What is ComboFix?
ComboFix is a free tool, created by sUBs, that scans your computer for some known malware and attempts to clean the infections. ComboFix also saves a report that can be used by trained helpers to remove malware that cannot be automatically removed by the program.
WARNING: This program should only be used under the supervision of an expert.
Download and install Comoboxfix.exe from any of the below given locations:
- Download and install Comoboxfix.exe from BleepingComputers
- Download and install Comoboxfix.exe from ForoSpyware
Before running ComboFix, follow the steps given below:
- Close all open windows.
- Close all running programs.
- Turn off any anti-virus and anti-spyware programs.
- Add ComboFix as an exception in your firewall or atleast disable the firewall temporarily.
- Save these instructions on your desktop to complete all the steps in an uninterrupted manner.
Now you are ready to execute ComboFix.exe so follow the instructions given below:
- Double click on ComboFix.exe. On double clicking ComboFix.exe, Windows will display a message box telling you that ComboxFix.exe doesn't possess a digital signature. Ignore this message by clicking Run (Continue on Windows Vista/7) button.
- You will see a small box showing combofix loading as shown in (fig.1.1).
- After that you'll see the disclaimer window showing the sites where the software can be downloaded as shown in (fig.1.2). Read it and press Yes to continue.
- Next will be a blue DOS window, which may ask you to download a newer version of ComboFix, if so then click Yes to download the newer version of Combofix. After downloading the newer version it will ask you to restart the ComboFix, click Yes. If a newer version of ComboxFix is downloaded then you will have to start from Step (2) again.
- If ComboFix does not update itself then you will see a blue DOS window with a message "Please Wait. ComboFix is preparing to run." as shown in (fig.1.3).
- At this point the program will create a System Restore Point and back up your registry in case anything goes wrong as shown in (fig.1.4).
- When the registry is fully backed up, ComboFix will look for Windows Recovery Console. If " Windows Recovery Console " is not found in your system then it will prompt you to have it installed as shown in (fig.1.5). Click Yes if this is the case. All you need to do for now is follow the instructions until a window appear and says "Congratulation!!! The Microsoft Recovery Console was successfully installed" and will ask you to continue scanning of Malware as show in (fig.1.6). Before ComboFix starts scanning, disconnect your system from the Internet. ComboFix can also do it itself and when ComboFix has finished it will automatically restore your Internet connection. Click Yes as shown in (fig.1.6) to allow ComboFix continue with scanning process. Scanning may take some time so please be patient. During scan the ComboFix will alter your clock format so do not be surprised as it is part of the process. ComboFix will restore your clock format after completion.
- At the time of writing this guide there are 50 stages of scan. The stages will scroll up with the time. The amount of stages can be different when you run it so do not be surpurized. See (fig.1.7).
- Combofix will attempt to delete the detected malware files, folders and registry items after completion as shown in (fig.1.8).
- After deleting the malware items ComboFix may restart your system, it is normal.
- After completing the deletion, ComboFix will attempt to create a log report as shown in (fig.1.9). You may also notice that your desktop is gone. Do not worry as this will be restored when the log report compilation is finished.
- Finally you will see a new message in the blue DOS window telling you that program is almost done. Wait for the log report to pop up, which will be saved at C:\ComboFix.txt as shown in (fig.1.10).
- When ComboFix has finished its log compilation work, it will automatically close the blue DOS window. The clock format will also return to normal. The log file will be displayed as shown in (fig.1.11).
- Now you can send this log file to any expert for analysis. In case you want us to review your log file, attach the log file to an email and send it to us at firstname.lastname@example.org