Solved

Questions about Combofix.exe

Posted on 2012-03-16
7
1,285 Views
Last Modified: 2013-11-22
I have been using combofix for a few years now, and I find that with heavily infected computers, combofix usually does the job better than anything else I have ever used.  In fact, I am extremely impressed by combofix and it's success rate.  There seem to be all sorts of warnings about using combofix as I hear it's known to crash machines on occasion, but of all the times I have used it I think I only had one computer that ever crashed after running combofix.  I am not even sure if combofix was the reason it crashed, but that was quite awhile back and I don't remember the specifics.

Because combofix "feels" like some guy just wrote the software in his garage and published it on the internet as free software (no offense to the creator of combofix or to guys who write software in their garage), I always feel a little leary about running it.  But other than that one suspicious time, combofix has always done the job for me.  So my question is, if it's possible for someone to write a program like combofix that does such a good job of removing difficult viruses and malware, why in the world hasn't some big company like Symantec (Norton) or McAfee published a tool like this and actually make money off of it?  Now, I am VERY happy combofix is free, but somehow running a software package from a "reputable" software company, with the resources that a company like a Symantec or McAfee has, just feels "safer" to me.  Now, I really despise Symantec and McAfee and calling them reputable is kind of a joke in my personal opinion.  I assume companies like Symantec and McAfee have a very large pool of software engineers who have all sorts of talents.  However, having used both Symantec and McAfee anti virus products in the past, I certainly have very little respect for their products.

What I am trying to ask is, why can't big companies with large budgets and probably hundreds of talented engineers make a product 10 times better than combofix?  All I see from the "big" name AV distributors is pretty crappy software.  Microsoft Security Essentials is free, and is my first choice for lightweight AV solutions.  You would think that Microsoft would have enough budget and talent to also create something like combofix, but maybe more user friendly and less "scary" and risky to use.

Is it simply that combofix is so risky to use, that major software manufacturers can't take the risk for fear of lawsuits or something like that if computers crash because of their software?
0
Comment
Question by:jbobst
  • 4
  • 2
7 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 37731498
I think what you are seeing is that big companies don't put out anything unless they have studied and decided that they can make money from it... or that it has become a market requirement like adding anti-spyware features to the anti-virus.  Combofix already exists so the big companies can't make money on it cause it's free.  But I'll bet they all have copies of it.

The things that Combofix does and the places it looks represent some pretty sophisticated knowledge of Windows.  I never felt like it was 'garage shop' software.
0
 
LVL 1

Author Comment

by:jbobst
ID: 37731506
I feel bad even mentioning it as if it is 'garage shop' software, as it really seems to do the job!  It has saved me HOURS of troubleshooting.  I was just trying to describe the feel of it, as I can't figure out why a "big" company wouldn't make something useful like this.  Instead, most Anti-Virus products really have no ability for really removing virus or even preventing them!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 37731510
The thing about anti-virus products is that the virus always comes first and then they race to catch up to it.  Avast has caught quite a few for me but it missed a rogue virus last year.  Which of course I cleaned out with Combofix and MalwareBytes.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Author Comment

by:jbobst
ID: 37731524
I can understand that virus makers find new exploits to get their viruses in and AV makers have to react, but it just seems like in a computer environment, there should be some sort of way to detect code that wasn't originally installed or keep track of new code and isolate it better.  I imagine Combofix does this in some way or another, although I have no idea how or what combofix is actually doing behind the scenes.  With the great results that combofix has, I am just amazed it's not known by the masses and that there aren't other software tools constantly being written that mimic it's features (I think most IT people are aware of it obviously).
0
 
LVL 1

Author Comment

by:jbobst
ID: 37731530
I suppose this had morphed into more of a discussion thread, and my original question is kind of answered, so I'll go ahead and assign point.  Thanks!

By the way, has anyone either published anything or has anyone ever "disassembled" combofix and figured out exactly what it is doing in the background?  If I knew more about what is really happening, maybe I wouldn't be so paranoid about using it more often.  As I mentioned before, I only had one suspect computer ever crash from it, but all the warnings and other postings I have read about it certainly worry me when I do have to run it.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 37733145
Not for the points, since they are already assigned. I would like to add that for using Combofix one needs to evaluate its logs as well and then if required create CFScript.txt for further removal.

Now imagine, the current support provided by the McAfee and Symantec. Now if they could have Combofix or something similar to it, they would need the experts who are capable enough to analyze the CF logs and then create the CFScript and supply the same to their customers.

I don't think that's going to happen
0
 
LVL 1

Author Comment

by:jbobst
ID: 37738350
SSharma,  I have used combofix probably 50 or more times, and I have never evaluated the logs or ever created a CFScript.txt.  I am sure that it would be beneficial to evaluate them, but in my experience (which is not much), combofix usually fixes the computer once it's done running.

I am not saying I have some vast experience with combofix or am skilled in any sort of advanced virus removal techniques.  I am just a very basic IT guy trying to figure out easy and simple ways to remove viruses, and combofix seems to remove most virus/malware without having to take further steps.  I understand that McAfee and Symantec wouldn't go to that level of personal support or detailed support, it just seems to me that they could easily create something along the lines of a combofix type program.  Maybe even have an automated log evaluation program or something.  It just seems strange that the "big" companies out there seem to have really nothing to offer in antivirus removal compared to the free products out there (like combofix and malwarebytes, etc.).
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now