How to use combofix

Posted by on Apr 25, 2012 in Security BlogNo comments

Combofix is a free tool provided by a community run forum known as bleeping computer and is one of the best tools for removing exceptionally complex malware.

This guide explains how to use combofix, and when you should use it. Please note that combofix can damage your computer if not used correctly, so always seek professional help prior to running this software if you are unsure of any aspect about its usage.

When to use combofix

Combofix should be used if you have malware on your PC. It is particularly good at removing windows rootkits and unhooking rogue dll and exe files from your systems processes. I would always attempt to scan and clean your computer first with the more user friendly Malwarebytes, which is another great free program for removing Malware/Spyware.

How to use combofix

1) Download combofix.exe from bleepingcomputer.com

2) Prior to running combofix shut down all applications, including any web browsers, and disable your antivirus by right clicking on it and disabling protection.

3) You can now run the combofix.exe and a blue screen will load up, and prepare the application. Combofix will automatically attempt to create a system restore point, so in the event of any problems you can restore your PC back to its prior state.

4) Before the combofix scan begins it will install the recovery console which is used to run various microsoft commands against your system i.e in the event it needs to repair a bootsector from a virus attack.

5) Once installed the blue screen can commences and you do not need to do anything else to use combofix, it will automatically scan and attempt to remove rootkits and malware. As it scans through up to 50 phases, it will inform you on screen.

6) If any harmful files are found when combofix is in use, you will be notified with a popup box and the severity of the threat, and what to do to fix the issue (normally it asks you to reboot). Let the scan complete first.

7) Once the scan is completed a log will be generated and dumped into C:\combofix.txt for you to upload to experts on bleeping computer’s forums to further assist in the groups research and development, and if needed assist you in removing malware should combofix be unsuccessful.

A typical screen of combofix when it’s running:

How to use combofix

If you have further questions about how to use combofix please post on bleeping computers forums. Has your business been affected by worms and virus attacks? Considering our full penetration testing service.

 

m4s0n501

Registered Memberships and Partners:

OWASP - Open Web Applications Security Project
ISSA UK - Information Systems Security Association UK
NIST - Computer Security Division of NIST
UKITA - UK Information Technology Association
ISF - Information Security Forum
ISACA - Information Security Audit & Control Association

  • Latest Tweets

    • The UK government last week has partnered with insurance companies to develop the "cyber insurance" market.

    • Drupal website security bug claims up to 12 million hit by hack that came out on October 15th.