1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

What is ComboFix

Discussion in 'Security and Privacy' started by Welshjim, 2006/09/04.

  1. 2006/09/04
    Welshjim

    Welshjim Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    5,643
    Likes Received:
    0
    TeMerc--Any page where I can read what combofix.exe does? I can find no description on bleedingcomputer, though I see that a fellow named "sUBs" wrote it.
     
    Welshjim,
    #1
  2. 2006/09/04
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    ComboFix specifically targets SurfSideKick, QooLogic, Look2Me or any combination of that group.

    It also nicely picks out Vundo infections and clears some, but not all.

    One of the better things it does is pick files recently created which can give clues to other infections. It's very robust too. You can use it to unhook any dll in the system32 folder. You can use it to delete up to as many as 8 files using its command line functions.

    It deletes a bunch of files related to the infections above automatically and is updated fairly regularly.

    There is more but that's it in a nutshell.
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2006/09/04
    Welshjim

    Welshjim Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    5,643
    Likes Received:
    0
    TeMerc--Thanks. I understand that combofix.exe does not run if I click on it, but rather offers some options, help, etc. about what to do next. I had assumed that clicking on combofix.exe would have it take action, without telling what was going on.
     
    Welshjim,
    #3
  5. 2006/09/04
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Jim I split this off the users HJT analysis, no need to clutter things up on them.

    You should run ComboFix on your machine, it will cause no ill effects, it just scans and looks for specific files\folders. All the ones targeted are malware, it does not reply on any type of heuristics, so it's highly unlikely, if not impossible to remove something automatically.

    There is even a list of files\folders it currently targets.
     
    TeMerc,
    #4
  6. 2006/09/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Jim
    I'm wondering the same.
    Where I'm going to school, They don't use it as yet. I have a question posted to them.
    It seems like a very extensive tool. I would like to know how to read it. except for the little I have picked up from TeMerc using it. I know nothing about it:(

    I ran it on my machine, Didn't see anything that looked suspicious

    Geri
     
    Last edited: 2006/09/04
    Geri,
    #5
  7. 2006/09/05
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Maybe I'll ask the devekoper if he has any other tuts in other schools. I know the biggest one is over at SWI Boot Camp. Didn't notice anything at MRU or G2G, but also didn't really look.

    Or maybe I'll ask him if I can copy some of the basics about it. It really makes no sense that other schools wouldn't have it to be used.
     
    TeMerc,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...