ComboFix & MBAM - basic posts

I saw the recommendation to run Malwarebytes in normal mode in another post but they left no supporting documentation and I couldn't find an official reference to it until reading your linked article in the Malwarebytes Forum.  

I also found this contribution from exile360 particularly interesting

If there are multiple user accounts on the PC, MBAM will need to be run (at least a quick scan) on each to scan each respective registry because it currently contains no method to load alternate user hives the way that Spybot Search & Destroy and some other tools do.

Regarding scanning all user accounts, it isn't on the homepage or anything, but is recommended by the experts and developers of MBAM and has been by them many times here on the forum. It generally isn't necessary to do so to kill the actual infections themselves as most infections affect all user accounts and can be killed that way, it simply helps to make sure you remove any traces in the registry that might be left over in individual users' profiles.

Thanks for the "Official" recommendation.

Well apparently I'm here because it was assumed by Vee_Mod that I was suggesting that MBAM or CF be run in safe mode FIRST.  I did not advise the user to run MBAM or CF in safe mode first.  My response was based on the countless suggestions and failure to resolve the person's issue that I then suggested run these CF in Safe Mode first.  

I've successfully helped other users on this site remove spyware by running CF or MBAM in normal mode, but in the event they are unable to or remove the HDD to be scanned externally; run it in safe mode to resolve the issue.

Running either in Safe Mode is definitely a last ditch effort [which does work btw] but it should not be the first choice.  

My apologies to our own malware removal experts, especially rpggamergirl and IndiGenus.

I reread my original response and realized that only BleepingComputer was mentioned. BleepingComputer usually has very good removal instructions for known (identified) malware. When I get stuck, it's time to turn to EE.

BGTSLLC,
It would help if you posted links to the questions you are talking about.

No-one with any credence on this site has ever stated that you 'never' run either of those programs in "Safe Mode" - only that it is never your first choice.

As a "Certified Helper" for ComboFix (created by sUBS), I take my lead from 'rpggamergirl' for any recommendations about CF. I don't think anyone but Certified Helpers actually have direct access to him, so the rest of us are left to gather information where we may.

'rpg' has personally helped me (along with hundreds of others on this site) and I am convinced that we can take her advice to the bank.

Gotcha; but my posts were removed by Vee_Mod.  

Basically after reading through all the efforts, suggestions, etc. that had failed to resolve the two posters who needed help; I suggested that she run either CF or MBAM in safe mode.  

Apparently this created quite the uproar; much to my surprise.  My suggestion was not a first response effort; it was based on the fact that after all the other suggestions given; the person was still unable to resolve the issue; mind you AT the time I posted.  I'm not aware of all the interactions and personal relationships of folks on EE; so if I stepped on someones toes; my apologies.  I just run my own business and in the effort to help folks keep their machines clean or clean them at times I've had to run CF/MBAM in safe mode to resolve the issue.  I've noted no negative side effects, etc.  

So not quite sure where or what caused the uproar as I was not advising the user to do something FIRST or break with protocol.

Thanks!

Just as an FYI - all of the Admin types (Badgers) can be reached by email if you need to talk to them off-site.
The default email address is their EEname@e-e.com

If you have a conflict with a Mod, they will bring in another Mod or Expert and do a "Private Discussion" that only you and them can see - to work things out.

Also - posts are never 'removed' on EE. The Badgers can 'mask' them so regular Members can't see them, but they are always left in place. If/when a comment is wrongly masked, they can unmask it with the click of mouse.

Is there some sort of Spyware/Malware guide that could be made available to people looking for solutions that would be contained on EE?  Basically one that states; here are the basic agreed upon typical 1st steps of spyware/malware removal and the software solutions we recommend first?

I'm willing to be a part of that solution and assist but perhaps EE has others in place for that?  I think at least something like that would resolve 80-90% of most spyware/malware issues.  Perhaps the issue becomes that some wouldn't get points, etc.

I just got dinged for 'Abandoning' this question, and have been meaning to post a sample of rpg's suggested use of "ComboFix".

