I’ve found combofix misses a lot of shit, but as far as “system being beyond saving” even if they are attatched to system files, its easy enough to replace them, depending on what the file is. But yes there are times where you just need to backup and start fresh.
As ILYA said, some are a bunch of random number likes 1234454.exe , some are just odd looking names like wasd23.exe/.dll/.sys etc…
Basicly if you know around the time the machine was infected you can sort by date modified as krazykid said, look at the publisher as for the most part 90% of legit files will have the publisher name attatched. If you arte ever unsure just google it, or rename it to .old … restart the system and see if anythings broken
This, but if your unsure just alway rename to .old and if it breaks the system or a program just go back and fix it.
By the time youve installed that and ran a full scan, i bet you could have had the virus almost completely gone and the machine uninfected in a 1/4 of the time. The only thing you really tend to miss is a few registry keys, but for the most part as long as you deleted any files their trying to call to it wont matter, just run a scan using something small and fast to find them… I’ve found that CCLeaner will acctualy kill registry keys left by viruses
Im not saying I dont agree with you, but why run the scan prior and have it take more time as its finding things rather than just delete everything you can find and run a scan that will presumably be much faster
Unless you need log files in which case I guess thats a different story