ComboFix

ComboFix, developed and maintained by "sUBs", is designed to cleanup malware infections and restore settings modified by malware. It works on 32-bit versions of Microsoft Windows 2000, XP and Vista.
Origin
Combofix was originally designed as a program to help remove SurfSideKick, QooLogic, and Look2Me infections. Since then, various other infections have been added as have a range of other features.
Features
Files Created - Lists all files created in the last 30 days.
Find 3M - Lists all files created or modified in the mast 3 months. This list is limited to 100 entries.
AWF Report - Lists duplicate bak folders if they exist on a system.
Signature Checking - Checks a variety of files against patching and modification. Subsequently reports any that fail the signature check.
RegLoadingPoints - Similar to HijackThis, reports the contents of a variety of registry loading points.
NetSvcs Checking - Checks the number of NetSvcs entries and if they exceed a particular number, the whole list is reported.
Remove Orphans - Automatically removes orphaned entries in a variety of areas in the registry.
Supplementary Scan - Checks additional loading points for malware.
Lists contents of Scheduled Task Folder
Catchme by GMER - This is a rootkit detection scan. It compares the registry hives to the hive files. This will show rootkit loading points, that otherwise would be hidden. This can generate false positives if the hives in memory have not updated the hive files.
Locked Registry Keys - Reports any registry keys that have been locked.
How it works
ComboFix is an executable software, intended for users with advanced computer skills to run only on occasions where a regular antivirus would not detect certain malware, or where an antivirus cannot update or otherwise function.
This cleaning utility runs itself and scans the entire computer system, including more notable areas such as the registry and the system root files, where most prevalent malware are most likely to hide.
Furthermore, ComboFix also displays a report of malware that were not able to be removed. The report is accepted by many forums, where experienced users analyze them and advise users further steps of action.
Capabilities and Integrated Utilities
*Integrates NirCmd, a command-line tool.
*Can unhook any .dll file in the system32 folder.
*Command-line which allows users to delete up to 8 files at a time
*It can often run on systems where few Anti-malware programs can run because it is not a standard program.
Known issues
*ComboFix is made to only run on 32-bit versions of Microsoft Windows 2000, Windows XP and Windows Vista.
*As antivirus software can not discern good and bad uses of some programs, some antivirus software may detect ComboFix as malicious; for example it uses NirCmd, which is considered as a backdoor by many antivirus software.
*ComboFix may disrupt internet connectivity. The majority of times only a simple fix is required.
*ComboFix may attempt deletion of all files from the system drive on systems infected with a specific rootkit.
 
< Prev   Next >