Understanding Combo Fix Logs


Recommended Posts

Hi All:

I've been starting to use combofix to help clean up clients computers and it seems to work pretty

well for when I can't seem to get rid of infections otherwise; however, I can't seem to make much

much of the gibberish that gets displayed in the log after it's ran. I mean I can search online and

get bits and pieces but I was wondering if perhaps there was some kind of manual or instructions

on how to better understand what the logs mean.

Thanks in advanced to anybody that has a helpful answer.

Link to comment
Share on other sites

Combofix is a tool that should only be used by advanced users, if you observe the log to be "gibberish" than you shouldn't be using this program. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable.

Quote from bleepingcomputer.com...

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
Link to comment
Share on other sites

sign up to become a helper, you will get the info you want and more. but as marshall said if you don't find the info that combofix gives to be useful you should stop using the program and look for other solutions. It isnt something that you are just going to pick up as it gives you everything in text form....you have to know what softwares conflict with others, you have to know what is installed by looking at that to know if there are any conflicts...it is much more than just jibberish, you have to know and if you don't by simply looking at it you need to learn and you won't learn by reading the manual.

simple things like explorer.exe userinit.exe, sav.exe, etc can give you an idea of if something is infected or not, times, dates, and sizes are important pieces of info too other than file names or where they are at. There is so much to that log that is important and not jibberish. You can't decipher what is good or not, you really shouldn't be using it. Learn by doing.

Link to comment
Share on other sites

Actually I've found combofix to be useful and that's why I'm trying to learn more about it..I know that if I suspect that a system is infected with nasty viruses including a root-kit and I'm about to do a format and reload anyway it can be very helpful. Thank you all for your feedback. However, as far as being advanced I'm not sure what you mean...with this forum I'm sure there are people more "advanced" than me...that's why I'm posting to this site because I'm trying to learn...I am however A+ and Network + certified and although this is not like saying I'm CCNA, MCP certified and can program in C++ backwards I am "advanced" compared to many people...Anyway, I will just assume it's a last try fix before a format and reload if there's no good explanation...I will also look out for info in the logs about explorer.exe userinit.exe, sav.exe...so thanks.

Link to comment
Share on other sites

Basically start with this, take a log of a known good system (preferably a fresh one without av and full updates) and compare against your bad one. Leave the one clean as a base to work off of so you know what to research as to what could possibly be bad. Also I recommend running otl, it gives more info than combofix logs. But again it is gibberish like combofix so be careful with what u do with it.

I highly recommend becoming a helper, it is free and will give you more than learning on your own. Search for geeku. Your certs hold no water with me...truth is I am not certified in anything but I am sure you can tell I know a bit more than nothing ;)

Link to comment
Share on other sites

I don't know why they supply all those warnings to be honest. You don't need to understand a lick of that log to get the most basic benefits from it - You run it, it removes any obvious malware it finds, and then it's done - Acting on any of the items in the log is optional, and in most cases, unnecessary when paired with some other good anti-virus/anti-spyware solutions.

Link to comment
Share on other sites

I don't know why they supply all those warnings to be honest. You don't need to understand a lick of that log to get the most basic benefits from it - You run it, it removes any obvious malware it finds, and then it's done - Acting on any of the items in the log is optional, and in most cases, unnecessary when paired with some other good anti-virus/anti-spyware solutions.

I agree. I've run combofix over 50+ times and have never had a single issue.

Link to comment
Share on other sites

I agree. I've run combofix over 50+ times and have never had a single issue.

Combofix + Malwarebytes + Spybot = the Excalibur for computer viruses :p

If that can't fix it, plus maybe 30 minutes tops of some computer detective work, it's time to trash the install and start over.

Link to comment
Share on other sites

Combofix + Malwarebytes + Spybot = the Excalibur for computer viruses :p

Spybot? Did I just enter a time machine and go to 2004?

Combofix + MBAM = removal of 90% of viruses.

Combofix + MBAM + TDSSKiller = removal of 95% of viruses

Link to comment
Share on other sites

Spybot? Did I just enter a time machine and go to 2004?

Combofix + MBAM = removal of 90% of viruses.

Combofix + MBAM + TDSSKiller = removal of 95% of viruses

Combofix + MBAM + TDSSkiller+ Kaspersky rescue disk =Removal 99% of viruses

Link to comment
Share on other sites

Spybot? Did I just enter a time machine and go to 2004?

Combofix + MBAM = removal of 90% of viruses.

Combofix + MBAM + TDSSKiller = removal of 95% of viruses

Uh.... you do know that Spybot is constantly updating, to this day, right? Isn't TDSSKiller made for a very narrow range of spyware? Spybot encompasses a large range. I used to use ad-aware, but I think they're pretty terrible.

Spybot picks up loads of browser add-ons and other annoyances that even MBAM misses, and probably TDSSKiller as well, which after some research, seems to only be for rootkits? Isn't that what Combofix is for?

But hey, I've only cleaned up a few hundred computers while working at a repair shop, so it's not like I have any experience or insight on the matter, right? :p

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.