BleepingComputer.com: Mcafee reporting combofix as a trojan???

Over the 4th weekend, my computer got hit by a virus that really messed up my computer, removed all of the restore points, infected all files that prefetch called, and kept stating that google updater encountered a problem (before I could even login) after I created a fresh install of XP pro, (including installing mcafee which my ISP provides free) A friend of mine mentioned combofix to me, and I thought I'd check it out, but when downloading it, Mcafee blacklisted it mentioningthat it contains a trojan, Artemis!E8F11525BD9B, from all 3 of the download links that were on bleepingcomputer website. Has anyone else get a virus detected warning while downloading the software? I didn't find anything when searching for trojan detected on download of combofix on the site...


EDIT: Moved to a more appropriate forum

This post has been edited by garmanma: 11 July 2009 - 09:58 PM

It is a false positive
Please read thew disclaimer before running it yourself

unfortunately, I cannot find this disclaimer that you are referring to, is it located within the program, instead of something that i could find easily?

Thank you garmanma. I guess that since it couldn't even DOWNLOAD without coming up with a trojan alert, I will NOT be using it..

This will be the END of my participation on this forum.

idiot10j

Even though you say you are done here I still want to point this out. If you would do a little research on these types of programs, you would find that the tools that they use are often detected as malicious by many antivirus programs but these are FALSE positives, as Garnmanma said. False positives means they are not trojans or anything else malicious. But in any case, you really should not use this particular tool without supervisiion from an expert in malware removal as the use of it on your own could lead to the computer becoming inoperable.

Does anyone know what it means if an antivirus program does not detect ComboFix as anything bad when it is downloaded? As in, does that mean the antivirus program is not as good as others and did not detect something it should have, or does it mean that it that it is able to tell that it is not malicious?

This post has been edited by Stang777: 13 July 2009 - 05:32 PM

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or it can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's Heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

This post has been edited by quietman7: 15 July 2009 - 12:46 PM