Anyone should feel free to post this as an "Expert Comment" - but no one should use the logs to post a [EDIT] unless they are a "Certified Helper" for CF.

Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run, re-download and rename before saving to your desktop  use the Save As function) 
 
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix. 
 
Note:
Do not mouse-click ComboFix's window while it is running. That may cause it to stall. 
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. 
  
If needed, here's the ComboFix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
                                              

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:

Just to add younghv's above post:

When you're done with ComboFix, it needs to be uninstalled.

To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /Uninstall

>>>"here are the basic agreed upon typical 1st steps of spyware/malware removal and the software solutions we recommend first?"<<<

Some Experts' first step in malware removal is to straightaway disable System Restore and that's not a sensible thing to do while cleaning the system... we shouldn't disable System Restore until after the removal of the infections as those restore points even though infected might be needed.

There's an article about it --> http://www.experts-exchange.com/articles/Software/Internet_Email/Anti-Virus/Viruses-in-the-System-Volume-Information-System-Restore.html

rpg -

Both the CF uninstall instructions and the System Restore Article are outstanding!

I would like to see more Experts posting Articles on the 'Basic Troubleshooting' concepts.

Here is my first attempt at an article and all are invited to read and comment - thanks.
http://www.experts-exchange.com/articles/Virus_and_Spyware/Anti-Virus/BASIC-MALWARE-TROUBLESHOOTING.html

How do you become a certified helper for CF?

>>>"How do you become a certified helper for CF?"<<<

Ooops sorry bol... I'm behind with my subscribed threads.
You don't get a written certificate... but once you're done and passed your training in malware removal you then become a Helper/Trusted Helper which means Approved and Qualified(based on their standards) to help users clean their systems and write CFScript etc.

And yes, sUBs doesn't want his tool to be discussed in any public forums.

Thanks!  The caution makes sense.  The response was still enough to explain.  The program is sooo amazing that I am intrigued to learn what I can but it is also obviously involved enough that it isn't something to be learned casually or quickly (or at least that is my impression).  If I am wrong then maybe I have to pursue it some so I can finally interpret my own CF Log files. :)  (I still have 2 I have been meaning to look at closer or post here in questions)

bol

All - another request for everyone to refer Experts to this string when they see improper ComboFix usage recommendations out there.

We have a whole bunch of folks who have heard of it, but no clue how to actually use it. We (the whole EE team) are doing a real disservice to some poor Asker if we don't try to protect them from inaccurate/improper advice.

All - have you noticed how EE 'pings' you with an email message if you leave your question open and don't post a comment?
Makes you wonder how some of the Asker's around here will leave a question abandoned for months/years.

Anyway - new Expert in the malware Zones (teksquisite). I invited her to stop by and check in here. Hope she does.
Vic

There is no subscribe - so I guess I just have to post to get notifies.

I did not advise anyone to run anything in safe mode either!  If I am going to be consistently censored with well over 15+ years experience - I'll just answer technical questions elsewhere.

tek - this is just a generic 'hang around' question (20 pointer) for those of us who post in the anti-malware Zones.
No one is saying you did (or didn't do) anything.
I just invited you in here so that you can post any offline comments/questions/suggestions.

It was an invitation to join us - not some kind of chastisement.
Vic

ahhh ok - I guess I was just reading the tech stuff a few lines up!  Sorry about that.  

We should also all feel free to post links to questions that could use some extra help. I will frequently post the basic stuff I know, but then get stymied and ask someone to lend a hand.

All - as a 'True Confessions' kind of post (and because I got pinged by EE again) - my basic procedure for using MBAM and CF was to always run in Safe Mode before booting to Normal and re-running. I know that I read the recommendation here and in several other forums around the 'net - so I don't mean to give the impression that I have all the answers.

rpg hooked me up on the CF procedures and I was just cruising through the MBAM forum one day when I found the other info.

It seems as though in this business if you aren't actively researching on a regular basis, this stuff just passes you by (at least it does for me).

