Avatar of jbobst
 asked on

Questions about Combofix.exe

I have been using combofix for a few years now, and I find that with heavily infected computers, combofix usually does the job better than anything else I have ever used.  In fact, I am extremely impressed by combofix and it's success rate.  There seem to be all sorts of warnings about using combofix as I hear it's known to crash machines on occasion, but of all the times I have used it I think I only had one computer that ever crashed after running combofix.  I am not even sure if combofix was the reason it crashed, but that was quite awhile back and I don't remember the specifics.

Because combofix "feels" like some guy just wrote the software in his garage and published it on the internet as free software (no offense to the creator of combofix or to guys who write software in their garage), I always feel a little leary about running it.  But other than that one suspicious time, combofix has always done the job for me.  So my question is, if it's possible for someone to write a program like combofix that does such a good job of removing difficult viruses and malware, why in the world hasn't some big company like Symantec (Norton) or McAfee published a tool like this and actually make money off of it?  Now, I am VERY happy combofix is free, but somehow running a software package from a "reputable" software company, with the resources that a company like a Symantec or McAfee has, just feels "safer" to me.  Now, I really despise Symantec and McAfee and calling them reputable is kind of a joke in my personal opinion.  I assume companies like Symantec and McAfee have a very large pool of software engineers who have all sorts of talents.  However, having used both Symantec and McAfee anti virus products in the past, I certainly have very little respect for their products.

What I am trying to ask is, why can't big companies with large budgets and probably hundreds of talented engineers make a product 10 times better than combofix?  All I see from the "big" name AV distributors is pretty crappy software.  Microsoft Security Essentials is free, and is my first choice for lightweight AV solutions.  You would think that Microsoft would have enough budget and talent to also create something like combofix, but maybe more user friendly and less "scary" and risky to use.

Is it simply that combofix is so risky to use, that major software manufacturers can't take the risk for fear of lawsuits or something like that if computers crash because of their software?
Anti-Virus AppsAntiSpam

Avatar of undefined
Last Comment

8/22/2022 - Mon
Dave Baldwin

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

I feel bad even mentioning it as if it is 'garage shop' software, as it really seems to do the job!  It has saved me HOURS of troubleshooting.  I was just trying to describe the feel of it, as I can't figure out why a "big" company wouldn't make something useful like this.  Instead, most Anti-Virus products really have no ability for really removing virus or even preventing them!
Dave Baldwin

The thing about anti-virus products is that the virus always comes first and then they race to catch up to it.  Avast has caught quite a few for me but it missed a rogue virus last year.  Which of course I cleaned out with Combofix and MalwareBytes.

I can understand that virus makers find new exploits to get their viruses in and AV makers have to react, but it just seems like in a computer environment, there should be some sort of way to detect code that wasn't originally installed or keep track of new code and isolate it better.  I imagine Combofix does this in some way or another, although I have no idea how or what combofix is actually doing behind the scenes.  With the great results that combofix has, I am just amazed it's not known by the masses and that there aren't other software tools constantly being written that mimic it's features (I think most IT people are aware of it obviously).
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

I suppose this had morphed into more of a discussion thread, and my original question is kind of answered, so I'll go ahead and assign point.  Thanks!

By the way, has anyone either published anything or has anyone ever "disassembled" combofix and figured out exactly what it is doing in the background?  If I knew more about what is really happening, maybe I wouldn't be so paranoid about using it more often.  As I mentioned before, I only had one suspect computer ever crash from it, but all the warnings and other postings I have read about it certainly worry me when I do have to run it.
Sudeep Sharma

Not for the points, since they are already assigned. I would like to add that for using Combofix one needs to evaluate its logs as well and then if required create CFScript.txt for further removal.

Now imagine, the current support provided by the McAfee and Symantec. Now if they could have Combofix or something similar to it, they would need the experts who are capable enough to analyze the CF logs and then create the CFScript and supply the same to their customers.

I don't think that's going to happen

SSharma,  I have used combofix probably 50 or more times, and I have never evaluated the logs or ever created a CFScript.txt.  I am sure that it would be beneficial to evaluate them, but in my experience (which is not much), combofix usually fixes the computer once it's done running.

I am not saying I have some vast experience with combofix or am skilled in any sort of advanced virus removal techniques.  I am just a very basic IT guy trying to figure out easy and simple ways to remove viruses, and combofix seems to remove most virus/malware without having to take further steps.  I understand that McAfee and Symantec wouldn't go to that level of personal support or detailed support, it just seems to me that they could easily create something along the lines of a combofix type program.  Maybe even have an automated log evaluation program or something.  It just seems strange that the "big" companies out there seem to have really nothing to offer in antivirus removal compared to the free products out there (like combofix and malwarebytes, etc.).
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.