ComboFix is a program written by sUBs, that removes spyware, malware, rogue antispyware apps and Vundo infections. Also it deletes a bunch of files related to the infections and is updated fairly regularly. When Combofix finished, it will produce a report for you. Power user can use the report to search and remove infections that are not automatically removed.
Download Combofix
How to use combofix:
Please use the official ComboFix guide bleepingcomputer.com/combofix/how-to-use-combofix or the following steps:
1. Temporarily disable your antispyware, antivirus and any antimalware real-time protection, so they may interfere with running of ComboFix.
2. Download Combofix.
Download combofix from the direct link above and save it to your Desktop.
3. Install Recovery console. (only Windows XP)
Skip the step, if the Windows Recovery Console is already installed.
- If you have Windows XP disk, then read the article: How to install and use the Windows XP Recovery Console.
- You should know version of Windows. Right click the My computer icon. Click Properties. In the window read information about your Windows version.
- Click here for open Microsoft’s website.
- Scroll down.
- Select the download that’s appropriate for your operating system and download setup boot disk installation to your Desktop. Use Service pack 2 version, if your Windows XP is Windows XP Service pack 3.
- Now close all open windows and programs.
- Drag the setup package and drop onto ComboFix.exe.
- Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
- At the next prompt, click ‘Yes’ to run the full ComboFix scan.
- When the tool is finished, it will produce a report for you.
4. Run combofix.
- Close all programs. Your Task Bar should be clear of any program entries including your Internet Browser.
- Double click Combofix.exe icon on your Desktop to start it.
- If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if no, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:
The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exitClick YES button.
- The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.
- When finished, it shall produce a log for you.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
Questions and Answers:
1. I ran combofix which can affect autorun so now autorun and autoplay is not working.
Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. Read how to disable/enable autorun and autoplay.
2. No internet connection after running Combofix.
Restart your computer to restore back your connection. If it does not work, then click Start ->Settings -> Control Panel. Double click to Network connections. Locate your connection and right click on it. In the menu click to Repair option. When repair proccess has finished, your connection should be working again.
3. I ran combofix and got error message saying “This copy of combofix has expired”.
Download an updated copy from here or change your PC system time to some days ago (7days for example). Warning, only if first option don`t work.
4. How to uninstall combofix.
After using Combofix, you may uninstall it from your PC. Read how to uninstall combofix.
5. What should i do with QooBox and Combofix files ?
Use command: combofix /uninstall for uninstalling of combofix and removing all combofix files and QooBox directory. Read more here
6. Combofix is virus ?
No, No, No. Some security programs will incorrectly identify this tool as potentially or actually malicious due to some of it’s components. Although these files can be used maliciously, they are an integral part of the fix and I recommend you disable your antivirus.
I strongly suggest that you post your log at My AntiSpyware Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Help Forum Staff.
More Free Antispyware Tools: MalwareBytes Anti-malware – free spyware, malware, trojan remover, SDFix free trojan remover tool, SUPERAntiSpyware – free antispyware program.
my flash disk is infected by recycler…combofix can cure this?
more power ful tool required
I had to come here to recommend this program. It saved me hours of stuffing around.I ran it and it got rid of the stuff that’s was giving disturbing problems, such as not being able to access AVG antivirus and Spybot search and Destroy, also we had problems with navigating \
“my computer” and also unable to defrag the HD. After using combofix it all worked again and I could then run Spybot Search and Destroy and remove the remaining. Can’t thank you enough, Awesome!!!
As a professional for over 10 years it is very unusual for me to be unable to fix a computer problem. Sometimes, though, when Nod32, Malwarebytes and Spybot S&D report a clean system after long scans, Combofix fixes the problems quickly. I really would like to know how it works though (and why other malware programs fail). Many thanks for such a super tool.
Simon, combofix.exe is sfx rar archive. You can extract it and look what is and how`s working it.
Are there any command line switches for Combofix? Besides the /u to uninstall it? Thanks.
Yes, only “/u”.
Great, It’s powerfull tools, very useful for me. Thanks..
I keep getting the message (in the Command window) that I need to be logged on as Administrator to perform that task; doesn’t tell me what it is trying to do. I am logged on as Administrator. The program continues to run and apparently does it thing. Should I be concerned about this and is there a way to find out what the program is trying to do so I could run it from a Command prompt opened explicitly as Administrator? Thanks!
Oh, forgot to say I am running Vista Home Premium, SP2.
Randy, make a new topic in Spyware removal forum with more information about your problem.
okay. thx!
If ComboFix will not run, renaming does not help, try this little nugget. Run the setup program for SuperAntiSpyware (can get from download.com) it will fail. Then try ComboFix again. Smiles 😀
Thank you
thanks
I Loved it
It resolved all my issues THNX ALOT
antivirus system pro is runnin havoc to my whole comp,. it wont let me do much of anything, ive tried runnin combofix. i did run malabytes, took my avg off,….im lost at this point.
justin, ask for help in our Spyware removal forum.
This program has saved my computer two times now. It’s fantastic and works wonderfully. I do suggest using a forum of professionals before using. It’s a highly powerful tool that, some with modest computer skills, may need guidance with.
Thank you so much. You saved me! That antivirus removal virus was preventing me from going into regedit or task manager. Just downloaded your program to a flash drive, ran it and voila! Bless you !
I have a problem when opening spy ware doctor. The smart update always shows up on the screen.
I downloaded COMBOFIX yeah it did a job alright it made 3 Hard Drives data disappear no files. NONE ALL ON ONE DRIVE WAS ALL MY WORK NOW ITS GONE ITS HISTROY………………….tried to do a data recovery recovered some files but all overwritten. COMBOFIX was interrupted and no data on those 3 drives tried to view just from a defrag program didnt run all are black immovable. This program sucks anyone and it didnt create no log files to even know what the heck happened to them. Anyone have any ideas on getting these all back. I tried a restart, went to Safe Mode Command prompt nothing there on drives even tried attrib -a -h -s -r nothing there nothing.
Patricia, Combofix is good spyware remover. Probably your computer is infected with trojans/rootkit that detected, that Combofix is running, and removed your files from hard disks.
There was no ROOTKITS on my system that was checked a week ago prior to using this. I just need someone to tell me how to unlock all the files it shows immovable. It’s like it deleted the MBR Records for that drive and it is in a Firewire, all other hard disks are fine the one in the firewire is disk 4 and only 3 drives on it was damaged by this combofix. I have a total of 15 drives and I removed the combofix thinking it would unlock my 3 drives but it didnt. It looks like the data is still there we ran fdisk to view the partition information and there still is data there the way it looks. I just need to find out how to unlock that data from using this program.
I problem, every time i download it i gives me error saying “you can’t change the name to combofix[1] I am not changing anything, what is this.
I am using vista home p
someone help please
jeebers, try disable your antvirus/firewall and re-download Combofix.
Fantastic little piece of software. Shreds up the resistant Rootkits and Malware like nothing else. A+
How long does the “prepairing Log Report” take to complete, been waiting 2 hours ?
Steve, probably a trojan blocks Combofix. Try run it from Safe mode.