Runasdate 64 bit instructions like

How ComboFix is ​​used

introduction

ComboFix is ​​one of sUBs A program created which scans the PC for known malware and tries to remove it if it finds anything. In addition to being able to remove a large number of current and known malware, ComboFix creates a log file when the run is finished. This log file contains a large amount of information that an experienced and trained helper can use to diagnose and remove infections that would normally not be removed automatically.

Combofix currently runs on the following Windows versions:

  • Windows XP (32-bit only)
  • Windows Vista (32-bit / 64-bit)
  • Windows 7 (32-bit / 64-bit)
  • Windows 8 (32-bit / 64-bit)
Windows 8.1 and Windows 2000 are NOT supported by ComboFix.

You should not run Combofix unless you have been specifically instructed to do so by a trained helper. In the course of the enormous capabilities of this program will also highly recommendedthat you do not try to work on your own with the information presented by ComboFix without the supervision of a trained helper. If this is the case, there may be problems with the functionality of the computer.

Note that ComboFix will delete files from the following directories:

  • Windows recycle bin
  • Temporary internet files
  • Temporary files
If there are files in one of these directories that you want to keep, you should copy them to another non-temporary directory before running ComboFix. Saving data in temporary directories is generally not recommended.

Please note that this tutorial is the only authorized tutorial for using ComboFix and that it may not be copied without permission from BleepingComputer.com and sUBs. Furthermore, you use ComboFix at your own risk.

Those who want to support the author's work can do so via the author's PayPal account. You can get to his PayPal account by clicking on the following picture.


Use ComboFix

If you need help removing malware, please post a topic on one of the forums listed later in this tutorial and ask for help. Please note that each forum has different guidelines. So read any pinned topics and rules for the respective forum beforehand, which explain how you should proceed when creating a new topic and how you can get help there. If a ComboFix log has been requested by a trained helper, please create this using the instructions listed here.

First you should print out this tutorial, as we will close all open windows and programs, including your web browser, before starting ComboFix.

Next, you should download Combofix from one of the following URLs:

To download ComboFix, simply click on one of the links above and on the page that opens please click on the link to download ComboFix. If you click on the link, you will be prompted similar to the following pictogram.

 


Request to save ComboFix

 

Click on to save and when asked for the location, make sure you have ComboFix on the Desktop save The dialog box is similar to the following illustration.

 


Save ComboFix on the desktop

 

If you have set the "Save As" screen so that ComboFix.exe is saved on the desktop, click on to save. ComboFix will now be downloaded to your PC. If you are using a modem, this can take several minutes. When ComboFix has finished downloading, you will find a pictogram on your desktop that is similar to the following.

 


ComboFix pictogram

We are almost ready to start ComboFix. First, however, we must take a few precautions so that there are no conflicts with other programs when ComboFix is ​​running. At this point, you should do the following:

  • Close all open windows, including this one.
  • Close or disable any running anti-virus, anti-spyware, and firewall programs as these may prevent ComboFix from running properly. Instructions on how to disable the programs can be found in this topic.

As soon as these two steps have been carried out, double-click on the ComboFix pictogram, which you should now find on the desktop. Once you have done this, you should not click anywhere as this can hang the ComboFix. Better still, as long as ComboFix is ​​running, do nothing with your PC and just take a short break, as it can take a while for ComboFix to finish.

As soon as you double-click on the pictogram, you may see the following request.

 


Windows open file security warning

 

Windows shows this request because ComboFix does not have a digital signature. This is perfectly normal and safe you can go on Execute click to continue. If you are using Windows Vista or Windows 7 and a user account protection prompt appears asking whether you want to continue executing this file, click on Continue.

You will now find the ComboFix disclaimer, which looks like this.

 


ComboFix disclaimer

 

Please read the disclaimer and if you do not agree, click on Noto exit the program. Otherwise click Yes to continue. If you have decided to continue, Combofix will now install itself on your PC. When it's done, a blue screen will appear as follows.

 


ComboFix prepares to run

 

ComboFix is ​​now preparing for execution and when it is finished it will automatically try to create a restore point so that in the event of any problems using this program it will be able to fall back on the previous settings. When ComboFix is ​​done creating the restore point, it will make a backup of your registry as illustrated in the following image.

