Safe Mode Scans for ComboFix & MBAMQuestion:
(New version of the old question http://www.experts-exchange.com/Q_24860646.html
The intent of this string is to provide mutual support for the proper use of ComboFix & MBAM applications.
We frequently see the mistake of suggesting "Safe Mode" as a starting point for these tools and we need to do what we can to stop that recommendation.
Both products are created for "Normal Mode" operation and they are more effective when it is done so.
I fully realize that there are times when a system will only boot to Safe Mode, so obviously that is how you have to do it - in that situation.
The developers of both products recommend "Normal Mode" to run the programs they created. That should be the only STARTING recommendation we make on this site.
When you see someone making this recommendation, please ask them to join us here. It will help avoid cluttering real questions with a lot of back and forth about procedures.
(The short URL for this string is: http://www.experts-exchange.com/Q_26896002.html
A good reference from the MBAM Member Forum - a good discussion about how MBAM works and why "Normal Mode" is recommended:
NOTE FOR THOSE WHO KEEP MISSING THE POINT:
At no point have I ever hinted at saying your should NEVER run either program in "Safe Mode". There are times when we need to try every damn trick in the book to fix a problem - or even throw the book out the window.
Virus & Spyware
THE RECOMMENDED "CF" POST (please give attribution to rpggamergirl when using)
Please download ComboFix by sUBs:(and attach the resulting log) http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run, re-download and rename before saving to your desktop - use the "Save As" function)
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by
pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix.
Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF
completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the ComboFix tutorial which includes the installation of the Recovery Console:
When finished with the question, don't forget this:
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
Recent comment from rpggamergirl
"Here's my .02 with regards CF and MBAM.
Many people believe that running CF or MBAM from Safe Mode is better, but that's not true because
CF and MBAM are optimized to run from Normal mode, that's where they work best. Running in Safe
Mode is only necessary if users have trouble loading Windows in normal mode, or in special cases
where CF or MBAM just won't run successfully in normal mode.
Yes, ComboFix doesn't like it when AVG or CA Internet Security Suite is installed in the system so
the user must uninstall this first before running CF.
Sometimes even when AVG is already uninstalled but its folder is still present CF may still
complain so the AVG folder needs to be deleted.
ComboFix also pops up alert if an AVG entry in the WMI is present (you can remove its entry
following the steps in one of my articles) or you can just ignore it and ComboFix will still run.
ComboFix in Windows 2003 Server:
We should not be recommending CF to be run in systems other than those CF is designed for.
CF will run in 2003 Standard Server but doing that is a big risk to take... Things have gone wrong
when CF is run in the systems it is designed for, so how much likely things could go wrong if we
disregard the author's instructions?
sUBs doesn't even want users using ComboFix without a Helper who is trained to use the tool."