|If you have a rootkit on your computer, it evades your antivirus program and antimalwareprogram ,thus it EVADES "combofix" as well. Some rootkits detect combofix and in turn deletes all your files from your harddisk. The ONLY thing to do in this case is to :|
* Restore your backup again, but use ANOTHER bootdisk that's NOT infected, f.i. a CDR (Which can't be written to) DO NOT USE THE SAME COMPUTER TO BURN THE BOOTDISK. (Atapi.sys might be infected too, the driver which is used for cd r/rw dvd)
* Use another computer to scan the hard disk infected with the rootkit. This other computer will find the files , responsible for booting up the rootkit along with your operating system! How to remove it is similar how you remove startup items from your own computer with msconfig (if you use winXP)
* When you use GMER and your computer "hangs" if you select full scan, but this program detects hidden files you are certain this is a rootkit. A rootkit could hang your computer if you use certain programmed software which it "knows" it could be present. However, if you use software which isn't detectable by the rootkit you could show where it resides, but cannot let te computer which is affected, delete it by itself, because it became part of the OPERATING SYSTEM.
I challenge ALL antivirus companies to complete their packages because as far as i can see they did a good job in history but are in a HUGE DISADVANTAGE for now and in the future.
* Remember when you buy a new computer : BACKUP ALL YOUR SOFTWARE, AND CREATE MEANS TO BOOT YOUR COMPUTER UNINFECTED. Thats if you EVER want to remove an infection manually.
* combofix is detected by adaware, panda antivirus, AVG antivirus because a signature was found. Well, if a signature belongs to some kind of virus or malware, if you have a black cat, why would your cat suddenly become white :-)