ComboFix should be online again hopefully soon, beta is already released.

But some jerk had the nerve to bad-mouthed sUBs because ComboFix was taken down.
Check out Grinler's blog about it.
http://www.bleepingcomputer.com/forums/topic279176.html

Thanks for posting to let us know.  Having just read the newsletter I think the quote Netminder used in his C101 tribute is very fitting.

"Better to keep your mouth closed and be thought a fool than to open it and remove all doubt."

Now we all know.  I really never wish anyone bad fortune but I must say that kind of attitude usually never leads to success and most often hastens failure (in a nice big display of flaming carnage).

I am glad sUBs did what he did and continues to provide such a great tool.

bol

All - while doing 'Cleanup Volunteer' work, I am seeing a ton of 'Safe Mode' recommendations and a few folks who are posting the same 'macro' in every situation.

When you see this type of post, please invite the Expert to this link and see if we can help improve the quality of advice being given.

What I said in my last post needs to be repeated (plus this is showing as an 'abandoned question').

All - while doing 'Cleanup Volunteer' work, I am seeing a ton of 'Safe Mode' recommendations and a few folks who are posting the same 'macro' in every situation.

When you see this type of post, please invite the Expert to this link and see if we can help improve the quality of advice being given.

All,
While responding in this question (http://www.experts-exchange.com/Q_26495569.html#a33759933) I double-checked at the MBAM forums (http://forums.malwarebytes.org/index.php?showtopic=45511&hl=Antivirus+Suite) and found the recommendation to use "SAFE MODE" (for that variant).

I thought it worth noting, since I had never seen that recommended before.

Yes, in some variants MBAM needs to be installed and then renamed in safe mode so nasties don't see it, but the scan is done in normal mode after updating the tool.
Antispyware Soft, AKM Antivirus 2010 Pro among them.

@rpg - thanks for the follow-up. Good to see your name.

I went back and read that link more carefully and realized that I misunderstood it the first time.
"Safe Mode" to download, install, and then rename.
"Normal Mode" for the actual scan.

Good catch - thank you.

Vic

Wow - no wonder this is in the Cleanup Queue.
Just posting to keep it active.

Post.

Please look at this question:

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/AVG/Q_26779832.html

Asker is proposing a proceedure whereby Combofix can be run without uninstalling AVG.

Can anyone think of an argument against this which will convince the asker that this is a bad idea? I don't think he is persuaded by what I have said.

Heh - I see you got some extra help on that one.

Thanks for your support in the question.

I guess the issue of treating Combofix with the respect that it deserves is never going to be fully reesolved...

photo - I am seeing more 'run combofix' posts than ever before - and obviously from people who have little or no experience with the product.

I just invited an Expert over here to discuss running CF on Server OS's - TMK something that is verbotten (but I'm always willing to learn new trick).

http://www.experts-exchange.com/Q_26789146.html#a34771877

Well, the Combofix tutorial at Bleeping Computer says:

"...At this time ComboFix can only run on the following Windows versions:

Windows XP (32-bit only)
Windows 2000 (32-bit only)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)..."

That seems pretty clear.

I agree, but it is a frustrating trying to deal with all of these self-proclaimed Experts.
It is times like this that I really miss 'rpg' - or any qualified ZA to step in and correct these errors.

@Vic -- what's up with rpg? I haven't seen any activity from her for several months.

I disagree that running MBAM in safe mode is a waste of time. Normal mode was not an option on some of the PCs I've dealt with lately. Couldn't get in to run anything even after disabling non-MS services and startup items using msconfig and autoruns in safe mode. If you can't run anything, rkill and the like don't help either. MBAM is effective when run in safe mode. I do followup with a complete scan in normal mode, usually after running ComboFix (which can also be run in safe mode when push comes to shove).

Hey Dalton - not sure of the details, but I sure miss her.

Don't get me wrong on my 'Safe Mode' comment. Hell if the computer won't boot to Normal, a man's gotta do what a man's gotta do.

