ComboFix (which you can download directly here) has been floating around the Internet for a couple of years now, and has been recommended by security pros as a tool of last resort when dealing with some of the more frustrating entanglements with viruses and malware. As these have been on the rise where I work lately — about a new infection every other week now — finding the right malware killer for the job can be tricky.
Among some of the better ones are Malwarebytes.org's Anti-Malware, Spybot's Search & Destroy (if for the Hosts blacklist update alone!), Avast! Antivirus, McAfee's Stinger, Vipre Antivirus, Trojan Remover, SuperAntiSpyware, and CCleaner (mainly for cleaning up the leftovers). But just a couple weeks ago we ran into a system that had a variant of the Backdoor.bot Trojan on it that was finding ways around all of these tools and popped back up to redirect Google search results within a matter of minutes of a cleaning we thought had finally expunged the unwanted code. It's worth mentioning that we have Symantec Endpoint Security running on these machines, and while it occasionally quarantined an infected file, it wasn't doing a damn thing about the root of the problem, which has generally been my experience of late with Norton/Symantec: great at telling you something's wrong, but worthless at doing anything about it. Not at all worth the asking price.
Finally a co-worker reminded me of ComboFix. I figured it was worth a shot, though I hadn't personally had to use it or had any experience with it working on systems at home. The Windows XP system in question was particularly hard to clean because whenever we'd try to boot into Safe Mode to clean with minimal drivers and other software loaded, we'd just get an unsightly blue screen of death.
After running ComboFix — which only takes a few minutes — it spat out a text file with a result of everything it had found and done to resolve those items. Lo and behold, one of the .sys files required for Windows to boot into Safe Mode had been corrupted by the Trojan as a self-preservation mechanism. I swear, the bugs and the miscreants making them are getting smarter all the time. After spending days upon days running scans with a dozen other programs, ComboFix was the one that finally cleaned its clock and got the system back to where it needed to be. No more redirections. No more unexpected pages of porn coming up while at the office.
In the weeks since, I've gradually eroded my approach from my standbys (many of the programs mentioned above, which are still excellent at what they do), heading straight to ComboFix, which seems to get the job done right the first time more often than not, and quickly. Everything to altered home pages and redirections to scareware popup warnings and extremely bogged down system performance, it's tidied up every one of them.
It's not a tool to be used haphazardly, as the how-to on BleepingComputer.com warns (if you're not a truly savvy PC user, I don't recommend going in blind), but if all else fails and the Geek Squad tells you there's no other recourse than to wipe your hard drive, this would be a great time to give ComboFix a shot. Honestly, I've been fixing computers for over a decade and have yet to encounter a virus or malware infection that absolutely required wiping the entire system hard drive. There may be a few bugs out there that are that bad, but by and large, those kinds of one-size-fits-all broadsword solutions are offered by companies that don't want to be bothered actually solving the problem with precision. Plus, they're overcharging you like crazy. Want proof? Every single program in this article is absolutely free; some offer subscriptions or additional functionality for a fee, but will work just fine at no cost for at least short-term scanning and cleanup purposes. That surely beats the $80/hr they're probably charging you to hit the nuke button.
ComboFix still sees regular updates, and sometimes will only run at "reduced functionality" if it thinks it's out of date, so it's always good to keep that link to the most recent file bookmarked. The regular updates are a blessing though, as new threats emerge daily and are added to the program for detection and removal. Having used it on at least a dozen infected machines lately and seeing nothing but spectacular results, I can't recommend a better tool for cleaning a bug-ridden PC. Check it out, read the tutorial, and keep it handy. You never know when some rogue script out there will make your computer sick.Powered by Sidelines