ComboFix in a fresh VM

E

exCode

Level 3
Thread author
Verified
Sep 19, 2016
114
So guys, what do you think would happen if I ran ComboFix in a fresh VM? I have seen all this stuff about "Do not run ComboFix if you aren't under supervision" and I got to thinking about what would happen. Also, why is it so dangerous?
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The meaning of aren't under supervision is where the tool should use upon the approval of expert, the removal capabilities is aggressive that can kill legitimate functions.

That's why, removal experts needs to diagnose the report of the system before applying any tools.
 
Atlas147

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Since you have a fresh VM, you could just take a snapshot of your current status and run combofix to see if there are any detections and if removing the detection causes any loss of functionality. If so you can just revert back to the snapshot of before ever running combofix, good as new.
 
  • Like
Reactions: Myriad
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
I've run it many times on many diferent systems and never had a problem. I think they are just warning you that it's a powerful tool capable of doing harm to your system if you don't know what you're doing.
 
Last edited:
  • Like
Reactions: shukla44, Jack and Myriad
Myriad

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
If your VM is correctly setup you can do anything you like to it , without any risk to the host system.

The only exception I can think of is possibly if you have enabled shared folders , clipboard , drag-and-drop etc.
Other than that , feel free to go nutso .

You can utterly trash the VM and be up and running again in mere seconds .... such great fun !

In Linux I like to dream up the most stupidly dangerous commands possible , and then execute them ( as root of course :) )
 
Last edited:
  • Like
Reactions: askmark and Jack
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Myriad said:
In Linux I like to dream up the most stupidly dangerous commands possible , and then execute them ( as root of course :) )
Click to expand...

Talking of dangerous commands, when I was a Unix admin, back in the 90's, a colleague of mine accidentally ran the command "rm -r *" from the root folder of one of our Servers. This systematically wiped out every file on the filesystem until the OS died because it had removed itself!
I had to rebuild the OS from scratch and restore all the data from tape backups. Not much fun I can tell you.
 
  • Like
Reactions: Myriad
Myriad

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
@askmark

Yes , that is the very type of command I was thinking of , with wildcards for extra delicious vandalism :)

Sit back and watch the OS eat itself from the inside out !

Got to love VMs , for just that sort of scenario ....
 
  • Like
Reactions: askmark
You must log in or register to reply here.

Similar threads

Xeno1234
    • Like
Question Is running a stealer malware in a fresh VM safe?
Replies
35
Views
1,802
General Security Discussions
Xeno1234
Xeno1234
S
Question How secure is KTS on DEFAULT settings?
Replies
8
Views
424
Kaspersky
Trident
Trident
simmerskool
    • Like
  • Question
Question win10 notifications
Replies
6
Views
546
Windows 10
ForgottenSeer 100397
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top