ComboFix is a program written by sUBs, that removes spyware, malware, rogue antispyware apps and Vundo infections. Also it deletes a bunch of files related to the infections and is updated fairly regularly. When Combofix finished, it will produce a report for you. Power user can use the report to search and remove infections that are not automatically removed.
How to use combofix:
Please use the official ComboFix guide bleepingcomputer.com/combofix/how-to-use-combofix or the following steps:
1. Temporarily disable your antispyware, antivirus and any antimalware real-time protection, so they may interfere with running of ComboFix.
2. Download Combofix.
Download combofix from the direct link above and save it to your Desktop.
3. Install Recovery console. (only Windows XP)
Skip the step, if the Windows Recovery Console is already installed.
- If you have Windows XP disk, then read the article: How to install and use the Windows XP Recovery Console.
- You should know version of Windows. Right click the My computer icon. Click Properties. In the window read information about your Windows version.
- Click here for open Microsoft’s website.
- Scroll down.
- Select the download that’s appropriate for your operating system and download setup boot disk installation to your Desktop. Use Service pack 2 version, if your Windows XP is Windows XP Service pack 3.
- Now close all open windows and programs.
- Drag the setup package and drop onto ComboFix.exe.
- Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
- At the next prompt, click ‘Yes’ to run the full ComboFix scan.
- When the tool is finished, it will produce a report for you.
4. Run combofix.
- Close all programs. Your Task Bar should be clear of any program entries including your Internet Browser.
- Double click Combofix.exe icon on your Desktop to start it.
- If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if no, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:
The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit
Click YES button.
- The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.
- When finished, it shall produce a log for you.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
Questions and Answers:
1. I ran combofix which can affect autorun so now autorun and autoplay is not working.
Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. Read how to disable/enable autorun and autoplay.
2. No internet connection after running Combofix.
Restart your computer to restore back your connection. If it does not work, then click Start ->Settings -> Control Panel. Double click to Network connections. Locate your connection and right click on it. In the menu click to Repair option. When repair proccess has finished, your connection should be working again.
3. I ran combofix and got error message saying “This copy of combofix has expired”.
Download an updated copy from here or change your PC system time to some days ago (7days for example). Warning, only if first option don`t work.
4. How to uninstall combofix.
After using Combofix, you may uninstall it from your PC. Read how to uninstall combofix.
5. What should i do with QooBox and Combofix files ?
Use command: combofix /uninstall for uninstalling of combofix and removing all combofix files and QooBox directory. Read more here
6. Combofix is virus ?
No, No, No. Some security programs will incorrectly identify this tool as potentially or actually malicious due to some of it’s components. Although these files can be used maliciously, they are an integral part of the fix and I recommend you disable your antivirus.
I strongly suggest that you post your log at My AntiSpyware Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Help Forum Staff.