Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee does not like ComboFix


  • Please log in to reply
5 replies to this topic

#1 killbugsdead

killbugsdead

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 12 March 2009 - 12:52 PM

Everyone Good morning, When I try to download combofix from this site I get McAfee saying it's <_<a remote admin tool detected as RemAdm-proclaunch!171.

Has anyone else had this?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:50 AM

Posted 12 March 2009 - 01:29 PM

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes some features or additional files that can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

Edited by quietman7, 12 March 2009 - 01:30 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:50 AM

Posted 12 March 2009 - 01:35 PM

A little more to add as to why combofix is dangerous. From Papakid:

Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.


Ref: http://www.bleepingcomputer.com/forums/ind...p;#entry1159014

Edited by scff249, 12 March 2009 - 01:38 PM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 DavidMc55

DavidMc55

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 19 March 2009 - 06:19 AM

Just read what is said about Combofix. I had to use it because I had tried every other program to get rid of a nasty malware called Win32rootkitTDSS. Luckily I have a friend who is a computer person and he said to run it and just leave it to do its thing. I ran the program and it deleted the rootkit and and everything is working normal now and no rootkit on system. I appreciate this is a powerful tool and wont be using it again unless its a last resort. I have ad aware installed and did a scan with it and it hasnt found any rootkit or malware thank goodness.

#5 AlabasterDragon

AlabasterDragon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 14 April 2011 - 01:10 PM

quietman7

I have a question about your response. I know your response is at least 99% CYA, but still doesn't make sense. If (from another forum) combofix is only for private use and is not to be used to business or corp. use then how exactly should it be used? In this response you say it is only for expert use. What experts are there that are not business persons?!? Basically it's not for private or business use. So is there some other group that fall in between those two that I've never heard of? I've always understood things to either be private or public; private individual, or public business. I don't believe I've see a "neither" ever in my life.

Some of both response: "we don't really intend for anyone to actually use this, so don't blame us when something goes wrong."

Don't get me wrong I've used it plenty of times, and love the product. I commend the author for his fine work. I don't recommend it for end users. End users are usually idiots which is why they higher the "expert" who is from a business who rents experts. It's just odd that neither the end user should use combofix, and the neither should the expert if they work for a business. I just don't know of many experts that don't work for a business.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:50 AM

Posted 14 April 2011 - 02:56 PM

...then how exactly should it be used?

ComboFix is meant to be used under the supervision and guidance of experts trained in its use.

Posted Image

Those experts are volunteers who have graduated from one of several Unite Schools and they can be found at various online security sites such as BC. The developer did not intend for his tool to be used any other way and it certainly was not intended for those running a computer business or for use in a business/corporate environment.

When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

We are not only here to help members but to protect them from doing damage to their computers by using tools they are not familiar with. Some folks may not ask for help and just follow directions given to someone else which is very risky. As such, we post a lot of warnings. I'm sure you can appreciate and understand why we do this.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users