 


ComboFix creates a backup of the registry

 

After the Windows registry backup is complete, ComboFix will attempt to determine if the Windows Recovery Console is installed. If you've already installed it, you can jump to this section and continue reading. Otherwise you will get the following message:

 


ComboFix recovery console

In the message window above, please click on the Yes Button to let ComboFix continue. Please follow the instructions and steps shown by ComboFix to complete the recovery console installation. As soon as it is installed, you will see the following message window.


ComboFix Recovery Console Done

 

You should be up now Yes click to continue. If at any point during the installation of the recovery console a message appears that the installation has failed, please let ComboFix continue with the search on your PC. When it's done and the log has been created, you can use the manual installation of the recovery console proceed by following the linked instructions.

ComboFix will now disconnect the PC from the Internet. So don't be concerned or surprised if you get a message that your internet connection has been cut. When ComboFix is ​​done, it will automatically reconnect to the internet.

ComboFix will now start the search and search for known infections. This procedure can take some time, so please be patient.

 


ComboFix searches the PC for infections

 

While the program is looking for infections, it will change your time format. When ComboFix is ​​done with the run, it will reset the time format to its original state. So there is no need to worry here either. You will also see the text in the ComboFix window update regularly as it progresses through the various sections. An example of this can be seen in the following picture.

 


Sections of the ComboFix autoscan

 

At the time of this writing, there are 41 sections, as illustrated in the image below. So please be patient. The number of sections will increase over time. So don't be concerned if the number of sections in your search is different.

 


41. Section of the ComboFix autoscan

 

When ComboFix finishes running, you will see a screen telling you that a log file is being created. See the following illustration as an example.

 


ComboFix prepares a log file

 

This can take a while. So still be patient. If you see your Windows desktop disappear for a short time, don't worry. This is normal as ComboFix will restore your desktop when it finishes scanning. Eventually you will see a screen telling you that ComboFix is ​​almost ready and also telling you that the ComboFix log or report under C: \ ComboFix.txt can be found. An example of this is as follows.

 


ComboFix is ​​almost ready!

 

When ComboFix is ​​done, it will automatically close the program and restore your watch to its original format. It will then automatically display the report or log file for you. An example of this looks like this.

 


ComboFix log file

 

You should now post this report or the log as an answer in your topic in which you were asked to run ComboFix. Your helper will now analyze the report and then let you know what you should do next for them. If you have problems connecting to the internet after running ComboFix, please read


How to uninstall Combofix

Please note that when you uninstall Combofix, all backups and quarantined files that were moved there during ComboFix scans will be deleted. Therefore only uninstall ComboFix if you are one hundred percent sure that your PC is running correctly and that you no longer need any of the files that were backed up or quarantined.

Please carry out the following steps to uninstall Combofix from Windows XP::

Click on Start () and then choose in the menu Execute. This will open the following dialog box:


Windows XP Run Dialog

In the field Open: please enter the following combofix / uninstallas shown in the picture above. Please make sure there is a space between Combofix and / uninstall is. As soon as you have entered this, please click on OK. A security warning will appear, this is perfectly ok and a Microsoft security measure. Please click here Execute to start the program.

ComboFix will now uninstall itself and remove all backups and quarantine files. When ComboFix is ​​finished, you will be confronted with a pictogram that confirms that the ComboFix has been successfully removed. You can now ComboFix.exe from your computer. ComboFix has now been successfully uninstalled from your Windows XP PC.

Please carry out the following steps to uninstall Combofix from Windows Vista / 7:

Click on Start () and then type in the search field combofix / uninstallas in the pictogram under this text with the blue arrow. Please make sure there is a space between Combofix and / uninstall is.


Windows 7 start menu

 

As soon as you have entered this, confirm with Enter. A security warning will appear, this is perfectly ok and a Microsoft security measure. Please click here Execute to start the program.

ComboFix will now uninstall itself and remove all backups and quarantine files. When ComboFix is ​​finished, you will be confronted with a pictogram that confirms that the ComboFix has been successfully removed. You can now ComboFix.exe from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

 

Manual restoration of the internet connection.

