ComboFix is a powerful program that can automatically remove the majority of common malware and certain pesky types of software. This includes most spyware, a multitude of viruses, programs that take certain technical knowledge to remove and software that might act as adware.Anything that it can’t remove will be saved to a log after the automatic removal process is completed.
If used improperly, ComboFix can adversely affect your computer. It may damage your operating system installation and require the technical expertise of someone experienced in computer repair to fix. Please do NOT take any manual actions unless you’re sure of what you’re doing. ComboFix works only on the following operating systems:Windows XP (32-bit only), Windows Vista (32-bit/64-bit),Windows 7 (32-bit/64-bit),It should not be run on any other operating systems, which includes Windows 8. Doing so can have unexpected consequences and may harm your computer.
5 Steps to Run Combofix
When ComboFix runs, it will automatically delete everything in the Recycle Bin, Temporary Internet Files folder and Windows Temp folder. Ensure that you have anything you want to save in these folders backed up somewhere else.
Get the latest combofix.exe (4.8MB) on your computer or USB Key – if you can’t start your computer in normal mode ,boot your PC in safe mode and run COMBOFIX on your USB Key. Related:Using ComboFix in Safe Mode or from a USB Drive
Close all browsers ,applications and running programs (Ctral +Alt+Delete).Turn off or disable any anti-virus or anti-malware programs on your computer that will infect this scan.
Double click on Combofix.exe ,combofix will run ,Combofix will create a system restore point and back up your registry automatically , you can restore your computer system to previous configuration after this scan, in this process combofix may install Microsoft Windows Recovery Console on your computer .
Combofix will automatically scan your computer and attempt to remove/delete known malicious infections ,files ,folders or registry items.
Once the scan is completed a log report will be generated and located at C:combofix.txt ,you can analyze (or sent it to expert for analysis)this log to remove other infections on your computer that not removed by combofix.
The first step to using ComboFix in Safe Mode is to download it to a location on your computer. The executable file can be saved anywhere, but it’s usually best to save it on your Desktop, in the root folder (such as C:) or in an easily accessible location (such as C:ComboFixComboFix.exe). To access Safe Mode, you must reboot your computer. After the BIOS screen, you will need to press F8 until a menu that allows you to choose from various boot options appears. The menu will have options similar to the following: Safe Mode,Safe Mode with Networking,Safe Mode with Command Prompt The list of options will depend upon your version of Windows, but the option to boot in Safe Mode should be apparent in most modern installations. Highlight this option using your arrow keys and then press the Enter key. You will then see text scroll down the screen before Windows boots into Safe Mode. You then log in and start your computer as you normally would.
Using ComboFix from a USB drive is similar to using it in Safe Mode. The only difference is that you will need to save ComboFix.exe to a bootable USB drive if you plan to run it on a computer that is unable to boot. The process itself follows the same procedures as the one outlined above. As ComboFix will run outside of Safe Mode, even booting into Safe Mode is optional. It’s worth noting that running ComboFix outside of Safe Mode or from a separate instance of a Windows operating system may produce less-than-favorable results. Some malware can only be removed from your computer by ComboFix if the program is allowed to scan an installation of Windows that is not active.
Note this tool, combofix may cause your computer system NOT start correctly.