Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pb with combofix.exe! is a trojan inside?


  • Please log in to reply
3 replies to this topic

#1 mrmagic77

mrmagic77

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 02 February 2009 - 08:25 AM

Hello all!

I used to remove virus from my Pc with Combofix.
I have antivir antivirus on my machine (probably the best with kaspersky, i've tested all except GDATA ;)
The thing is, Combofix.exe is, since yesterday's update (I use combofix on plenty of users's machine) seen as a TROJAN.
Is this normal? Can the creator of combofix contact avira antivir to change this if no pb?
Is the new combofix.exe file infected???

Mrmagic

[Moderator edit: post moved to more appropriate forum. jgw]

Edited by jgweed, 02 February 2009 - 11:01 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:02 PM

Posted 02 February 2009 - 12:03 PM

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted program", or even "malware (virus/trojan)" when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kamal101

kamal101

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 13 June 2010 - 07:13 PM

Hi, Vipre antivirurs is telling me Combofix is a trojan
i tried to reach combofix author, there no contact informations on their web site : www.combofix.org
i am asking are there other antiviruses that is telling that combofix is not safe?
and i am asking what is your opinions?
i already know about the disclaimer



Active Protection Event Details

Event Type Notify
Timeout 0(s)
Monitor Source On File Access
Monitor Type File
Recommend System Scan Yes
Event Actor Enum Object



Application Information
File Path c:\WINDOWS\explorer.exe
Process ID 796
File Size 1033728(:thumbsup:
CRC8 8AEB05EC51A70000
Application Rating Known Good
Added To Always Allow List No
Company Microsoft Corporation
File Version 6.00.2900.5512 (xpsp.080413-2105)
Product Name Microsoft® Windows® Operating System
Product Version 6.00.2900.5512
Description Windows Explorer
Copyright © Microsoft Corporation. All rights reserved.



Attempted to modify the following file
File Path c:\install\ComboFix.exe
CRC8 17818C1D57130000
Application Rating Known Bad
Threat ID 4150696



Action Taken
Action Blocked
Reason VIPRE Known

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:02 PM

Posted 14 June 2010 - 06:01 AM

Combofix is not malware, however some anti-virus programs may report it as a threat for various reasons. Please read my previous post for an explanation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users