Can Running ComboFix Make the Situation Worse?

I have used ComboFix multiple times to successfully clean PCs infected w/ malware. However, in the past 2 months I had two separate experiences where running ComboFix seems to have cause the systems to become even slower & more unstable than they were originally. In both cases, they were older laptops (about 5 years old) running Windows XP Home w/ SP2 or SP3.

Has anyone else experienced this?
Who is Participating?
B HConnect With a Mentor Commented:
usually i go in an order like this - of course it varies depending on what symptoms are present

1. kill all running processes that dont belong there - if one keeps coming back, make a note of it
2. check the common regedit startup locations (user/machine/winlogon-notify) and liberally delete things (adobe, java, viruses, etc)
3. kill the common temp places: locals~1\temp, locals~1\tempor~1, windows\temp, windows\prefetch
4. kill anything weird in programfiles
5. run malwarebytes (goes faster after 1-4 above
6. deal with anything left over, like a repeating process from #1
     (find that process on the drive, loop a batch file "del %1, if exist repeat, if not exist quit" while ending the process manually, that way it really really goes away
7. if symptoms are still present (popups, clickjacks, redirects, etc) then we have to use tdsskiller
8. if symptoms are still present, it's a driver that tdsskiller can't get so at that point, combofix slash repair install
9. i've had things live thru a repair install - well not necessarily live past but the network drivers were still destroyed because one virus might like to change all your windows/inf files - at that point it's easier to just format/reinstall

that whole process 1-7 above usually takes me about 20-30 minutes depending on temp files.  combofix can be another 30 minutes.

after i'm confident the machine is clean, i'll usually recommend the client buy malwarebytes so we can leave it auto-run, auto-update, auto-scan, auto-delete, while watching connections 24x7.  i'll also remove whatever crap antivirus they used to have (usually norton) and replace it with the free version of avast - then i'll set avast to auto-chest > auto-delete without asking and without notification - so the user can't accidentally let the virus live next time.

if time allows i'll get them on the right track with microsoft updates, or at least leave them a text document on how to perform basic maintenance.  if they're really nice i'll go a few extra steps and ccleaner their registry and set them up with defragller (god forbid they install it themselves, with all those "optional" checkmarks installing more junk)

in some extreme cases i'll start adding keywords to the avast url block list, like limewire, frostwire, bearshare, etc.

the first time i see limewire caused it, i tell the kid "next time i delete all you're music" and that's usually good... and explain why to their parents.  but if i have to go back after that, i'll make sure they don't get any allowance for a few months - never had to go back after that.
B HCommented:
sometimes that happens - combofix does a lot... but usually only good things.  

you can have situations where combofix removes a virus that was so embedded, that windows is never the same without the virus.  in some cases, if the virus was a device driver, windows might not even boot up anymore

i haven't seen anything that i can nail down to a specific OS service pack or update, or even specific viruses... just seems to be case by case, you just never know.

i only run combofix when everything else fails, it's either combofix or a reinstall anyway, so can't hurt that much if i've already blocked out the time to do a reinstall
Sudeep SharmaTechnical DesignerCommented:
There could be some other reason(s) for system to go slow, however I have never seen Combofix causing system to slow down.

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

anuneznycAuthor Commented:
Bryon, curious to know what other anti-spyware programs you run and in what order. In the past I have successfully used Malware Bytes to remove spyware, but in some cases had to also run ComboFix to clean infections that MB did not remove. But now that I've had these 2 negative experiences, thinking I should take your approach and only run CF as a last resort.
JonveeConnect With a Mentor Commented:
You should find this article by rpggamergirl helpful>

See under sub-heading "Download the Tools and start the cleanup".  
Some users may opt for not initially running Cleaners(or not even at all) and starting with Malwarebytes, leaving ComboFix until last (as you intimated).

My own more recent thoughts are to run Malwarebytes, followed by Hitman Pro 3 a 'Second Opinion Malware Scanner'    
which uses Scan Cloud ....well worth reading this whole article:
Further thoughts ... imho i believe that running ComboFix does present a ~very slight~ risk to a system, but it's a risk worth taking especially when a machine is suspected to be quite infected ....but i'm not aware of any slowness caused by running ComboFix, and it has to date proved to be an excellent tool ... i think of it as being 'one of the big guns' perhaps!
B HCommented:
in my first comment where i said :sometimes that happens - combofix does a lot... but usually only good things.  

the intent was "combofix does a lot of things" and not "combofix fails a lot".  combofix is a great tool, but it does have a small percentage of a chance to do more harm than good.  which is probably why you have to keep re-downloading it, since the authors made it expire every few days.

i had one users who was like "wow leave me that program i'll run it every day" i was like, no.

i do it in my order above more because if combofix is going to take 30 minutes anyway, i may as well do it by hand so i can see any other issues along the way... and if that fails, then run combofix which is helpful most of the time

i didnt mention disabling system restore but that's up there too pretty early in the list - i usually don't re-enable it because i can count on one finger all the times it actually worked.
rpggamergirlConnect With a Mentor Commented:
I can't see why running ComboFix would caused the system to slowdown, it has to be something else.
ComboFix removes itself and its files including the backup upon its uninstallation. And yes it's not recommended that ComboFix be kept in the system for safety reason, so there is no chance for the user having to run an outdated ComboFix.

It is much safer to run tools like MalwareBytes, ComboFix etc than doing a manual removal of any infection first, because if you missed their loading points the PC may not boot, whereas using tools like ComboFix it is designed with safety nets.
It actually has more safety nets than most tools,that's why there are times when ComboFix will not try and remove a particular malware unless RC is installed.

It is often advised to be used as a last resort mainly because it's not a generic "cure all" scanner, CF sometimes needs a script to finish the removal. That's why it's supposed to be used only under guidance by a Helper
ComboFix was created to aid malware Helpers in removing malware when other scanners fail.
jasonlcssConnect With a Mentor Commented:
After running Combofix, I usually run ccleaner as it cleans out all "dead links" in your registry as well as cleans out all your temp data from your temp folders, this I have found speeds up the PC's quite a bit.

Heres a download link:
anuneznycAuthor Commented:
Thanks to everyone who posted their comments. Yeah, I don't know what happened in these 2 instances, but running CF definitely caused the system to slow down even more. Granted, both systems had Windows XP installs that were over 5 years old, which means they were slow & unstable to begin with, but it got worse after CF did its thing.

I'm starting to think that from now on, if I come across a client system w/ a XP install more than 4 yrs old, I'm going to insist on a "backup, wipe & reinstall" approach. Just seems that XP (not to mention Vista) simply become too bloated & unstable after 4 years of use.
Ccleaner would have removed alot of the backup built up over the years...try it you have nothing to loose.
anuneznycAuthor Commented:
I'm skeptical of the actual value of registry cleaners, but I suppose I could give it a try.
B HCommented:
ccleaner does a really decent job, and it DOES ask you if you want to make a backup.reg file of what's going to be whacked.  if bad things happen after the reboot, just click the backup.reg file that was created in 'mydocuments' and it'll put them all back in there
anuneznycAuthor Commented:
Thank you all.
anuneznycAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.