Solved

Questions about Combofix.exe

Posted on 2012-03-16
7
1,284 Views
Last Modified: 2013-11-22
I have been using combofix for a few years now, and I find that with heavily infected computers, combofix usually does the job better than anything else I have ever used.  In fact, I am extremely impressed by combofix and it's success rate.  There seem to be all sorts of warnings about using combofix as I hear it's known to crash machines on occasion, but of all the times I have used it I think I only had one computer that ever crashed after running combofix.  I am not even sure if combofix was the reason it crashed, but that was quite awhile back and I don't remember the specifics.

Because combofix "feels" like some guy just wrote the software in his garage and published it on the internet as free software (no offense to the creator of combofix or to guys who write software in their garage), I always feel a little leary about running it.  But other than that one suspicious time, combofix has always done the job for me.  So my question is, if it's possible for someone to write a program like combofix that does such a good job of removing difficult viruses and malware, why in the world hasn't some big company like Symantec (Norton) or McAfee published a tool like this and actually make money off of it?  Now, I am VERY happy combofix is free, but somehow running a software package from a "reputable" software company, with the resources that a company like a Symantec or McAfee has, just feels "safer" to me.  Now, I really despise Symantec and McAfee and calling them reputable is kind of a joke in my personal opinion.  I assume companies like Symantec and McAfee have a very large pool of software engineers who have all sorts of talents.  However, having used both Symantec and McAfee anti virus products in the past, I certainly have very little respect for their products.

What I am trying to ask is, why can't big companies with large budgets and probably hundreds of talented engineers make a product 10 times better than combofix?  All I see from the "big" name AV distributors is pretty crappy software.  Microsoft Security Essentials is free, and is my first choice for lightweight AV solutions.  You would think that Microsoft would have enough budget and talent to also create something like combofix, but maybe more user friendly and less "scary" and risky to use.

Is it simply that combofix is so risky to use, that major software manufacturers can't take the risk for fear of lawsuits or something like that if computers crash because of their software?
0
Comment
Question by:jbobst
  • 4
  • 2
7 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
Comment Utility
I think what you are seeing is that big companies don't put out anything unless they have studied and decided that they can make money from it... or that it has become a market requirement like adding anti-spyware features to the anti-virus.  Combofix already exists so the big companies can't make money on it cause it's free.  But I'll bet they all have copies of it.

The things that Combofix does and the places it looks represent some pretty sophisticated knowledge of Windows.  I never felt like it was 'garage shop' software.
0
 
LVL 1

Author Comment

by:jbobst
Comment Utility
I feel bad even mentioning it as if it is 'garage shop' software, as it really seems to do the job!  It has saved me HOURS of troubleshooting.  I was just trying to describe the feel of it, as I can't figure out why a "big" company wouldn't make something useful like this.  Instead, most Anti-Virus products really have no ability for really removing virus or even preventing them!
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
The thing about anti-virus products is that the virus always comes first and then they race to catch up to it.  Avast has caught quite a few for me but it missed a rogue virus last year.  Which of course I cleaned out with Combofix and MalwareBytes.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:jbobst
Comment Utility
I can understand that virus makers find new exploits to get their viruses in and AV makers have to react, but it just seems like in a computer environment, there should be some sort of way to detect code that wasn't originally installed or keep track of new code and isolate it better.  I imagine Combofix does this in some way or another, although I have no idea how or what combofix is actually doing behind the scenes.  With the great results that combofix has, I am just amazed it's not known by the masses and that there aren't other software tools constantly being written that mimic it's features (I think most IT people are aware of it obviously).
0
 
LVL 1

Author Comment

by:jbobst
Comment Utility
I suppose this had morphed into more of a discussion thread, and my original question is kind of answered, so I'll go ahead and assign point.  Thanks!

By the way, has anyone either published anything or has anyone ever "disassembled" combofix and figured out exactly what it is doing in the background?  If I knew more about what is really happening, maybe I wouldn't be so paranoid about using it more often.  As I mentioned before, I only had one suspect computer ever crash from it, but all the warnings and other postings I have read about it certainly worry me when I do have to run it.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
Comment Utility
Not for the points, since they are already assigned. I would like to add that for using Combofix one needs to evaluate its logs as well and then if required create CFScript.txt for further removal.

Now imagine, the current support provided by the McAfee and Symantec. Now if they could have Combofix or something similar to it, they would need the experts who are capable enough to analyze the CF logs and then create the CFScript and supply the same to their customers.

I don't think that's going to happen
0
 
LVL 1

Author Comment

by:jbobst
Comment Utility
SSharma,  I have used combofix probably 50 or more times, and I have never evaluated the logs or ever created a CFScript.txt.  I am sure that it would be beneficial to evaluate them, but in my experience (which is not much), combofix usually fixes the computer once it's done running.

I am not saying I have some vast experience with combofix or am skilled in any sort of advanced virus removal techniques.  I am just a very basic IT guy trying to figure out easy and simple ways to remove viruses, and combofix seems to remove most virus/malware without having to take further steps.  I understand that McAfee and Symantec wouldn't go to that level of personal support or detailed support, it just seems to me that they could easily create something along the lines of a combofix type program.  Maybe even have an automated log evaluation program or something.  It just seems strange that the "big" companies out there seem to have really nothing to offer in antivirus removal compared to the free products out there (like combofix and malwarebytes, etc.).
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now