Running it in Safe Mode - when the computer will boot to Normal - is what I was calling a waste of time.

My beef is with these posts ("macro posts" I think) with the same crap every single time. It just irritates the smack out of me when these people run all over the site posting the same exact advice - without even bothering to try to identify what the real problem is.

There's one guy running around posting the same list of 7-8 different programs to run every time he sees a question in the malware Zones. No instructions or anything, just a bunch of links.

I think I'll take a break and go chop some firewood - based on our weather forecast over the next few days, we're going to need it.

I miss you too Vic, that's why I'm still here... checking your thread once in a while :) .
You're the one person who helped and has supported me in all my years here at EE, I do appreciate it thanks.


Here's my .02 with regards CF and MBAM.
Many people believe that running CF or MBAM from Safe Mode is better, but that's not true because CF and MBAM are optimized to run from Normal mode, that's where they work best. Running in Safe Mode is only necessary if users have trouble loading Windows in normal mode, or in special cases where CF or MBAM just won't run successfully in normal mode.

Yes, ComboFix doesn't like it when AVG or CA Internet Security Suite is installed in the system so the user must uninstall this first before running CF.
Sometimes even when AVG is already uninstalled but its folder is still present CF may still complain so the AVG folder needs to be deleted.

ComboFix also pops up alert if an AVG entry in the WMI is present (you can remove its entry following the steps in one of my articles) or you can just ignore it and ComboFix will still run.

ComboFix in Windows 2003 Server:
We should not be recommending CF to be run in systems other than those CF is designed for.
CF will run in 2003 Standard Server but doing that is a big risk to take... Things have gone wrong when CF is run in the systems it is designed for, so how much likely things could go wrong if we disregard the author's instructions?
sUBs doesn't even want users using ComboFix without a Helper who is trained to use the tool.


>>>"There's one guy running around posting the same list of 7-8 different programs to run every time he sees a question in the malware Zones. No instructions or anything, just a bunch of links."<<<

These Experts are mostly fishing for points, and it works for them... spaghetti answers don't really add quality to EE's database but then EE encourages this by awarding Experts with goodies/certificates and providing them a "Hall Of Fame" for accumulating high points. Experts are ranked by how many points they have, not necessarily by the quality of their answers, so there will always be some spaghetti posts out there.


With regards to my long absence:
It started when I had that injury which took a long time to heal(was very painful).
Right now, I'm a little preoccupied with problems at home and other things unfortunately.
I used to feel that posting at EE is very satisfying, fullfilling and very relaxing but it hasn't been like that to me this year.
A few years as Zone Advisor I've also made a few enemies :(.
And after getting many negative comments in one of my articles(some of which are downright rude and insulting) I kinda lost that enthusiam especially when Admins think that those comments are a good thing and shouldn't be hidden (thanks to the kind PE who hid them, lol).

Vic, I'm about six months behind of PE news, much have changed... What's that No vote -50 points? Sounds like a penalty for writing not-so-good content, lol... I never did like the voting option in articles.

I can understand why so many people write articles for other sites like Squidoo etc, they make it so attractive for the authors. In fact, authors/lensmasters could earn up to 75% commission by promoting products in their articles, they also get 50% of the adsense revenue earned from their pages. I don't want commission nor adsense revenue, but it would be good if EE is a teeny-weeny bit supportive to article writers.

Sorry, this post sounds more like a rant than anything.

rpggamergirl,

Good to hear from you again. You have been much missed in the Virus and Spyware zone. Sorry to hear that you have had to step back from ee for health/home reasons.

I hope you soon find the time and the motivation to continue contributing. Speaking personally, I have learnt more from ee than any other tech forum, and I have learned more from you - directly and indirectly - than any other expert.

Welcome back.

Hiya Kiddo -
Great to see you posting - no matter what the circumstances.
I'll hit you up off-line and we can talk a bit.

Glad to know you're still hanging tough down-under.

