Repair Tool of the Week: Combofix

Combofix is a freeware, portable application designed to scan a computer for known malware and, if found, attempt to remove it. I personally use this application very frequently in conjunction with SmitFraudFix to remove Win Antivirus 2008 and its variants. In addition to removing many different rogueware products, it also shows you a log of files that were created or modified in the last month to help you locate potential malware it didnt detect. For example, if there is a randomly named .dll file in the system32 folder that was created on the day of the infection but all other files are dated years ago when Windows was installed, its probably something to do with the virus.

This one is essential for any computer technician who does malware removal work.

Usage instructions can be found on the official site located here.

Screenshots:

ComboFIx

Downloads:

Download from Official Site – 2.8mb

More Information



Bryce Whitty

About the Author

Bryce Whitty
More articles by me...
Bryce is an Australian computer technician and the founder of Technibble. He started his computer repair business when he was 17 years old and is still running it 9 years later. He is an avid traveller and spends at least a month of the year in another country.

Comments (36)

  • Jeremy says:

    Alright, portable! I’ll have to give it a shot!

  • I use it all the time. Good stuff!

  • We use this all of the time as well. This tool is a must have for all of you techs out there.

  • gunslinger says:

    Great tool. Been using this for a while.

  • Schlomo says:

    I didn’t know about it. I’ve been using autoruns+process explorer for my malware removal needs. This will be a nice addition to them, specially that log of files created or modified in the last month.
    Thanks.

  • Great tool, we’ve been using it a bunch lately too!

  • Eric says:

    Anybody knows an anti-spyware that stops antivirus 2008 or 2009 from installing on the customers computer ?

  • lonagcio says:

    sounds good. can’t wait to put it through the torture rack!

  • Yeah Right says:

    thanks, good tools are always appreciated

  • Majestic says:

    Malware Bytes anti-malware removes that antivirus 2008, 2009 and other variants. Previous to using it I used a mix of super anti-spyware, combo fix and smitfraud. I find it does the Job…

  • Patrick says:

    Scary to run this thing at first, Kaspersky was going haywire over it. It really takes control, doesn’t it? Makes sense though, it should ;)

  • Fahad says:

    This is a helpful utility program. Being portable, it has many uses. Thanks for sharing!

  • I tried Combo fix out this week and it is awesome. I wish more software would install like this. Totally automatic! Perfect!

  • ksfnef says:

    Combofix was obtained from majorgeeks via a forum. Nothing fixed my autorun.inf problem until using this superb program. Scary to use but what a result – computer works a treat – and quicker.

  • TA says:

    I ran this on a machine and it made IE my default browser and nuked out Avast resident scanners.

    I’m not very impressed!!

    Piece of crap.

  • inettech says:

    Been using combofix for years, usually do about 10-15 spyware removals a week at my work, run combofix first in safemode, then malwarebytes, then boot into regular windows, run counterspy and hijack this, ccleaner and you’re done!

  • Diogenes says:

    Combofix saved me alot of headaches (after 3 hours of heartburn before I found it).

    Thanks much!!!

  • Alex says:

    Only thing I found that removes the Win32.Zafi.B virus it’s a very bad one that wont let you go online and cancels anti virus software like McAfee and windows firewall options. Thanks so much to whoever made this nothing I found could even detect it on my computer.

  • I want to combo fix up date automatically by my E-mail address.

    Thanks!

  • Sujith says:

    Amazing tool…..the results were great!!

  • Bijan says:

    This program made my day…

    better than vundo begone

    Now i can run my pc agen

  • help says:

    offical page will not pop up says page cannot be displayed……help me comp. really bad

  • David T. says:

    If you are unable to get to combofix.org then open up the C:\windows\system32\drivers\etc\hosts file in notepad.exe and make sure it contains only the following:
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a ‘#’ symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

  • Case.bolt says:

    ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

    You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

  • Case.bolt says:

    In other words, unless you are a trained tech, you should not be using Combofix. It can brick your machine very easily if you don’t know what you’re doing.

  • i am trying to compile a set of tools in advance – added now, great tool :)

  • drew says:

    i tried multiple programs today for a good 5-6 hours after visiting a bad site causing my pc to go into a reboot loop. i stumbled upon this in the hirens program and it worked like a champ!!

    thank you to the creator Lawrence Abrams, u saved me a lot of money and headaches from screaming at my monitor!!

  • xJimba1 says:

    Hello all, I have used Combofix many times with no issues, BUT…I just saw the link on Bleeping computer where they have taken away the download saying the software has known errors which can cause your pc not to boot up after it is run. Not sure how many versions back this affects, but you might want to use extra caution until they repair the issue.

  • §torm says:

    i’m always very skeptical when it comes to anything that ‘claims’ to do much of anything. because let’s face it – there’s not much out there that actually works.
    combofix works – bottom line.
    it does what it’s supposed to do, with no frills or fancy crap to go along with it. which is great for someone like me, because i loathe ‘purdies’. i also loathe stupid little programs that people install which claim to fix something, but only add to their original problem.
    i’ve used combofix since the very first ‘version’, and it has always done the job quickly and efficiently.
    as someone who has done much programming and technical work (since 1980) i have a great admiration for the creator(s) of combofix.
    thanks guy(s) :)

  • Patsy O'Shea says:

    I used combo fix today and it worked well. However, I don’t know how to read the log. Does anyone know where I can learn some of the key rudiments of reading this log?

  • Lucas says:

    combofix fixed my google-redirect virus! The log means nothing to me, either, but I don’t care! Firefox is running normally again! :D

    Thank you! Thank you! Thank you!

  • Greal tool! File size very good. Thank you..

  • serloren says:

    I’ve used ComboFix successfully DOZENS of times the last few years on desktops and laptops, running 98,ME, 2000Pro,and XPPro. It has been an invaluable tool that I use in conjunction with other tools such as Malwarebytes etc, and I keep it on my Thumbdrive ALL the time.

  • Conner says:

    I knew I shouldn’t use this thing. No
    ability to uninstall – nothing. Now a few of
    my program icons were changed, system restore
    won’t restore any points, and looking at the
    log, it looks like any files deleted were
    in error – yes – false frigggin positives!
    My computer is now running sluggish. Grrrr.
    ComboFix doesn’t give anyone the chance to
    OK any deletions – it just does it – caution
    be damned! I don’t really know to what extent
    this thing has damaged my computer, and can’t
    do a sytem restore. Damn this program. And
    many of the people leaving comments here are
    nothing but shills – tools – especially the
    ones touting MalwareBytes, which is dangerous software to a computer, just like ComboFix!

  • someonehere says:

    This is why combofix is not to be used, unless you are supervised by a helper. It Can make your computer inoperable, depending on the situation. There’s more to combofix than just doing a scan but that information is not available in a public forum or website. The tutorial available on bleepingcomputer is only meant to help the user run it when asked by a trained helper.