Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee reporting combofix as a trojan???


  • Please log in to reply
7 replies to this topic

#1 idiot10j

idiot10j

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 11 July 2009 - 09:24 PM

Over the 4th weekend, my computer got hit by a virus that really messed up my computer, removed all of the restore points, infected all files that prefetch called, and kept stating that google updater encountered a problem (before I could even login) after I created a fresh install of XP pro, (including installing mcafee which my ISP provides free) A friend of mine mentioned combofix to me, and I thought I'd check it out, but when downloading it, Mcafee blacklisted it mentioningthat it contains a trojan, Artemis!E8F11525BD9B, from all 3 of the download links that were on bleepingcomputer website. Has anyone else get a virus detected warning while downloading the software? I didn't find anything when searching for trojan detected on download of combofix on the site...


EDIT: Moved to a more appropriate forum

Edited by garmanma, 11 July 2009 - 09:58 PM.


BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:00 AM

Posted 11 July 2009 - 09:59 PM

It is a false positive
Please read thew disclaimer before running it yourself
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 idiot10j

idiot10j
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 11 July 2009 - 10:19 PM

unfortunately, I cannot find this disclaimer that you are referring to, is it located within the program, instead of something that i could find easily?

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:00 AM

Posted 12 July 2009 - 09:17 AM

Posted Image
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 idiot10j

idiot10j
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 12 July 2009 - 07:50 PM

Thank you garmanma. I guess that since it couldn't even DOWNLOAD without coming up with a trojan alert, I will NOT be using it..

This will be the END of my participation on this forum.

idiot10j

#6 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:00 AM

Posted 13 July 2009 - 05:28 PM

Even though you say you are done here I still want to point this out. If you would do a little research on these types of programs, you would find that the tools that they use are often detected as malicious by many antivirus programs but these are FALSE positives, as Garnmanma said. False positives means they are not trojans or anything else malicious. But in any case, you really should not use this particular tool without supervisiion from an expert in malware removal as the use of it on your own could lead to the computer becoming inoperable.

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:00 AM

Posted 13 July 2009 - 05:32 PM

Does anyone know what it means if an antivirus program does not detect ComboFix as anything bad when it is downloaded? As in, does that mean the antivirus program is not as good as others and did not detect something it should have, or does it mean that it that it is able to tell that it is not malicious?

Edited by Stang777, 13 July 2009 - 05:32 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 AM

Posted 15 July 2009 - 12:45 PM

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or it can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's Heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

Edited by quietman7, 15 July 2009 - 12:46 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users