I'm on the road this week and trying to pretend I know how to type on a laptop - my finger haven't quite figured this thing out.

Take care and I'll check in with you when I get back home.
Vic

phototropic,

Thanks for the warm welcome.
I won't be actively posting for a while, just taking it easy, plus I'm a bit rusty and out of touch with the latest.

Same here, I've gained so much from EE and have learned a lot from you guys.


Vic,

Yeah the keyboard takes a bit of getting used to, the whole laptop in general...I still use a mouse with it :) .
Catch up with you offline.

Take alook at this!!!

http://www.techrepublic.com/blog/doityourself-it-guy/diy-free-tools-for-removing-malicious-software/115?tag=mantle_skin;content

I've subscribed to Tech Republic for a long time and find it to be a useful resource. But the above post is so wrong it's concerning.

"...Combofix is my first line of defense tool when I suspect something has taken over a machine..."
"...to be on the safe side, I prefer to run Combofix with the computer in safe mode..."
"...(Malwarebytes) free version must be run manually. This is not a problem if you are in control of all the PC scanning, or you can trust your users to manually run the software nightly (as well as manually update the definitions often.) If you can not trust your users to run this piece of software, you might need to buckle down and drop the $24.95 for the licensed version..."
"...After using so many different anti-virus tools, the one tool that seems to work nearly as well as any other, without any attached cost, is Microsoft Security Essentials..."

I don't know who this guy is, but he's advocating running free apps in a corporate environment (ie. a lot more than the Microsoft limit of 10 pcs).  He's also telling anyone who'll listen to run Combofix first, and do it in safemode.

I think he sounds dangerous.

@pt -
Unbelievable, but unfortunately bad advice gets thrown around pretty casually.
I would expect better from TechRepublic.
I'll have to dig up my username and password over there and offer that moron a few thoughts (as many have done already).

Your comment here (http://www.experts-exchange.com/Q_26847699.html?cid=1573#a34987278) deserves a response.

IMO - when we see garbage posted, we need to politely inform the "Expert" posting it that they are wrong - and tell them why.

If they don't like it - and depending on how they respond - we should use the 'Request Attention" function and get a Zone Advisor/Moderator involved.

I haven't been very active in our Zones for quite a while, but I am really ashamed of some the the advice being given - with a couple of 'Google Monkeys' grabbing lots of points for worthless suggestions.

The advice we post is way too critical to allow this crap to go on and I've been 'gently' advising when I see it.

I think we should also invite these people to subscribe to this thread so that we can discuss differences 'off-line' and away from the technical question.

BTW - if you ever see me really flub one (sometimes my fingers get way ahead of my brain), please let me know and I'll correct it.

Thanks,
Vic

"... but I am really ashamed of some the the advice being given - with a couple of 'Google Monkeys' grabbing lots of points for worthless suggestions..."

I know what you mean.  I guess the Virus and Spyware Zone is an easy target for points fishing. Personally, I wouldn't consider posting in the MS SQL Server 2008 or DB Reporting Tools TAs unless the question posted was something which I had direct experience of solving.  And even then I think I'd hang back.
But Virus and Spyware questions seem to invite responses from anyone who owns a computer.  And that's when people start recommending Combofix downloadsfrom suspect websites and running apps which haven't been updated in several years.

http://www.experts-exchange.com/Q_26853892.html

I sometimes wonder if people aren't just sitting around with the same "posts" open in a spreadsheet or something.

The same damn advice - regardless of the actual symptoms or situation.

S_85 -
My primary concern in ALL malware questions is to get targeted advice to the Askers.
We have a whole host of "Experts" who throw the same damn post at every question posted - and those who 'pile on' with every conceivable applications known to Google.

The ONLY acceptable practice in our Zones is to:
(1) Identify the damn problem, and
(2) Recommend ONLY the indicated solution.

Stay subscribed in here and throw in your 2-cents whenever you fell like it.
This is in 'Public View', so we have to maintain our decorum a little bit, but not all that much.

