We at AddictiveTips are very keen on our system security. However, from time to time a malicious piece of software still manages to get its way through our defensive measures. It so happened with me that a rootkit managed to somehow get into my machine and infected the svchost.exe service. It proved more persistent than we had thought; none of our antiviruses, which included Avira, Avast, Microsoft Security essentials were able to remove that. All three detected the malware but proved useless in removing it. We even tried the excellent Malwarebytes’ Anti Malware tool, but of no avail.
When it seemed certain that I would have to re-install my entire operating system, we happened to come across this wonderful free tool called ComboFix, which surprisingly removed the malware completely. It is an advanced anti-malware software that scans a PC for major known malware types, and upon detection, attempts to automatically remove them. If the removal cannot be done by the software itself, it generates a high-level diagnostic report that can assist a trained professional in manually removing the virus.
Usage of ComboFix is advised for only those who have a higher degree of knowledge when it comes to Windows’ malware. While most of the times very harmless, it can seriously mess up your system if you don’t know what you are doing, and blindly follow the on-screen instructions.
In order to use ComboFix, download the executable and run it with administrator privileges. The authors advise to save the file directly to your desktop, but in my experience it worked fine from other locations as well. Please be advised that the software will close almost all your active windows without any proper warning, so make sure that you have saved your work and closed all windows before you begin. Also, disable any native anti-virus/anti-spyware software that may be running on your PC to avoid conflicts.
Once the ComboFix exe goes up and running, better leave your PC alone for a while so that the software can work in peace and doesn’t stall. If Windows gives you a certificate validation prompt, consider it normal and allow it to run, since the software does not have a digital signature. You should the first window like this (images courtesy of bleepingcomputer)
It will show you a disclaimer to which you have to agree. Doing that will begin ComboFix download to your computer.
Once download is complete, the software will create a restore point and begin scanning your computer. It may disconnect you from the internet and/or change your clock format, so don’t be alarmed if you see either of these things happening.
Depending on the type of malware detected, ComboFix will restart the machine and continue to work before loading the Windows operating environment. There are 50 stages through which the tool passes, so please be patient.
Once all stages are complete, the software will create a log file that contains all the diagnostic as well as action taken history. Afterwards, it will restore your internet connection and change clock back to normal.
ComboFix is a lightweight and excellent tool to help you out of situations where a restore of the entire system seems imminent. It is portable in that it doesn’t require any installation, but would take an active internet connection to download its updates. Best of all, it is free.
The system I tested it on was running genuine Microsoft Windows 7, x86 architecture.
For users’ assistance, bleepingcomputer has a thorough guide and dedicated forums for the usage of ComboFix.