Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Combofix Virus for Symantec

  • Please log in to reply
3 replies to this topic

#1 Hiro Joda

Hiro Joda

  • Members
  • 5 posts
  • Local time:12:46 AM

Posted 09 February 2009 - 07:35 PM

I checked Combofix.exe with Norton Internet Security 2009 and this is the summary of the scan.
NIS 2009 has found 2 viruses on Combofix.exe
I did not delete.

Statistiche scansione:
Durata scansione: 9 secondi
Opzioni di scansione:
Destinazioni scansione: D:\ZipFiles\AntiSpyware\Combo Fix\ComboFix.exe
Totale elementi sottoposti a scansione: 120
- File e directory: 120
- Voci del Registro di sistema: 0
- Processi ed elementi di avvio: 0
- Elementi di rete e browser: 0
- Altro: 0
- File attendibili: 0
- File ignorati: 0
Totale rischi per la sicurezza rilevati: 2
Totale elementi risolti: 0
Totale elementi che richiedono attenzione: 2
Minacce risolte:
Minacce non risolte:
Rischi nel file compresso "ComboFix.exe"
Tipo: Compresso
Rischio: Alto (Alto Stealth, Alto Rimozione, Alto Prestazioni, Alto Privacy)
Categorie: Virus euristico
Stato: Non eseguito
File 2
d:\zipfiles\antispyware\combo fix\combofix.exe - Nessuna azione intrapresa

English version:
Crawl stats:
Scan duration: 9 seconds
Scan Options:
Scan destinations: D: \ ZipFiles \ AntiSpyware \ Combo Fix \ ComboFix.exe
Total elements crawled: 120
- Files and Directories: 120
- Items in the registry: 0
- Processes and startup items: 0
- Elements of the network and browser: 0
- Others: 0
- File reliable: 0
- File skipped: 0
Total security risks detected: 2
Total items resolved: 0
Total items that require attention: 2
Resolved Threats:
Threats are not resolved:
Risks in the compressed file "ComboFix.exe"
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus heuristic
Status: Not done
File 2
d: \ zipfiles \ antispyware \ combo fix \ combofix.exe - No action taken

Edited by rigel, 09 February 2009 - 07:52 PM.

BC AdBot (Login to Remove)


#2 rigel



  • Members
  • 12,944 posts
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:46 PM

Posted 09 February 2009 - 07:55 PM

Norton's is picking ComboFix up as a false positive. The are several anti-virus products that pick ComboFix due to it make-up and characteristics.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith

#3 Hiro Joda

Hiro Joda
  • Topic Starter

  • Members
  • 5 posts
  • Local time:12:46 AM

Posted 11 February 2009 - 08:24 PM

Many thanks
Hiro Joda

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,771 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:46 PM

Posted 11 February 2009 - 10:03 PM

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted program", or even "malware (virus/trojan)" when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus, it's because the program includes some features or additional files that can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users