Hey Dalton!
Good to see you.
I agree and have started getting just a little vocal here in the past couple of weeks.
"Trolls" and these people who post the same damn advice that is already in there can really get my goat.

Vic

"...The same damn advice - regardless of the actual symptoms or situation..."

Can't the mods "have a word"?

Hey Vee: "Be careful of too much complaining. I did that once too often and they stuck me with this Moderator job."  ROFLMAO!!!!
Hey RPG: Virut is back (hows that for a big yuch!)

And to all of you:  I always read as much of all of the existing posts as is practical (But; always the entirety of the question) and it sure is a shame that too many seem to butt in with an off the wall comment (without having read that question all too often) which; unfortunately, diminishes the eficacy of others comments.  (Sorry; I'm prone to run on sentences)

If you don't spend the time to identify the problem, you're only lucky if your solution works......

BTW; I never use MBAM and Combofix only as a last resort.

I have another suggestion for removing Spyware/Malware it works great; especially against the "Google Redirect" but other things as well:

Hitman Pro 3.5

Boot into Safe Mode w/ Networking - Spyware will often hinder it's installation in "Normal" mode; install and run; then allow it to run again in "Normal Mode" and whamo - stuff is gone.  I will then typically follow up with MBAM to ensure.

BGTSLLC,
Once again you are posting "advice" that is clearly wrong.
You obviously have no knowledge of repairing malware infections and I must ask you to stop posting in these Zones.

I am asking the Moderators to address the problems you are creating.

Wow.   But since you went there:

1.  Improper?  How so?  In quite a few instances running all of these scans don't work as evidenced by the numerous back and forth comments of using this and that.

2.  Actual knowledge?  What proof of my lack of knowledge do you have?  Can you validate your statements at least as FACT?  Have you validated my real world results and been able to consistently show otherwise that I'm incorrect and have yielded wrong results?

3.  Consistently wrong (and dangerous) how?  Do you have any documented examples where my advice has directly resulted in harm?

The beauty of the internet allows you to make a "defaming" and "slanderous" comment without actually having to validate if what you say is actually true.  In that regard; you are reckless because in a court of law you would be proven otherwise.   But of course you can offer pure speculation without having to even remotely validate your supposedly "correct" assessment.

@ younghv:

In your profile you say this about yourself:

*****
I do this EE stuff for fun and don't give a Flying Flip about points - but I do care about good manners. EE is a fun place when everyone shows a little courtesy.
*****

Now since you have desired to get the Vee Mods involved; that would also mean I'm equally entitled to "fair trial" versus being assumed guilty so please explain to me how you have maintained any of what you say in your profile?

If you disagree with my approach; I can think of at least 2-3 different ways that could be addressed.  In dealing with customer infections on a daily basis there are numerous things to attempt prior to running something in safe mode.  Safe mode should always be a last resort; but in todays world of Spyware/Malware infections; it is often times a required one.  I have a vast array of utilities in my arsenal to dispose of Spyware/Malware infections or at least repair the OS enough to allow for the installation of software that will then remove it; but in a growing number of instances; cookie cutter resolutions on the customers dime don't always work to resolve them.  Running a Hijack this is great if you want to really see all the things that are occurring; but it's also something normally run when you either know the PC is infected and can't remove it; or suspect as such based on how the system is performing.  That is great if the end user wants to know the finer points and have a better understanding.  However in majority of cases; the customer simply wants the pc fixed; plain and simple.

So while you may disagree; I don't see based on your supposed "good" manners how that means making comments that you can not factually validate.

I thought we had gotten rid of you last year, but I see you're back with the same kind of posting.

Has it ever occurred to you to read the Titles of the question?
How about reading the actual comments the real Experts have made?

This questionis a discussion of ComboFix and MBAM - not some pet theory you've come up with.

This question (http://www.experts-exchange.com/Q_26864635.html) was already solved with removal of the cookies.

If you don't like getting jumped on, then get some manners (and some knowledge).

Also - quit posting in the real questions.

