Crown Softwares

HOW TO USE COMBOFIX

Introduction

ComboFix is a program that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

At this time ComboFix can only run on the following Windows versions:

Windows XP (32-bit only)

Windows Vista (32-bit/64-bit)

Windows 7 (32-bit/64-bit)

Using Combofix

You will now see the ComboFix disclaimer screen as shown below.

Please read through the disclaimer and if you do not agree to it, then please click on the Cancel button to exit the program. Otherwise, to continue you should click on the I agree button. If you clicked on I Agree, ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console. Once it has finished installing, you will be presented with the screen shown below.

You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. When it is done, and a log has been created, you can then perform the manual install of the Recovery Console using the steps found in the Manually installing the Windows Recovery Console section.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

At the time of this writing there are a total of 50 stages as shown in the image below, so please be patient. The amount of stages will go up as time goes on, so if the amount of stages is different when you run it, please do not be concerned.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report as shown below.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. This can be seen in the image below.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you as shown below.

How to Unistal Combofix

Please note that if you uninstall ComboFix it will also remove all backups and quarantines that were created when ComboFix scanned and cleaned your computer. Therefore, only uninstall ComboFix when you are a hundred percent sure that your computer is operating correctly and that you no longer need any of the files that were backed up or quarantined.

To uninstall ComboFix from Windows XP please perform the following steps:

Click on the Start button (Windows XP Start Button) and then select Run from the menu. This will open up the Run dialog box as shown in the image below:

Run Dialog Box in Windows XP

In the Open: field type combofix /uninstall, as shown in the image above. Please note that there is a space between combofix and /uninstall. Once you have typed this in, click on the OK button. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows XP computer.

To uninstall ComboFix from Windows Vista or Windows 7 please perform the following steps:

Click on the Start button (Windows 7 Start Button) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow. Please note that there is a space between combofix and /uninstall.

Windows 7 Start Menu

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer

HOW TO FIX COMMON COMPUTER NETWORK ISSUES

1) Check to make sure your computer is on and is connected to a network.

2) Be aware that Windows has a built in function to repair a network connection. This function can give valuable information in the form of an error message if you know what you are looking for. Some common error messages given are:

Unable to clear the DNS cache

Unable to renew your IP address

Unable to clear the ARP cache

3) Deal with a message that states "Unable to clear the DNS cache." When you get the message “Unable to clear the DNS cache”, this usually means that the DNS client service has been disabled. Follow these steps as an administrator to re-enable it:

Open the Services MMC plugin, located under Administrative Tools in the Control Panel;

Find the “DNS Client” service in the list presented and enter it's properties by double-clicking it;

Change the Startup Type from Disabled to Manual or Automatic then click apply;

Either reboot or click “Start” to start the service;

Verify by attempting to repair the connection again.

4) Fix a problem related to an IP address. If the repair process reports that it has been 'Unable to obtain an IP address', it is probable that more information can be obtained through the command line. Open a Command Prompt by going to Start > Programs > Accessories > Command Prompt, then type 'ipconfig /renew' to attempt to obtain an IP address from the command line.

5) Follow up the error messages that will likely appear. There is a high likelihood of an error message similar to the one below occurring, the remainder of the guide will focus on this error.

“An operation was performed on something that is not a socket"

6) Fix the error message "An operation was performed on something that is not a socket.": This is a Winsock corruption generally due to spyware. The fixes are:

A simple fix can be done with Windows XP SP2 or Windows Vista (Start > Run > cmd > netsh winsock reset), then reboot your computer. If you do not have SP2, you can download a small program to reinstall Winsock: winsockfix.exe.

DELETING VIRUS FROM SYSTEM VOLUME INFORMATION

System Volume Information is a hidden folder. It is a part of System Restore that stores details about system restoration set points. All the partitions or drives on your computer have this folder. Follow the simple steps to delete the virus or trojan infected files located inside System Volume Information folder manually if your existing antivirus did not do the job for you.

Right-click on "MY COMPUTER" and go to "PROPERTIES" to open "SYSTEM PROPERTIES" window or go to "START" and click on "RUN" or hold "WINDOWS" key and press "R" to open RUN window and type "sysdm.cpl" and press "ENTER" key. In the "SYSTEM PROPERTIES" window select "SYSTEM RESTORE" tab and select or check the "TURN OFF SYSTEM RESTORE ON ALL DRIVES" option. You will get the confirmation window to select "YES" or "NO". Click "YES" to remove files stored in System Volume Information folder thus making your system free from virus or trojan. Click Apply and then Scan Your Pc with any good antivirus or antimalware program. then again goto system restore and Uncheck the box (Turn Off System Restore on all drives) and then press Apply.

There is another way of removing virus/trojan from System Volume Information folder. Open "WINDOWS EXPLORER" by doing right-click on the "START" menu and selecting "EXPLORER" or hold the "WINDOWS" key and press "R" and type "EXPLORER" in the RUN window and press "ENTER" key. In the Windows Explorer go to "TOOLS" menu and select "FOLDER OPTIONS" to open Folder Options window. Click on "VIEW" tab. Now uncheck the "HIDE PROTECTED OPERATING SYSTEM FILES" option and make sure you have selected "SHOW HIDDEN FILES AND FOLDERS" under "HIDDEN FILES AND FOLDERS". Now you will be able to see "System Volume Information" folder in Windows Explorer.

Manually search for the infected file and delete it. If you are not able to delete the infected file, restart the computer and first delete the infected file before opening any application or program.