Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anyone ever get this?


  • Please log in to reply
5 replies to this topic

#1 Supermario

Supermario

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:04:36 PM

Posted 01 March 2009 - 01:36 AM

Hey everybody,
I was just wondering... Has McAfee ever identified ComboFix as being a trojan for you? I was running scans on my two computers. The program came up as a trojan on one but wasn't on my other computer. Just wondering... Thanks for your responses.

BC AdBot (Login to Remove)

 


#2 Swordie

Swordie

  • Members
  • 792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, Florida
  • Local time:03:36 PM

Posted 01 March 2009 - 01:48 AM

Almost all AV's will fight with other competition. Combofix is highly regarded here at BC. Doubt it's actually a Trojan, so yeah. I'd disregard it. I've never gotten that, since I use Avast.
Who said I couldn't have everything?

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:36 PM

Posted 01 March 2009 - 02:22 AM

ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. [b]Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please don't use such unless under guidance and ignore the off hand warnings in ones' AV's...
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 PM

Posted 01 March 2009 - 09:30 PM

Almost all AV's will fight with other competition.

Understand something--Combofix is not nor will it ever be an AV and shouldn't be used as one. It should never be run in any sort of casual way--in other words you can run your AV scan at any time if you want, or an antispyware/malware, even on a whim.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

Some of the tools ComboFix uses can also sometimes be used by bad guys, so yeah an AV (and McAfee is particularly bad about this) will sometimes flag some tools as potential threats. But since you don't need surgical tools around if you don't need surgery, this won't happen if you remove ComboFix or leave it off your system as recommended in the first place. Another reason is that CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 Swordie

Swordie

  • Members
  • 792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, Florida
  • Local time:03:36 PM

Posted 01 March 2009 - 09:42 PM

Almost all AV's will fight with other competition.

Understand something--Combofix is not nor will it ever be an AV and shouldn't be used as one. It should never be run in any sort of casual way--in other words you can run your AV scan at any time if you want, or an antispyware/malware, even on a whim.

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.

Some of the tools ComboFix uses can also sometimes be used by bad guys, so yeah an AV (and McAfee is particularly bad about this) will sometimes flag some tools as potential threats. But since you don't need surgical tools around if you don't need surgery, this won't happen if you remove ComboFix or leave it off your system as recommended in the first place. Another reason is that CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.

Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.


Doesn't the disclaimer say "Do not operate without Expert help?

And I wasn't sure what it was.

Back on topic; I remember someone saying turn off your AV's when running Combofix. Probably thats your problem.

Edited by Swordie, 01 March 2009 - 09:42 PM.

Who said I couldn't have everything?

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 PM

Posted 01 March 2009 - 10:48 PM

Doesn't the disclaimer say "Do not operate without Expert help?

Not exactly--actually I wish it did--it would be more simply explicit. What it does say is a bit vague:
This tool is meant for private use. It should never be used in an unsupervised environment.
People can interpret that in many different ways--but what's your point?

And I wasn't sure what it was.

Well, now you know. To expound just a bit more, it is a special removal tool that has helped a lot of people be rid of malware. But, believe it or not, that is not the primary reason for its design. It was designed to make the life of malware removal specialists (that usually work with victims remotely) easier. By doing that it also makes the life of the victim easier and gets rid of malware and does some cleanup so the end result is the same.

Back on topic; I remember someone saying turn off your AV's when running Combofix. Probably thats your problem.

How do you figure anything in this thread is off topic? In any event, as already stated, McAfee will flag several tools that can be used to fix computers--we've had problems with it flagging HijackThis as well. But you are correct, when a malware removal specialist asks someone to run combofix, they should give instructions to disable antivirus beforehand. But that is because the real-time/on access scanner may interfere with its running, not because the on demand scanner has found CF to be a potential threat.

Anyway, I see now that Supermario has posted in the malware removal forum, so is under supervision. The question in the original post would have better been asked of the person helping him in that thread. Supermario, maybe you missed seeing that you got an answer, but if so your thread is here:
http://www.bleepingcomputer.com/forums/t/203458/vundo-smitfraud-virtuomonde-ahtnhtm-infection/

If you have resolved the issue now, please do let your helper know. Especially if you haven't uninstalled combofix so that it cleans up behind itself--I would strongly encourage you to ask your helper how to do that.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users