Post in here - or we can have one of the Moderators open up a "Private Discussion" where we won't be wasting other people's time/cluttering up real questions.

Younghv -

You are ducking the issue.  I'm fully aware that the problem was resolved but how did I title what I said:

"Suggestion" - •an idea that is suggested; "the picnic was her suggestion"
•a proposal offered for acceptance or rejection; "it was a suggestion we couldn't refuse"

You have yet to answer why you are so hostile.  You keep talking about what I supposedly lack but you have offerred ZERO evidence to actually validate that.  The only issue "last" year was that I suggested running combo fix in safe mode to resolve the issue when after various other attempts nothing seemed to work.  

Internet insults are easier; validating them with actually proof is another.  So once again younyhv; what facts do you have to validate that I lack knowledge and have consistently yielded dangerous results?

That didn't stop you.

You ran in here (these Zones) today, posted the same crap post in about half a dozen questions - ignored all the Experts who had been working the problems (some for several days) - and now YOU'RE going to act like you're offended?

Even worse, your silly little post of:
"Install Hitman Pro 3.5 in Safe Mode w/ Networking.  That will resolve it then run MBAM afterwards." was frequently duplicating advice that had already been posted.

You're the one who is entirely in the wrong here - so you need to undestand that it is YOUR bad manners that got this ball rolling.

One more thing - you best be going back and checking that profile again.

I ain't never ducked an issue in my life - and I'm not about to start with someone like you.

Just so I understand your perspective; and that's my goal here:

So you're telling me that I somehow stepped on the "experts" toes [maybe even yours] in an attempt to offer a solution that will probably work and resolve the issue?

So in other words it's no longer about resolving it; it's about protecting "other experts" time investment?  I thought people came to EE to get answers to questions; not show some level of devotion to those who have offerred help?

So if I'm helping someone resolve an issue and you roll in with a suggestion that works regardless if it "seems silly and little" in your eyes; I should be upset because of that?  

It almost seems like ego is more important then resolution.  As to my suggestion about running Hitman Pro and it being duplicate; I didn't see that on a single thread in which I posted.  On one that another EE person posted Hitman Pro I told them I seconded it as an effective solution; to which I didn't see your objections then.

Why is it a crap post?  

Let's say what I suggest does actually work and resolve the issue.  Does that mean that all the other Experts who have offerred various solutions that failed to work should be mad at me because I offerred what I did?  

I'm not offended; quite clearly you were; hence your initial response.  So once again I'm seeking to understand your perspective.  It almost seems very protective of turf; similar to what I see from gamers who supposedly think they own a fake and virtual world.

And once again I do ask you to offer factual evidence of my lack of results.  

Please advise and thanks.

But you have most definitely made accusations without lack of proof.

So prove it.  I want you to provide factual information regarding the results.

If you can't then at least be man enough to say - I might disagree with what he is saying but that doesn't give me the right to just go off and say he isn't credible.  Provide the proof.

It appears as though you suddenly started to post advice (again) and ran around these Zones making the exact same post - with no regard for the actual question - and worse - with no regard for those who were already participation.

Both of those actions are pretty bothersome.

This entire string of posts (this question was started in 2009) was because of those who run around posting "Safe Mode" advice -- AS AS A STARTING POINT -- for ComboFix and MBAM.

It has nothing to do with HitMan Pro.

(As I recall, you were one of those making that recommendation.)

In some of your posts earlier today, you were duplicating advice that had already been posted - in some instances days earlier. That is just plain rude.

Advice posted in these Zones can have devastating results to the (typically) home user who can just barely figure out how to turn on their computers.

The regulars posting here have seen some of this 'advice' brick computers permanently - and that is a pretty sad feeling for anyone who cares about helping others.

We have any number of "Expert" running through these Zones posting "Opinion" kind of advice that has about the value of the electrons they're written on.

If you've come up with some new process/procedure that you think might work - have at it. But show everyone else the regard and respect to actually read what we have already posted - and it wouldn't hurt to throw in more information than simply "do this" or "do that".

