ComboFix - Malware Removal Tool


Again, I am writing this down more for my own future reference, with the hope that it will benefit others Googling for this info as well.

ComboFix is a relatively unknown but surprisingly good anti-malware tool. I had in the past received a number of computers from relatives/friends that have been infected with malware. The general characteristics are that the machines boots OK into Windows, but runs erratically eg. displays fake error messages, prevents you from running certain executables, logs you off after awhile etc.

In my experience, it was impossible to get the existing antivirus software to perform a proper scan, or to install a new antivirus software because the system ran so erratically. Offline antivirus software that runs off a CD didn't help much either. I have a collection of them and none of them had helped on the computers I was trying to fix.

Enter ComboFix, which was able to get the computers back into good enough working condition so that I can reinstall the antivirus software and perform a proper scan. I am not sure what's the exact magic behind the program. It seems to "implement a collection of pre-made fixes for large amount of known malware and hunts down all files associated with it". Sounds good to me!

Windows Repair (All In One) is also helpful after running ComboFix. Some malware messes up all kinds of stuff, and functions like "Set Windows Services To Default Startup" is invaluable for straightening the system.

Of course, some people will tell you it's best to wipe the machine when it has been compromised. From a technical point of view, I would totally agree and will do it with my own machines. But in the real world with real people, that's not always the ideal solution for them. So I am glad ComboFix and Windows Repair AIO has enabled me to help some people along the way.

Comments

Popular posts from this blog

Adding "Stereo Mixer" to Windows 7 with Conexant sound card

Attiny85 timer programming using Timer1

Hacking an analog clock to sync with NTP - Part 5