Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Another good tool that works quickly 4

Status
Not open for further replies.
xit

xit

Technical User
May 29, 2004
490
US
Seeing the many problems listed here I wanted to point out a tool that I used recently tried and was amazed by the results. I had a system with problems that I could usually handle but this problem would reproduce even with system restore off and in safe mode. I found this program, ComboFix, so with nothing to lose, next step format and reinstall, I followed the instructions & within 10 mins. or less my problems were gone, I found it hard to beleive, but true, here is a link follow instructions carefully

If this has already been posted, sorry I could'nt find it

xit
 
Hmmm, thanks for that, I've never seen this tool before. Does it simply analyze your system, much like HijackThis, or does it also remove malware/spyware? Thanks.
 
I fixes stuff it finds.
Be careful though, Combofix is a very 'low level' tool, and can in some circumstances either fail to operate or even mess up your system, It will warn you of this when you run it.

A similar highly effective deep scanner with the same sort of warnings is SDFix.

I would only use these if you are pretty sure you have an infection, don't use them as a scheduled scan on clean machines.




Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
It actually scans and removes but it also acts like HJT as it saves a log to be analyzed, but what suprized me is the speed of the scan.

xit
 
Its fast becaause its scanning outside of the OS.
And this why its difficult for the infections to fight back.

But it also accounts for the dangers of use.


Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
As I stated in my initial post it is a last resort tool, be sure to back up any valuable data before use, but it is indeed a fine tool when all else fails

xit
 
Thanks all for the additional info: thank goodness then - at last, a tool that scans quick. I must check it out.
 
I know I've seen combofix before, and maybe even used it on at least one occasion, but I keep forgetting about it. Thanks to xit for the link to the "how to" - I know I've seen it before, but it helps to remember.

Also, thanks to sggaunt for the mention of SDfix - I think I've seen that one mentioned, but I'm pretty sure never used it.

--

"If to err is human, then I must be some kind of human!" -Me
 
Thought I'd mention this for others who were unaware, regarding SDFix. Apparently that program only works on Windows 2000 and XP, so if you are working on a Vista machine, that app will be no help. I got the info from various forum boards after searching for the app.




--

"If to err is human, then I must be some kind of human!" -Me
 
combo is not a tool of last resort. However, it should only be used by qualified persons, as in the wrong hands it can cause serious damage, as the log it makes needs to be anaylsed properly.

I have been using combo and sdfix for a few years now! As mentioned combo can run on Vista, sometimes it doesn't, I'm not sure if sdfix is yet compatible with Vista!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Hi pechenegs!! You have been away for some time.
I hope the rest of us have been able to keep up standrds while the 'Pro' has been away?





Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
hi Sggaunt, thx for the warm welcome, how are you?

I'm sure your all doing just fine! :)

My main gripe from reading some of the most recent posts is that posters
should all refrain from using online hijack this anaylysis tools as
these can be dangerous, you will get banned from other web-sites which
specalise in hijack this and malware cleaning for doing this!


Anyway, good to be back, took a bit of a time out as I got fed up
fighting the usual suspects which are still with us, nothing changes!


See this thread below on posters suggesting hijack this automated
analysis web-sites!



Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
pechenegs said:
My main gripe from reading some of the most recent posts is that posters
should all refrain from using online hijack this anaylysis tools as
these can be dangerous,
Click to expand...

Can you elaborate? How are they dangerous?

--

"If to err is human, then I must be some kind of human!" -Me
 
Thank you I am fine.
Yes I can see where you are commming from on the HJT analisers.
and I agree It is a bad idea to simply take the results at face value.



Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
@ kjv1611 , because if they make a mistake then someone's computer is getting hosed.

remember svchost.exe, well many hijackers use a similar file name such as Scvhost.exe which can easily be confused with the legitimate Windows file!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Good points. I'll definitely keep that in mind in case I use any hijack logs myself in the future.

Thanks, pechenegs.

--

"If to err is human, then I must be some kind of human!" -Me
 
Just found this as another example of a virus using something similar to svchost.exe.

in the example below only one letter is different and it uses the title @intel@ which many might think is to do with the legit Intel processors!




O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\opolmm.dll",setvm
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe





Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Greets Pechenegs... your presence was surely missed...

about the online HJT analyzers, I agree they can cause more trouble than they help in the wrong hands...

that is why I only use them as a reference, KJV had asked about them and that is the reason I had posted the link to the German one, which I had found to be more reliable than the others...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Status
Not open for further replies.

Similar threads

kjv1611
  • Locked
  • Question
AdwCleaner - Any Good? 1
Replies
2
Views
137
kjv1611
kjv1611
LonnieJohnson
  • Locked
  • Question
Apps/Tools for seeing potential threats
Replies
1
Views
119
ChrisHirst
ChrisHirst
mscallisto
  • Locked
  • Question
Where did I catch that stinking virus?? 4
Replies
15
Views
239
Sympology
Sympology
2ffat
  • Locked
  • News
Sophos thought you might enjoy a good laugh today 2
Replies
3
Views
105
MiggyD
MiggyD
Sympology
  • Locked
  • Question
MS - Enhanced Mitigation Experience Toolkit
Replies
0
Views
85
Sympology
Sympology

Part and Inventory Search

Sponsor

Back
Top