I honestly did not recall this fact, but you were one of the primary reasons this string of posts was started.

We had a whole series of "Safe Mode" suggestion made near the end of October 2009 and 'rpggamergirl' and I (as co-Zone Advisors) decided to start this string to help everyone understand WHY it was an unsafe procedure and to enlist the help of all the regular Experts to correct the problem.

I haven't gone back through all of your prior posts, but I did find these examples:

http://www.experts-exchange.com/Q_24828798.html
http://www.experts-exchange.com/Q_24856929.html
http://www.experts-exchange.com/Q_24854459.html

With that said, I will admit that I could do a much better job of choosing words - and not reacting so damn fast when something gets my Irish up.

We would all be better served if I would learn to button my lip and go take a walk around the block - before responding.

For both of those faults, I do apologize.

Also - I believe the Moderators have already gone in to clean up my comments in the other question.
If any of my garbage is still lying around out there, post a link to the question and they will clean that up too.

"It appears..."

Younghv - that has been the start of mini a small or large scale war; especially one of words.  

I'm not a drive by sensation but I am a bottom-line result person that runs a business that gets paid to achieve results.  I would not advise a course of action without having validated the results.

I'm well aware that this board has nothing to do with Hitman Pro persay as I've been monitoring it for quite some time and recently noticed increased activity.  My post to the board was meant solely as a suggestion in keeping with the other utilities that already exist since I use it inconjunction with MBAM.  While Combo Fix is an effective tool; of late I have found it not to resolve issues like it used to.  As I'm sure you're well aware; Spyware/Malware has continued to evolve and the White Papers written continue to behind the scenes acknowledge that any particular Anti-Virus/Malware/Spyware solution achieves on average less then a 40% success rate in comparsion to what exists.  Obviously inconjunction with other network facets [Hardware & Software] and domain GPO's such percentages can be greatly increased but in terms of "residential" solutions; they typically have a one solider army trying to wage a multi-front war; hence why this board speaks to Combo Fix inconjunction with MBAM.  My suggestion was simply meant to state that another alternative that has yielded validated results weither in Normal or Safe mode was Hitman Pro and MBAM; especially with how Hitman Pro goes about validating items during it's scan.  

I'm not sure what qualifies one as a "regular" since I pay for membership and seek to help whom I can when I can.  As to one being an "Expert" or not; I guess that depends on who is the judge; EE or our continuous growing customer base?

As to how I posted it; well that is a matter of your opinion versus mine.  Our customers from across the country have been very thankful when after attempting all the recommended solutions from the "local" techie; we offer a simple one that resolves the issue.  How it was posted is exactly how it has been relayed from time to time when we simply help someone for free at no charge; because we help who we can help when we can help them.  They are appreciate of the support we provide; at times spending well over an hour explaining and providing additional training and tips.  These residential customers that you are so concerned about and suggested and implied I'm just a flippant poster who doesn't share that same concern is simply unfounded.  You don't know me well enough to have stated what you did nor come across as you have.  You may post more often then I but that doesn't make you an owner or perhaps better termed based on your actions an "Internet Enforcer".

As to actual results; we have not experienced a single [yes I said single] failure when using Combo Fix or Hitman Pro in Safe Mode; and we've done this more then just a few wee times.  Does that mean Safe Mode should be the first place to attempt this?  Obviously not; but it shouldn't be ignored either as a potentially viable solution.  We've seen the results you've mentioned when never even going into Safe Mode.

As to participation - I deem participation when it comes to these boards as a paying member.  My company pays for our membership thus we are participating.  You and others might disagree with that and hey that is a right that through your service and those in my family have fought for us to have.

However, I would ask in the future that before you immediately assume the worse about me just because something "appears" a certain way; and to lump sum me in to whatever group you deem as "someone like me" [that could liberally be inteperted many ways]; ask first.

And just to set whatever EE Ettitiqute record straight that I need to; my apologies if I stepped on anyone's toes as that was not my intent.