Quote:
Originally Posted by TheBruce1
I gonna have to disagree here, there are certain infections that will render a users system useless if you use CF first.
Its not just about running tools, its researching every entry and from that putting a fix together, for example, which order would you put tools in and why.
Combofix is not just a tool, it is also a diagnostic tool and with so many changes to CF as malware develops, removing the wrong thing will also cause the users system to become useless.
What do you do if CF does not remove files on the first run?
I too help users and am trained to use CF, if anything goes wrong i can speak to the tools creator along with many others, i would never run CF without seeing either a hijackthis log or DSS log first and neither would any analyst i know.
|
I was about to post the same thing. Combofix is not a tool for people untrained in its use. It does not remove all malware. There are some specific infections that it does remove, but there are many it does not. The logs need careful reading and assessment.
Back to fighting with the people that used to provide rootkits and forced advertising on unsuspecting users in the recent past