It is possible that ComboFix solved your problems even with the first search. However, we strongly recommend that you add the log to your created topic anyway and your helper analyzes the log further, as it is very likely that there are still remnants of your infection on the PC that still need to be removed.


Forums that offer help to analyze ComboFix logs

Below is a list of forums where you can post your log files and get authorized help from helpers who know how to use ComboFix and are trained in log analysis. We have categorized the forums by language as ComboFix is ​​used internationally.


Manual installation of the Windows Recovery Console

If the automatic installation of the recovery console did not work, you should follow the steps listed here to install it manually. The Windows Recovery Console allows you to boot into a special recovery mode, which allows us to help you if your PC has problems after attempting to clean up malware. If you are using Windows XP and have a Windows CD, you can follow the instructions in the following tutorial.

How to Install and Use the Windows XP Recovery Console

Windows Vista and Windows 7 users do not have a Windows Recovery Console, but instead have a Windows recovery environment program. This new recovery program is sometimes preinstalled by the PC manufacturer and can then be accessed via the Windows boot menu. For those who do not have this preinstalled, the Windows DVD must be booted in order to access the Windows recovery environment.

For more information on how to access the Windows recovery environment in Windows 7 and Windows Vista, please read the following tutorials:

How to Use Command Prompt in Windows Vista Recovery Environment.
How to use the Windows 7 command prompt of the Windows 7 recovery environment

If you're using Windows XP and don't have a Windows CD handy, ComboFix includes a method by which the Recovery Console can be installed by downloading a file from Microsoft. To install the Recovery Console without using a Windows CD, please follow these instructions.

  1. Click on the following link to go to Microsoft's website:

    http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=13&y=11

  2. Navigate on this page and click on the download corresponding to your Windows XP version (Home or Professional) and Service Pack. When you click the link to download the file, make sure the file is saved to your desktop. If you are using Windows XP Service Pack 3 (SP3), choose the Service Pack 2 download. If you are unsure which version of Windows you are using and which service pack is installed, work through the following instructions to find out.

    1. Click on begin
    2. Click on Execute ...
    3. By doing Open: Field enter the following: sysdm.cpl and click on OK.
    4. A screen will open showing information about the installed system. Under the category System: you should find the Windows version and the installed service pack. If you have now made a note of your system and the service pack, go along step 2 away.

  3. As soon as the Microsoft file has finished downloading, you should drag it onto the ComboFix pictogram and release your mouse button. This is illustrated in the following graphic.






  4. ComboFix will now automatically install the Windows Recovery Console on your PC and it will appear as a new option when the PC boots up. Only select restoration if you have been instructed to do so by an experienced helper.

As soon as the Windows Recovery Console is finished with the installation, ComboFix will start a command prompt in which it will confirm the installation of the Recovery Console. Furthermore, Combofix will ask if you want to continue with a search. If you want to do this, click "Yes" and continue reading the tutorial from here. Otherwise just follow the tutorial as described below.



Manual restoration of the internet connection

If by chance you no longer have an internet connection after running ComboFix, the first thing you should try is to restart your PC.This step alone should resolve most of the Internet connectivity problems after running ComboFix. However, if you still have no internet connection after restarting your computer, please follow these steps:

  1. Click on begin.
  2. Click on the Settings-Menu option.
  3. Click on Control panel.
  4. When the Control Panel opens, double-click it Network connections-Pictogram. If your Control Panel window is set to Category View, then click Network and internet connections and then on Network connections in the lower category: or a control panel icon.
  5. You will now see a list of the available network connections. Navigate to your LAN or wireless connection and right-click on it.
  6. You will now see a menu similar to the following picture. Just click Repair.



    Repair the internet connection


  7. Let the repair process go through and when it's done your internet connection should be working again.

Alternatively, if your network icon is on the Windows taskbar, you can simply right-click on it and Repair choose. See the following illustration as an example of this.


Repair the internet connection using the taskbar icon


If you are still having problems with your internet connection after following these two steps, the best place to go is to ask for help in our forums.

  • Created: January 4, 2008 3:55 PM
  • Last Updated: May 24, 2011 7:19 PM