What areas are reset by ComboFix.exe?

Discussion in 'Malware Help (A Specialist Will Reply)' started by J8son, Feb 4, 2009.

  1. J8son

    J8son Corporal

    I just got help with a malware removal issue by the always helpful folks here at MajorGeeks (I'm looking at you bjgarrick ;))

    However, in running the appropriate apps, it seems ComboFix.exe reset some of my XP settings. Here are a few areas I had previously configured that were reset:

    - Notepad "Word Wrap" option reset
    - Windows Firewall enabled in Services after it was turned off
    - Internet Explorer Home Tabs removed
    - System Restore enabled after it was disabled previously
    - Desktop Icons that had been removed were restored

    I was hoping I could find a list of everything ComboFix.exe resets so I can reconfig just those areas instead of trying to check my entire system, which can be quite time consuming.

    Thanks! ;)
     
    J8son, Feb 4, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes ComboFix does many things that we wish it would not do. We have a long running list of files and registry keys it should not be touching. However I will not post this list. When MGtools is run it automatically fixes a bunch of the problems introduced by ComboFix but it does not fix all of them since many are deletions of files and or registry keys than cannot be so simply fixed.

    If you are using the Windows Firewall you have not followed final instructions. You need to install a 3rd party firewall and thus the Windows Firewall should be disabled. Since your last trhead shows you had installed Outpost, the Windows Firewall was disabled while doing this so I'm not sure why you are mentioning this.

    ComboFix does not remove any tabs from Internet Explorer. What do you mean by "the Home tabs"?

    System Restore should be enabled by default and that is why it was renabled. When ComboFix is uninstall it toggles system restore to set a new restore point and thus leaves it enabled. If you are running with System Restore disabled then you are asking for big trouble.
     
    chaslang, Feb 7, 2009
    #2
  3. J8son

    J8son Corporal

    No, as you yourself read in the last thread, I did install a 3rd party firewall. I originaly disabled Windows Firewall in the Windows Services menu. However, when I ran the necessary apps, it re-enabled it. So, I once again had to turn it back off.

    Yes, you can add multiple links in your home page tab that all will load at once. They are always cleared out when running this app and I have to re-add them.

    The reason I do this is that every removal guide I read tells me, as one of the first steps, is to cycle the Restore points as to not roll back to a point where malware was installed. And since I have never once used a restore point, this is why I keep it off.

    So, is there a way to track everything that was reset? Otherwise I'll just have to check EVERYTHING...which is kind of a pain...but needs to be done.

    Thanks!
     
    J8son, Feb 8, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I have not been noticing this problem. We will have to check to see if ComboFix is causing this problem.

    Okay you are using IE7. I misunderstood what you are referring to.

    Wrong approach and our READ & RUN ME does not tell you this. This is the very last thing we have you do AFTER we determine the PC is clean.

    Bad decision which some day you will regret.

    No! You could try using a registry comparison type tool to compare you registry before and after but this may not be so easy to do. Don't forget the tool updates/changes all the time and so will the effects that it has.
     
    chaslang, Feb 10, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds