ComboFix? Rootkit solution?

Lots of people have been offering ComboFix as an antivirus solution, I see no problem with that as its features are rather useful for such a thing.  After all, it seems to be an automated version of your typical guide on the steps on how to remove an antivirus.  But recently I came across a person who offered this program as a solution for a rootkit.  Now I don't have much knowledge with this particular program's internals, but from their website information on how it works, features, and etc. I see absolutely no benefit from using this as a rootkit finder/killer.  Does anyone have any insight into this program as a rootkit solution?  This is, by all means, a discussion.  I will award points to the people who can provide the most informative information.  I tried to put this in an "ask the experts" section, but they told me to place it here.
LVL 4
TurboBorlandAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IndiGenusCommented:
The quick answer is yes, it will automatically remove many of the most recent nasty rootkits. The routine that cf runs is very thorough and extremely complex from my understanding. You would have to get inside of the head of the developer, sUBs, to know exactly what's going on.

To serve as an example, here is a link to a thread where cf removed the TDSSserv rootkit nicely. See post #9 for cf log.

http://www.geekstogo.com/forum/Google-Redirect-Virus-t241078.html&p=1550329

Hope that helps. It also offers the "Rootkit::" directive for removing them with a script, as you can see later in the thread.

Hope that helps you.

Regards,
Dave
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TurboBorlandAuthor Commented:
Thanks!  That link actually did answer my question.  It appears ComboFix incorporated a Windows rootkit detection system called GMER, http://www.gmer.net/.
0
IndiGenusCommented:
Great, glad I could help to clarify.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.