Originally Posted by TheBruce1

I gonna have to disagree here, there are certain infections that will render a users system useless if you use CF first.
Its not just about running tools, its researching every entry and from that putting a fix together, for example, which order would you put tools in and why.

Combofix is not just a tool, it is also a diagnostic tool and with so many changes to CF as malware develops, removing the wrong thing will also cause the users system to become useless.



What do you do if CF does not remove files on the first run?



I agree.



I too help users and am trained to use CF, if anything goes wrong i can speak to the tools creator along with many others, i would never run CF without seeing either a hijackthis log or DSS log first and neither would any analyst i know.

So, you run CF for the first time and you have look at the text file it produces, from the reg dump this shows up, what would you do.