BleepingComputer.com: McAfee does not like ComboFix

Everyone Good morning, When I try to download combofix from this site I get McAfee saying it's <_<a remote admin tool detected as RemAdm-proclaunch!171.

Has anyone else had this?

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes some features or additional files that can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

This post has been edited by quietman7: 12 March 2009 - 01:30 PM

A little more to add as to why combofix is dangerous. From Papakid:

Quote

Ref: http://www.bleepingcomputer.com/forums/ind...p;#entry1159014

This post has been edited by scff249: 12 March 2009 - 01:38 PM

Just read what is said about Combofix. I had to use it because I had tried every other program to get rid of a nasty malware called Win32rootkitTDSS. Luckily I have a friend who is a computer person and he said to run it and just leave it to do its thing. I ran the program and it deleted the rootkit and and everything is working normal now and no rootkit on system. I appreciate this is a powerful tool and wont be using it again unless its a last resort. I have ad aware installed and did a scan with it and it hasnt found any rootkit or malware thank goodness.

quietman7

I have a question about your response. I know your response is at least 99% CYA, but still doesn't make sense. If (from another forum) combofix is only for private use and is not to be used to business or corp. use then how exactly should it be used? In this response you say it is only for expert use. What experts are there that are not business persons?!? Basically it's not for private or business use. So is there some other group that fall in between those two that I've never heard of? I've always understood things to either be private or public; private individual, or public business. I don't believe I've see a "neither" ever in my life.

Some of both response: "we don't really intend for anyone to actually use this, so don't blame us when something goes wrong."

Don't get me wrong I've used it plenty of times, and love the product. I commend the author for his fine work. I don't recommend it for end users. End users are usually idiots which is why they higher the "expert" who is from a business who rents experts. It's just odd that neither the end user should use combofix, and the neither should the expert if they work for a business. I just don't know of many experts that don't work for a business.

Quote

ComboFix is meant to be used under the supervision and guidance of experts trained in its use.



Those experts are volunteers who have graduated from one of several Unite Schools and they can be found at various online security sites such as BC. The developer did not intend for his tool to be used any other way and it certainly was not intended for those running a computer business or for use in a business/corporate environment.

When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

We are not only here to help members but to protect them from doing damage to their computers by using tools they are not familiar with. Some folks may not ask for help and just follow directions given to someone else which is very risky. As such, we post a lot of warnings. I'm sure you can appreciate and understand why we do this.