How To Restore Files Delted By Combofix

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by certifiedgeek, Jan 27, 2010.

  1. certifiedgeek

    certifiedgeek Private E-2

    Could someone please explain how to restore files that were deleted by combofix? I would like more details on how to restore individual files that have been quarantined, but not all of them. For instance, if combofix removed some important files and also removed a rootkit, I would like to only restore the important files. Is there a link somewhere that explains more in detail how to use combofix such as what types of commands can be dropped on combofix using a text file?

    Thanks in advance for your help.
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  3. certifiedgeek

    certifiedgeek Private E-2

    Thanks for your reply. I saw that post earlier which is very helpful if something horrible happens (like deleting critical files), but I am looking for some different options like the ability to restore individual files myself using a text script. I saw in another post where you could write a text file something like:

    Killall::

    dequarantine::

    (list of files to be deleted)


    I am wanting to know if there are other types of commands that can be run with combofix. I also would like to know exactly what is happening when it is going through all the phases. This would help me in doing removals now and later if needed. Could you point me to a place that has documentation on the different commands that can be used with combofix?
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What you have written is just what you need to do to restore the individual files.

    As to learning more regarding using ComboFix, may sites have "teaching" forums for malware removal. I don't believe the list of commands is freely available on the web.
     
  5. certifiedgeek

    certifiedgeek Private E-2

    I do various types of on-site computer service work and need to know how to restore files in case something happens like files being deleted.

    Could you give me the exact command for restoring something like this, but nothing else.

    C:\qooboox\deleted folder

    Will combofix go through all the scans again if I run the file restore command because I wouldn't want it to go through the whole scan again. I recently had a scare where a whole program directory was deleted to the qoobox folder, but I wasn't sure how to restore it. It was a program that could be reinstalled fairly easily which helped. :-D

    Also, which malware academy do you reccommend or has the greatest need for help? I have been removing viruses since 2002 and might be able to help people in need on the side.

    Thanks
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You don't go to these training sites to give help. You go there to learn the process of removing malware from the bottom up. You will not be allowed to perform malware removal on any sites without having gone thru the training or without otherwise demonstrating that you have all the background/experience already required by showing where you have been already doing this work.
     
  8. certifiedgeek

    certifiedgeek Private E-2

    Thanks to you both for your information. Since there are many forums to chose from, which one requires the most help at the current moment? I want to go through the training at the forum that needs the help the most since I should be able to get up and running pretty quick.
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Don't know but people who train at any of these sites typically go on to help at multiple websites.

    It will take longer than you think. You have to work thru many many procedures and levels and you have to wait for teachers/instructors to get back to you at each step. They are only there when they can be and some also spend significant time actively helping in removal forums so this is another reason for the process being slow paced.

    TimW only list 3 sites. There are more, some I would not recommend, however the below is also another good one:


    BleepingComputer Malware Removal Training Program
     
  10. certifiedgeek

    certifiedgeek Private E-2

    Just curious... why didn't you recommend MajorGeeks for training?
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Because we do not really have a formal training program and forum in place and do not have enough volunteers here to train you since we are all extremely busy performing malware removal.
     
  12. certifiedgeek

    certifiedgeek Private E-2

    It seems the Bleeping Computer site is full and requires a pass code to enter the training program. Any helpful info on how to get in in the near future?
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just see the note posted in the link I gave you
     
  14. certifiedgeek

    certifiedgeek Private E-2

    Posted over thirty times today in hopes of being accepted as soon as slots become available. thanks again for your help.

    btw, could you pm the forums that you wouldn't train in so i know? I would like to learn from the best program using the latest tools available.
     
    Last edited: Apr 24, 2010
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then stop posting, before they consider it an annoyance. ;)

    Just refer to the ones already list here for you. They are also in the below link. It it is not listed here, then it is not one we recommend.

    Becoming A Malware Forum Helper
     
  16. certifiedgeek

    certifiedgeek Private E-2

    Yes, maybe I got a little carried away! :)

    Thanks again and I will wait and see what happens before I post too much more.
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Remember that you could try one of the other training sites if BPC is too busy to allow you in.
     
  18. certifiedgeek

    certifiedgeek Private E-2

    OK, I know that I said I wouldn't post any more in there forum, but after talking to about 3 or 4 of their mods, it seemed it wasn't minded. I also made sure they knew that I was there to help and please let me know if I am doing anything they don't approve of.

    I applied to GeekU, Tech Support Forums, and BC about 3 days ago so if I don't hear back within a week, I will check on the other forums. I just like the feel and look of those forums, as yours which is why I applied there.

    Since I will be obligated to help in the forum that trains me, I thought it would be good if I did some checking before I applied.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds