Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Combofix removes ACT software

  • This topic is locked This topic is locked
1 reply to this topic

#1 qtech


  • Members
  • 2 posts
  • Local time:08:26 AM

Posted 09 July 2009 - 06:55 PM

Hello All,

Long time lurker, first time writer.

I've run into a situation today that I found rather unusual. I ran a current version of combofix on an XP SP3/IE7 home box to remove a drive-by rogue AV install (garden variety antispy2009- iehelper.dll., proquota.exe, etc.). The machine is otherwise clean.

Oddly, combofix tagged an entire installation of ACT (older version) as infected. The results are what you would expect with a 'virut' type infection. I have not yet confirmed that these files are truly infected (I'll upload to Virustotal tomorrow). I strongly suspect (based on 9 years of IT experience and plenty of combofix runs) that this is a false positive and I'm wondering if there is an appropriate way to communicate the issue to sUBs.

Alternately, if this issue has already been discussed, please direct me to the details.

Thanks for your time. And much love to the folks that hold down this fort.


(mods- feel free to place this post somewhere more appropriate if necessary)

Edited by boopme, 09 July 2009 - 08:00 PM.
Moved from HJT (no Logs) to Am I Infected~~boopme

BC AdBot (Login to Remove)



#2 qtech

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:26 AM

Posted 10 July 2009 - 05:42 PM

False positive confirmed.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users