and is alot easier to use than combofix
Running ComboFix by yourself is like performing open heart surgery on yourself–the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.
. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection–but if you aren’t infected you might need those restore points.
Read and abide by the disclaimer people. It’s there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help–that is what we’re here for.
BS! —–> I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection–but if you aren’t infected you might need those restore points.
BS!Combofix backs up the registry and create a restore point before it starts. If you go over to these malware forums its basically one tune they play. Malwarebytes superantispyware tdsskiler and combofix. It hunts down names of known malware. It doesnt use signatures so how can it have a false positive?
tools are susceptible to glitches, bugs and false positive detections and removal of critical files from time to time resulting in computers that become unbootable or get stuck in an endless reboot loop. Even major anti-virus vendors are not immune to such issues either and here are just a few reported examples.
McAfee false-positive deletes critical svchost.exe causing system crashes and reboot loops
McAfee false-positive glitch on crucial system files fells PCs worldwide
Symantec false positive on system files cripples thousands of Chinese PCs
Kaspersky False Positives Quarantine or Kill Windows Explorer in Windows Vista
AVG virus scanner removes critical Windows file and renders machines unbootable
Malwarebytes Atapi.sys and Registry False Positives
Wheres Combofix? If combofix makes your OS unbootable then any antivirus would as well. It uses Gmner catch me. All the scanners use it. Combofix can delete the wrong things if you make your own scripts to delete files. But that you cant do by accident
Hi all, this all depends on your ability. You are either quite happy with writing your own registry values and running bootfix/mbr repairs or you are not. This just depends on your confidence! You can see how to perform these operations with a quick Google. Sure; I admit to really screwing my first com, but after the reinstall, I realised that it was only my time and loss of files that hurt; the machine was not burnt out or anything. It worked faster with its new install, and that started to matter to me. This was win ME. A race horse that fell often. I also tried Mandrake Linux and quite quickly learnt that it is NOT advisable to run as ‘Administrator’. I had thousands of dangling symbiotic links, WTF? Yes, we all start and fall at the first fences, but it does get better, especially with good software like ComboFix. I have used ComboFix for years, never, ever had a single problem with it. Remember, a computer may be infected with several different types of ‘bug’ at the same time. To be sure to remove ALL, you need to get a strategy together. Which type to attack first, to enable continuing without crashing. For some very good sound advice; try visiting MAJORGEEKS.COM Chaslang has a really good set of web pages, that give a priority lesson for your attack mode. Save the pages (4?) to your desktop and download all the apps suggested to the desktop. Read the pages and simply follow the instructions for a CLEAN computer :-)
IMO the Windows firewall is about as useful as a chocolate fireguard. I use COMODO. Try the free version.
kind regards and happy harvesting Nick