×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Another good tool that works quickly
4

Another good tool that works quickly

Another good tool that works quickly

(OP)
Seeing the many problems listed here I wanted to point out a tool that I used recently tried and was amazed by the results.  I had a system with problems that I could usually handle but this problem would reproduce even with system restore off and in safe mode.  I found this program, ComboFix, so with nothing to lose, next step format and reinstall, I followed the instructions & within 10 mins. or less my problems were gone, I found it hard to beleive, but true, here is a link  http://www.bleepingcomputer.com/combofix/how-to-use-combofix
follow instructions carefully

If this has already been posted, sorry I could'nt find it

xit

RE: Another good tool that works quickly

Xit, thanks, though I've known, and probably many others, about this program. I did not post it due to the fact that it is just another tool in my box to fight nasties...  

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.

RE: Another good tool that works quickly

Hmmm, thanks for that, I've never seen this tool before. Does it simply analyze your system, much like HijackThis, or does it also remove malware/spyware? Thanks.

RE: Another good tool that works quickly

I fixes stuff it finds.
Be careful though, Combofix is a very 'low level' tool, and can in some circumstances either fail to operate or even mess up your system, It will warn you of this when you run it.

A similar highly effective deep scanner with the same sort of warnings is SDFix.

I would only use these if you are pretty sure you have an infection, don't use them as a scheduled scan on clean machines.


  

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: Another good tool that works quickly

2
(OP)
It actually scans and removes but it also acts like HJT as it saves a log to be analyzed, but what suprized me is the speed of the scan.

xit

RE: Another good tool that works quickly

Its fast becaause its scanning outside of the OS.
And this why its difficult for the infections to fight back.

But it also accounts for the dangers of use.
 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: Another good tool that works quickly

(OP)
As I stated in my initial post it is a last resort tool, be sure to back up any valuable data before use, but it is indeed a fine tool when all else fails

xit

RE: Another good tool that works quickly

Thanks all for the additional info: thank goodness then - at last, a tool that scans quick. I must check it out.

RE: Another good tool that works quickly

I know I've seen combofix before, and maybe even used it on at least one occasion, but I keep forgetting about it.  Thanks to xit for the link to the "how to" - I know I've seen it before, but it helps to remember.

Also, thanks to sggaunt for the mention of SDfix - I think I've seen that one mentioned, but I'm pretty sure never used it.

--

"If to err is human, then I must be some kind of human!" -Me

RE: Another good tool that works quickly

Thought I'd mention this for others who were unaware, regarding SDFix.  Apparently that program only works on Windows 2000 and XP, so if you are working on a Vista machine, that app will be no help.  I got the info from various forum boards after searching for the app.


 

--

"If to err is human, then I must be some kind of human!" -Me

RE: Another good tool that works quickly

combo is not a tool of last resort. However, it should only be used by qualified persons, as in the wrong hands it can cause serious damage, as the log it makes needs to be anaylsed properly.

I have been using combo and sdfix for a few years now! As mentioned combo can run on Vista, sometimes it doesn't, I'm not sure if sdfix is yet compatible with Vista!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Another good tool that works quickly

Hi pechenegs!! You have been away for some time.
I hope the rest of us have been able to keep up standrds while the 'Pro' has been away?



 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: Another good tool that works quickly

hi Sggaunt, thx for the warm welcome, how are you?

I'm sure your all doing just fine! :)

My main gripe from reading some of the most recent posts is that posters
should all refrain from using online hijack this anaylysis tools as
these can be dangerous, you will get banned from other web-sites which
specalise in hijack this and malware cleaning for doing this!


Anyway, good to be back, took a bit of a time out as I got fed up
fighting the usual suspects which are still with us, nothing changes!


See this thread below on posters suggesting hijack this automated
analysis web-sites!


http://www.tek-tips.com/viewthread.cfm?qid=1551201&page=1

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Another good tool that works quickly

Quote (pechenegs):


My main gripe from reading some of the most recent posts is that posters
should all refrain from using online hijack this anaylysis tools as
these can be dangerous,

Can you elaborate?  How are they dangerous?

--

"If to err is human, then I must be some kind of human!" -Me

RE: Another good tool that works quickly

Thank you I am fine.
Yes I can see where you are commming from on the HJT analisers.
and I agree It is a bad idea to simply take the results at face value.

 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: Another good tool that works quickly

@ kjv1611 , because if they make a mistake then someone's computer is getting hosed.

remember svchost.exe, well many hijackers use a similar file name such as Scvhost.exe which can easily be confused with the legitimate Windows file!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Another good tool that works quickly

Good points.  I'll definitely keep that in mind in case I use any hijack logs myself in the future.

Thanks, pechenegs.

--

"If to err is human, then I must be some kind of human!" -Me

RE: Another good tool that works quickly

Just found this as another example of a virus using something similar to svchost.exe.

in the example below only one letter is different and it uses the  title  @intel@ which many might think is to do with the legit Intel processors!


http://forums.techguy.org/malware-removal-hijackthis-logs/556025-trojans-viruses-pls-help.html


O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\opolmm.dll",setvm
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe



 

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Another good tool that works quickly

Greets Pechenegs... your presence was surely missed...

about the online HJT analyzers, I agree they can cause more trouble than they help in the wrong hands...

that is why I only use them as a reference, KJV had asked about them and that is the reason I had posted the link to the German one, which I had found to be more reliable than the others...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close