netsurfer802 Posted January 17, 2012 Share Posted January 17, 2012 Hi All: I've been starting to use combofix to help clean up clients computers and it seems to work pretty well for when I can't seem to get rid of infections otherwise; however, I can't seem to make much much of the gibberish that gets displayed in the log after it's ran. I mean I can search online and get bits and pieces but I was wondering if perhaps there was some kind of manual or instructions on how to better understand what the logs mean. Thanks in advanced to anybody that has a helpful answer. Link to comment Share on other sites More sharing options...
Marshall Veteran Posted January 17, 2012 Veteran Share Posted January 17, 2012 Combofix is a tool that should only be used by advanced users, if you observe the log to be "gibberish" than you shouldn't be using this program. Used in untrained hands this tool can disable your computer and in some cases can make it unbootable. Quote from bleepingcomputer.com... You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 17, 2012 Veteran Share Posted January 17, 2012 sign up to become a helper, you will get the info you want and more. but as marshall said if you don't find the info that combofix gives to be useful you should stop using the program and look for other solutions. It isnt something that you are just going to pick up as it gives you everything in text form....you have to know what softwares conflict with others, you have to know what is installed by looking at that to know if there are any conflicts...it is much more than just jibberish, you have to know and if you don't by simply looking at it you need to learn and you won't learn by reading the manual. simple things like explorer.exe userinit.exe, sav.exe, etc can give you an idea of if something is infected or not, times, dates, and sizes are important pieces of info too other than file names or where they are at. There is so much to that log that is important and not jibberish. You can't decipher what is good or not, you really shouldn't be using it. Learn by doing. Link to comment Share on other sites More sharing options...
netsurfer802 Posted January 18, 2012 Author Share Posted January 18, 2012 Actually I've found combofix to be useful and that's why I'm trying to learn more about it..I know that if I suspect that a system is infected with nasty viruses including a root-kit and I'm about to do a format and reload anyway it can be very helpful. Thank you all for your feedback. However, as far as being advanced I'm not sure what you mean...with this forum I'm sure there are people more "advanced" than me...that's why I'm posting to this site because I'm trying to learn...I am however A+ and Network + certified and although this is not like saying I'm CCNA, MCP certified and can program in C++ backwards I am "advanced" compared to many people...Anyway, I will just assume it's a last try fix before a format and reload if there's no good explanation...I will also look out for info in the logs about explorer.exe userinit.exe, sav.exe...so thanks. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 18, 2012 Veteran Share Posted January 18, 2012 Basically start with this, take a log of a known good system (preferably a fresh one without av and full updates) and compare against your bad one. Leave the one clean as a base to work off of so you know what to research as to what could possibly be bad. Also I recommend running otl, it gives more info than combofix logs. But again it is gibberish like combofix so be careful with what u do with it. I highly recommend becoming a helper, it is free and will give you more than learning on your own. Search for geeku. Your certs hold no water with me...truth is I am not certified in anything but I am sure you can tell I know a bit more than nothing ;) Link to comment Share on other sites More sharing options...
Seizure1990 Posted January 19, 2012 Share Posted January 19, 2012 I don't know why they supply all those warnings to be honest. You don't need to understand a lick of that log to get the most basic benefits from it - You run it, it removes any obvious malware it finds, and then it's done - Acting on any of the items in the log is optional, and in most cases, unnecessary when paired with some other good anti-virus/anti-spyware solutions. +Warwagon 1 Share Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 19, 2012 MVC Share Posted January 19, 2012 I don't know why they supply all those warnings to be honest. You don't need to understand a lick of that log to get the most basic benefits from it - You run it, it removes any obvious malware it finds, and then it's done - Acting on any of the items in the log is optional, and in most cases, unnecessary when paired with some other good anti-virus/anti-spyware solutions. I agree. I've run combofix over 50+ times and have never had a single issue. Link to comment Share on other sites More sharing options...
Seizure1990 Posted January 19, 2012 Share Posted January 19, 2012 I agree. I've run combofix over 50+ times and have never had a single issue. Combofix + Malwarebytes + Spybot = the Excalibur for computer viruses :p If that can't fix it, plus maybe 30 minutes tops of some computer detective work, it's time to trash the install and start over. Link to comment Share on other sites More sharing options...
P!P Posted January 19, 2012 Share Posted January 19, 2012 Combofix + Malwarebytes + Spybot = the Excalibur for computer viruses :p Spybot? Did I just enter a time machine and go to 2004? Combofix + MBAM = removal of 90% of viruses. Combofix + MBAM + TDSSKiller = removal of 95% of viruses Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 19, 2012 MVC Share Posted January 19, 2012 Spybot? Did I just enter a time machine and go to 2004? Combofix + MBAM = removal of 90% of viruses. Combofix + MBAM + TDSSKiller = removal of 95% of viruses Combofix + MBAM + TDSSkiller+ Kaspersky rescue disk =Removal 99% of viruses Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 19, 2012 Veteran Share Posted January 19, 2012 Combofix + MBAM + TDSSkiller+ Kaspersky rescue disk =Removal 99% of viruses why isn't hitman pro in there :p Link to comment Share on other sites More sharing options...
Seizure1990 Posted January 19, 2012 Share Posted January 19, 2012 Spybot? Did I just enter a time machine and go to 2004? Combofix + MBAM = removal of 90% of viruses. Combofix + MBAM + TDSSKiller = removal of 95% of viruses Uh.... you do know that Spybot is constantly updating, to this day, right? Isn't TDSSKiller made for a very narrow range of spyware? Spybot encompasses a large range. I used to use ad-aware, but I think they're pretty terrible. Spybot picks up loads of browser add-ons and other annoyances that even MBAM misses, and probably TDSSKiller as well, which after some research, seems to only be for rootkits? Isn't that what Combofix is for? But hey, I've only cleaned up a few hundred computers while working at a repair shop, so it's not like I have any experience or insight on the matter, right? :p Link to comment Share on other sites More sharing options...
Recommended Posts