Welcome Guest ( Log In | Click here to Register a free account now! )
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
![]() ![]() |
Feb 8 2007, 09:46 AM
Post
#1
|
|
|
Member ![]() ![]() Group: Members Posts: 15 Joined: 12-January 07 Member No.: 105,937 |
I have downloaded Combofix.exe from this address http://download.bleepingcomputer.com/sUBs/combofix.exe I have scanned with it and got a report,nothing found I think- no indication in the report But after scanning with it , IE icon showed up on Desktop and Firefox reported that it is not Default browser ,and my IE home page changed from Blank to MSN, and this is what I have discovered for now. Is this normal or I did something wrong? After scanning with it all I did was download AVG AntiSpyware from Ewido/AVG site All downloads were done with Opera Second question is- Do you know why I have this from UNA at Virustotal.com: UNA -1.83 -01.30.2007 Trojan.Win32.Agent.BA1E (and today too) for DrWeb Cure-it? This was something that happened once before when I accidentally emailed Stinger, Combofix and Vcleaner/grisoft/ to Virustotal - but from ESafe( -Trojan/Worm) This post has been edited by zorandjr: Feb 8 2007, 12:57 PM |
|
|
|
Feb 8 2007, 01:00 PM
Post
#2
|
|
|
Member ![]() ![]() Group: Members Posts: 15 Joined: 12-January 07 Member No.: 105,937 |
and the almost the same for combofix.exe, as the last time
Complete scanning result of "combofix.exe", received in VirusTotal at 02.08.2007, 18:45:06 (CET) AntiVir 7.3.1.34 02.08.2007 no virus found Authentium 4.93.8 02.07.2007 no virus found Avast 4.7.936.0 02.08.2007 no virus found AVG 386 02.08.2007 no virus found BitDefender 7.2 02.08.2007 no virus found CAT-QuickHeal 9.00 02.08.2007 no virus found ClamAV devel-20060426 02.08.2007 no virus found DrWeb 4.33 02.08.2007 no virus found eSafe 7.0.14.0 02.08.2007 suspicious Trojan/Worm eTrust-InoculateIT 30.4.3378 02.08.2007 no virus found eTrust-Vet 30.4.3378 02.08.2007 no virus found Ewido 4.0 02.08.2007 no virus found Fortinet 2.85.0.0 02.08.2007 no virus found F-Prot 4.2.1.29 02.07.2007 no virus found F-Secure 6.70.13030.0 02.08.2007 no virus found Ikarus T3.1.0.31 02.08.2007 Trojan-Dropper.Win32.Delf.FZ Kaspersky 4.0.2.24 02.08.2007 no virus found McAfee 4959 02.08.2007 no virus found Microsoft 1.2101 02.08.2007 no virus found NOD32v2 2046 02.08.2007 no virus found Norman 5.80.02 02.08.2007 no virus found Panda 9.0.0.4 02.08.2007 Suspicious file Prevx1 V2 02.08.2007 no virus found Sophos 4.13.0 02.08.2007 no virus found Sunbelt 2.2.907.0 02.02.2007 no virus found Symantec 10 02.08.2007 no virus found TheHacker 6.1.6.053 02.07.2007 no virus found UNA 1.83 02.08.2007 Trojan.BAT.Small.BC0B VBA32 3.11.2 02.08.2007 no virus found VirusBuster 4.3.19:9 02.08.2007 no virus found |
|
|
|
Feb 8 2007, 02:12 PM
Post
#3
|
|
![]() Bleepin' Janitor ![]() ![]() ![]() ![]() ![]() ![]() Group: Global Moderator Posts: 13,431 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
QUOTE I have scanned with it and got a report,nothing found I think- no indication in the report... Do you know what to look for? Who asked you to download and run Combofix? What problems are you having that you needed to use it? This is an advanced tool normally used by experts who are helping others to investigate and remove malware infections in the Hijackthis forum. It is intended to be used under the guidance and supervision of an expert, not for private use.I will let sUBs know so he can look at these results. This post has been edited by quietman7: Feb 8 2007, 02:37 PM -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 ![]() |
|
|
|
Feb 8 2007, 07:08 PM
Post
#4
|
|
|
Member ![]() ![]() Group: Members Posts: 15 Joined: 12-January 07 Member No.: 105,937 |
Sorry if I have upset anyone.
