[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Questions about Combofix.exe

Posted on 2012-03-16
Medium Priority
Last Modified: 2013-11-22
I have been using combofix for a few years now, and I find that with heavily infected computers, combofix usually does the job better than anything else I have ever used.  In fact, I am extremely impressed by combofix and it's success rate.  There seem to be all sorts of warnings about using combofix as I hear it's known to crash machines on occasion, but of all the times I have used it I think I only had one computer that ever crashed after running combofix.  I am not even sure if combofix was the reason it crashed, but that was quite awhile back and I don't remember the specifics.

Because combofix "feels" like some guy just wrote the software in his garage and published it on the internet as free software (no offense to the creator of combofix or to guys who write software in their garage), I always feel a little leary about running it.  But other than that one suspicious time, combofix has always done the job for me.  So my question is, if it's possible for someone to write a program like combofix that does such a good job of removing difficult viruses and malware, why in the world hasn't some big company like Symantec (Norton) or McAfee published a tool like this and actually make money off of it?  Now, I am VERY happy combofix is free, but somehow running a software package from a "reputable" software company, with the resources that a company like a Symantec or McAfee has, just feels "safer" to me.  Now, I really despise Symantec and McAfee and calling them reputable is kind of a joke in my personal opinion.  I assume companies like Symantec and McAfee have a very large pool of software engineers who have all sorts of talents.  However, having used both Symantec and McAfee anti virus products in the past, I certainly have very little respect for their products.

What I am trying to ask is, why can't big companies with large budgets and probably hundreds of talented engineers make a product 10 times better than combofix?  All I see from the "big" name AV distributors is pretty crappy software.  Microsoft Security Essentials is free, and is my first choice for lightweight AV solutions.  You would think that Microsoft would have enough budget and talent to also create something like combofix, but maybe more user friendly and less "scary" and risky to use.

Is it simply that combofix is so risky to use, that major software manufacturers can't take the risk for fear of lawsuits or something like that if computers crash because of their software?
Question by:jbobst
  • 4
  • 2
LVL 84

Accepted Solution

Dave Baldwin earned 1000 total points
ID: 37731498
I think what you are seeing is that big companies don't put out anything unless they have studied and decided that they can make money from it... or that it has become a market requirement like adding anti-spyware features to the anti-virus.  Combofix already exists so the big companies can't make money on it cause it's free.  But I'll bet they all have copies of it.

The things that Combofix does and the places it looks represent some pretty sophisticated knowledge of Windows.  I never felt like it was 'garage shop' software.

Author Comment

ID: 37731506
I feel bad even mentioning it as if it is 'garage shop' software, as it really seems to do the job!  It has saved me HOURS of troubleshooting.  I was just trying to describe the feel of it, as I can't figure out why a "big" company wouldn't make something useful like this.  Instead, most Anti-Virus products really have no ability for really removing virus or even preventing them!
LVL 84

Expert Comment

by:Dave Baldwin
ID: 37731510
The thing about anti-virus products is that the virus always comes first and then they race to catch up to it.  Avast has caught quite a few for me but it missed a rogue virus last year.  Which of course I cleaned out with Combofix and MalwareBytes.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 37731524
I can understand that virus makers find new exploits to get their viruses in and AV makers have to react, but it just seems like in a computer environment, there should be some sort of way to detect code that wasn't originally installed or keep track of new code and isolate it better.  I imagine Combofix does this in some way or another, although I have no idea how or what combofix is actually doing behind the scenes.  With the great results that combofix has, I am just amazed it's not known by the masses and that there aren't other software tools constantly being written that mimic it's features (I think most IT people are aware of it obviously).

Author Comment

ID: 37731530
I suppose this had morphed into more of a discussion thread, and my original question is kind of answered, so I'll go ahead and assign point.  Thanks!

By the way, has anyone either published anything or has anyone ever "disassembled" combofix and figured out exactly what it is doing in the background?  If I knew more about what is really happening, maybe I wouldn't be so paranoid about using it more often.  As I mentioned before, I only had one suspect computer ever crash from it, but all the warnings and other postings I have read about it certainly worry me when I do have to run it.
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 37733145
Not for the points, since they are already assigned. I would like to add that for using Combofix one needs to evaluate its logs as well and then if required create CFScript.txt for further removal.

Now imagine, the current support provided by the McAfee and Symantec. Now if they could have Combofix or something similar to it, they would need the experts who are capable enough to analyze the CF logs and then create the CFScript and supply the same to their customers.

I don't think that's going to happen

Author Comment

ID: 37738350
SSharma,  I have used combofix probably 50 or more times, and I have never evaluated the logs or ever created a CFScript.txt.  I am sure that it would be beneficial to evaluate them, but in my experience (which is not much), combofix usually fixes the computer once it's done running.

I am not saying I have some vast experience with combofix or am skilled in any sort of advanced virus removal techniques.  I am just a very basic IT guy trying to figure out easy and simple ways to remove viruses, and combofix seems to remove most virus/malware without having to take further steps.  I understand that McAfee and Symantec wouldn't go to that level of personal support or detailed support, it just seems to me that they could easily create something along the lines of a combofix type program.  Maybe even have an automated log evaluation program or something.  It just seems strange that the "big" companies out there seem to have really nothing to offer in antivirus removal compared to the free products out there (like combofix and malwarebytes, etc.).

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question