Virus And Malware Software Removal With ComboFix [Windows]

We at AddictiveTips are very keen on our system security. However, from time to time a malicious piece of software still manages to get its way through our defensive measures. It so happened with me that a rootkit managed to somehow get into my machine and infected the svchost.exe service. It proved more persistent than we had thought; none of our antiviruses, which included Avira, Avast, Microsoft Security essentials were able to remove that. All three detected the malware but proved useless in removing it. We even tried the excellent Malwarebytes’ Anti Malware tool, but of no avail.

When it seemed certain that I would have to re-install my entire operating system, we happened to come across this wonderful free tool called ComboFix, which surprisingly removed the malware completely. It is an advanced anti-malware software that scans a PC for major known malware types, and upon detection, attempts to automatically remove them. If the removal cannot be done by the software itself, it generates a high-level diagnostic report that can assist a trained professional in manually removing the virus.

Usage of ComboFix is advised for only those who have a higher degree of knowledge when it comes to Windows’ malware. While most of the times very harmless, it can seriously mess up your system if you don’t know what you are doing, and blindly follow the on-screen instructions.

In order to use ComboFix, download the executable and run it with administrator privileges. The authors advise to save the file directly to your desktop, but in my experience it worked fine from other locations as well. Please be advised that the software will close almost all your active windows without any proper warning, so make sure that you have saved your work and closed all windows before you begin. Also, disable any native anti-virus/anti-spyware software that may be running on your PC to avoid conflicts.

Once the ComboFix exe goes up and running, better leave your PC alone for a while so that the software can work in peace and doesn’t stall. If Windows gives you a certificate validation prompt, consider it normal and allow it to run, since the software does not have a digital signature. You should the first window like this (images courtesy of bleepingcomputer)

image

It will show you a disclaimer to which you have to agree. Doing that will begin ComboFix download to your computer.

image

Once download is complete, the software will create a restore point and begin scanning your computer. It may disconnect you from the internet and/or change your clock format, so don’t be alarmed if you see either of these things happening.


image

Depending on the type of malware detected, ComboFix will restart the machine and continue to work before loading the Windows operating environment. There are 50 stages through which the tool passes, so please be patient.

image

Once all stages are complete, the software will create a log file that contains all the diagnostic as well as action taken history. Afterwards, it will restore your internet connection and change clock back to normal.

image

ComboFix is a lightweight and excellent tool to help you out of situations where a restore of the entire system seems imminent. It is portable in that it doesn’t require any installation, but would take an active internet connection to download its updates. Best of all, it is free.

The system I tested it on was running genuine Microsoft Windows 7, x86 architecture.

For users’ assistance, bleepingcomputer has a thorough guide and dedicated forums for the usage of ComboFix.

Download ComboFix

Advertisement
  • http://fastforwardacademy.com/ enrolled agent

    Looks a lot like Smitfraudfix. Based on the GUi presented above, looks like a lightweight tool indeed. I'd try this one of these days.

  • Pingback: Remove Any Malware With The Power Of Custom Scripts

  • Pingback: Portable Virus And Malware Cleaner

  • Paul

    I’ve used ComboFix twice. The first virus was very sophisticated and sent my bank account username and password to someone (I found out because the FBI notified my bank of all their customers found on the guys computer and then they notified me. No money taken.) I couldn’t remove the virus for several weeks (which is why I was stupid enough to log in to my bank when I knew I had a virus – momentarily forgot…) until someone told me about ComboFix. The virus wouldn’t let me start ComboFix but by renaming it I was able to and it removed the virus. The second time I had to boot in safe mode to start ComboFix. It doesn’t look sophisticated with its DOS window interface, but it works.

  • Pingback: AVERT - Fix Virus Infected Windows 7 PC With Popular Antivirus Tools

  • Bob

    It says on the post that you tested ComboFix running on Windows 7, but when I run it on my laptop with Windows 7 it says ComboFix is only compatible with Windows XP.

  • Tom

    Bob, that’s correct. There’s no way this test was performed on a Windows 7 machine (unless it was hosting an XP VM). Also doesn’t work on 2008. However, ComboFix is AMAZING at what it does. It shouldn’t be considered a first line of attack. Use Malwarebytes’ for that. But for malware in those hard to reach places, ComboFix is the tool to use.

  • Nasser

    It says on the post that you tested ComboFix running on Windows 7, but when I run it on my computers with Windows 7 it says communt ComboFix is only compatible with Windows XP.

    • Ehiri72

      Just got through running it on my Win7 laptop. Worked great. You may want to make sure that it saves it into the (x86) directory in the Program Files so that it correctly emulates for 32x. I think I vaguely remember noticing that it tried to stick it in the regular program files but I knew it was a 32x exe file, so I switched it without thinking too much.

  • arun

    thanks