Quote:
|
Originally Posted by Paul Delaney
Yes it can be - I've never personally had a problem with it but...
Do you think I would recommend running a program that would damage rather than cure?
|
I gonna have to disagree here, there are certain infections that will render a users system useless if you use CF first.
Its not just about running tools, its researching every entry and from that putting a fix together, for example, which order would you put tools in and why.
Combofix is not just a tool, it is also a diagnostic tool and with so many changes to CF as malware develops, removing the wrong thing will also cause the users system to become useless.
Quote:
|
Originally Posted by Paul Delaney
You'll have to trust me on this one because there are several tools I use daily to remove these parasites, part of my work involves providing a non - destructive virus removal service mostly to small businesses.
|
What do you do if CF does not remove files on the first run?
Quote:
|
Originally Posted by Paul Delaney
All of them can be dangerous if handled in the wrong way.
|
I agree.
Quote:
|
Originally Posted by Paul Delaney
It would be irresponsible of me to post a cure for this problem without first knowing what I was talking about and I see identical problems every week.
|
I too help users and am trained to use CF, if anything goes wrong i can speak to the tools creator along with many others, i would never run CF without seeing either a hijackthis log or DSS log first and neither would any analyst i know.
So, you run CF for the first time and you have look at the text file it produces, from the reg dump this shows up, what would you do.
Quote:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xtisps.exe
|