Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 taba

taba

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 06 July 2007 - 03:22 AM

Hi HJT TEAMS MEMBERS,

Scanner results of ComboFix.exe (by virustotal and jotti)


AntiVir: HEUR/Exploit.HTML

eSafe: suspicious Trojan/Worm

Fortinet: Misc/Dumphive

Ikarus: Trojan.Win32.Autoit.D

McAfee: Bat/sdel

Panda: Suspicious file

Sophos: NirCmd

Webwasher: Win32.ModifiedUPX.gen!84 (suspicious)


Sunbelt: VIPRE.Suspicious

A-Squared: Heuristic.Dialer.RAS


Is they false positive?

Thanks for replies...

Best regards...

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:58 AM

Posted 06 July 2007 - 04:33 AM

Yes, that are false positives. Most Vendors flag the NirCmd.exe that Combofix uses as suspicious.
Nothing wrong with nircmd.exe : http://www.nirsoft.net/utils/nircmd.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 taba

taba
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 06 July 2007 - 05:28 AM

Yes, that are false positives. Most Vendors flag the NirCmd.exe that Combofix uses as suspicious.
Nothing wrong with nircmd.exe : http://www.nirsoft.net/utils/nircmd.html


Thank you very much for a fast answer...

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:58 AM

Posted 06 July 2007 - 05:29 AM

You're welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:58 AM

Posted 17 July 2007 - 02:29 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users