abferm Posted December 28, 2010 Share Posted December 28, 2010 As most of you know McAfee and ComboFix aren't exactly the best of friends. I use ComboFix a lot as a computer technician and most of our customers' computers are running McAfee. I am looking for a way to disguise ComboFix so it doesn't get deleted the instant I plug in my flash drive. Quote Link to comment Share on other sites More sharing options...
digip Posted December 28, 2010 Share Posted December 28, 2010 Never used it, but a lot of tools get flagged by different vendors as "not-a-virus" but still want to remove them. Just go into mcafee and change the settings to warn first instead of automatic removal. The other option is to exit/shutdown mcafee first before using the tool. If you have physical access, then you should be able to shut mcafee down so you can do your work. No need to make it "bypass" the very tools to keep the system safe. Quote Link to comment Share on other sites More sharing options...
abferm Posted December 28, 2010 Author Share Posted December 28, 2010 Yes, I know I can change settings or disable McAfee, but I would have to do that with each and every computer I work on. Whereas, if I use some sort of modified file I can use that file on any computer regardless of what AV the computer is running. It should also protect ComboFix from viruses. There are several that stop ComboFix from running. Quote Link to comment Share on other sites More sharing options...
digip Posted December 29, 2010 Share Posted December 29, 2010 Only way I can see doing it so that nothing wunning under the OS can touch it, is create a live windows disc or thumb-drive, then boot into a windows environment with all your tools to work with. Something like a BART-PE setup would be good. I especially like UBCD4WIN, which I use from time to time to reset NT passwords and do other fixes, like registry edits, etc, while safe from any potential viruses yet still able to fix or remove them from the system. Quote Link to comment Share on other sites More sharing options...
abferm Posted December 31, 2010 Author Share Posted December 31, 2010 ComboFix finds running rootkits and viruses, so it would not work in a live cd environment. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.