This was just a question. It was not a some big problem in question, just doing the scans with usual AV/Anti spyw/adware programs and few tools, because I was going to uninstall and install some things/defrag and make a Window Update. So I did this scan too, and I didn't think that I will know what to look for, but I did expect something like this: from the report of combofix- scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 This is only a part of it, and I suppose that it is not not the full result but there was no prompt for removal or reboot, so I didn't think that there was anything wrong. And I don't think that there was any permanent damage I didn't know that this was something that I'm not supposed to try- I am aware that it is my fault if anything goes wrong-and this was just a question,I repeat Neither of my posts wasn't intended to be insulting or offensive, or accusing , I just wanted some information, and to know if it happened before so if there are some other changes, I can reverse them As for Virustotal, I just wanted to know, if there was anything wrong with my computer, or these are just false positives, again That is all, thanks This post has been edited by zorandjr: Feb 8 2007, 07:29 PM |
|
|
|
Feb 8 2007, 07:52 PM
Post
#5
|
|
![]() Bleepin' Janitor ![]() ![]() ![]() ![]() ![]() ![]() Group: Global Moderator Posts: 13,431 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
I understand you had a question and that's fine. However, I also have an obligation to advise members on the proper use or misuse of such tools. Using a tool your not familiar with and/or using it incorrectly could result in unintended consequences. By advising you of ComboFix's intended use, I am also advising others reading this thread.
BTW its not unusual for ComboFix to be flagged as a Trojan by some anti-virus programs due to a variety of reasons relating to how the tool is created. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 ![]() |
|
|
|
Feb 8 2007, 07:59 PM
Post
#6
|
|
|
Member ![]() ![]() Group: Members Posts: 15 Joined: 12-January 07 Member No.: 105,937 |
Thanks
|
|
|
|
Feb 20 2007, 01:48 PM
Post
#7
|
|
|
Member ![]() ![]() Group: Members Posts: 15 Joined: 12-January 07 Member No.: 105,937 |
Should I be worried about this:
QUOTE The tool, ComboFix has been temporarily withdrawn. The author discovered a rootkit infection that will intefere with ComboFix's running. This will cause Combofix to be UNSAFE FOR USE on your machine. Even if you manage to find a mirror for the tool, PLEASE DO NOT RUN THIS TOOL Apologies for any inconvenience caused and QUOTE I have just encountered a rootkit that will cause CF to recursively delete all files from SystemDrive. ?Pulling the tool till further notice. Please inform your users not to use CF. Who knows if that rootkit is in there. Please spread the word. Also have users delete their copies of CF I have scanned recently, not with combofix.Nothing was found. Everything was slower, mainly downloads, after my mistake with combofix. and avgas.exe (avg antispyware) jumping, wanting to enter the Internet, even if I have the free version, therefore no automatic updates.... |
|
|
|
Feb 20 2007, 02:17 PM
Post
#8
|
|
![]() Bleepin' Janitor ![]() ![]() ![]() ![]() ![]() ![]() Group: Global Moderator Posts: 13,431 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
No, that was a more recent advisory posting after discovering the problem. Just delete all instances of combofix you may have and do not use it again until further notice.
-------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 ![]() |
|
|
|
Feb 20 2007, 02:23 PM
Post
#9
|
|
|
Member ![]() ![]() Group: Members Posts: 15 Joined: 12-January 07 Member No.: 105,937 |
thanks
|
|
|
|
Feb 20 2007, 02:40 PM
Post
#10
|
|
![]() Bleepin' Janitor ![]() ![]() ![]() ![]() ![]() ![]() Group: Global Moderator Posts: 13,431 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Your welcome.
-------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 ![]() |
|
|
|
![]() ![]() |
| Lo-Fi Version | Time is now: 21st November 2008 - 08:38 PM |