Combofix, will zap most malware right of your disk automatically, with no assistance from you, the operator. It also writes a lengthy log file to disk. The log file indicates what was done, and lists some other stuff worth looking at.
"Other Deletions" is a list of files that Combofix has already blown away for you. If later on, you find the Combofix has broken something, you can look to see if it zapped a needed file.
"Drivers/Services" is unknown to me. Combofix did find anything to report on my computer.
"Files Created from yyyy-mm-dd to yyyy-mm-dd " shows all files created in the last month. Virii have to live on disk somewhere. When a virus shows up, it's likely to be living in a newly created file. It's not that new files ARE virii, but they might be.
"Find3M Report" is a list of all files created in the last 3 months. Again, just cause a file is new doesn't make it a virus, but it's worth checking them out. Google will tell you a lot about a filename.
"Reg Loading Points" is a list of registry entries that load and run programs. Look at the program names, you ought to recognize the names as legitimate programs, such as your wireless card driver. Names you don't recognize are worth checking out, they might be virii, but most of 'em will turn out to be legit programs.
IF, and only IF, you recognize a virus loading entry, you need to use regedit to blow the entry out of the registry and then zap the file being loaded off your harddrive with explorer
"Supplimentary Scan" is a more registry keys that seem suspicious to Combofix.
"Orphans Removed" is a list of registry entries that Combofix has blown away.
"Catchme" is a report from the rootkit finder/zapper.
"Locked Registry Keys" is a list of locked registry entries. Locked entries are suspicious because that's how virii protect their registry keys. In my computer the only locked registry key belongs to Internet Explorer, which I think is harmless.
"DLL's loaded under running processes" shows all the dll's currently in memory and doing things, and which programs are using them. Running processes that you recognize are OK. A running process that you don't recognize wants to be checked out. Likewise for dll's.
"Other Running Processes" is all the code in memory and executing. If you recognize the process, fine. Strange processes that you don't recognize again want to be checked out.
8 comments:
Thank you for this special explaining that is in nowhere
thank you.
You are welcome. Come again. Send your friends.
I read your article after running combo-fix. It should be noted that the combo-fix, post scan log file as of this date (10-8-2015) creates some references to files that do not exist in the same directory as the ComboFix.txt file that is dropped in C:\ by default after a scan. You should see a reference to ComboFix-quarantined-files.txt for example. This text file can be found in c:\qoobox, a directory that mysteriously appears post-scan. This seems to be the repository for stuff ComboFix did to your machine. In my case, there were 3-4 false detections; files that had a .vir extension appended to the original file during the quarantine process. I still stick with this product from time to time because it successfully found a root-kit completely overlooked by McAfee. I ended up submitting the sample to McAfee and they built a custom dat file for this O-Day exploit. If you do want to use combo-fix, I recommend you get familiar with system restore points and create one prior to running combo-fix. This particular software is in the "Ready, Fire, Aim" category of exploit/Malware removals. Take Care- Bruce
I read your article after running combo-fix. It should be noted that the combo-fix, post scan log file as of this date (10-8-2015) creates some references to files that do not exist in the same directory as the ComboFix.txt file that is dropped in C:\ by default after a scan. You should see a reference to ComboFix-quarantined-files.txt for example. This text file can be found in c:\qoobox, a directory that mysteriously appears post-scan. This seems to be the repository for stuff ComboFix did to your machine. In my case, there were 3-4 false detections; files that had a .vir extension appended to the original file during the quarantine process. I still stick with this product from time to time because it successfully found a root-kit completely overlooked by McAfee. I ended up submitting the sample to McAfee and they built a custom dat file for this O-Day exploit. If you do want to use combo-fix, I recommend you get familiar with system restore points and create one prior to running combo-fix. This particular software is in the "Ready, Fire, Aim" category of exploit/Malware removals. Take Care- Bruce
Qoobox is the ComboFix jail. Stuff ComboFix identifies as virus gets moved into Qoobox. I haven't done it, but I think you can retrieve innocent bystander files from Qoobox. ComboFix is very aggressive for an antivirus program, it will zap harmless programs. I only use it as a last resort, after lesser programs like Malwarebytes and Microsoft's Malicious Software Removal Tool have failed to zap the virus. But ComboFix did kill off a deeply buried and very aggravating root kit that nothing else found. I didn't do a system restore point before launching ComboFix, partly because I don't fully trust system restore, and I got away with it, but running system restore would be a good idea anytime you contemplate doing something drastic to your system.
Services/Drivers section means locked or deletes services/drivers that belong to hardcore like rootkits, backdoors or known malware.
I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost the past 2 years, but I had no idea of solving some basic issues. I do not know how to Download Cracked Pro Softwares But thankfully, I recently visited a website named wahabtech.net
ComboFix Crack
Post a Comment