Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Reported as a Virus by CA Antivirus


  • Please log in to reply
3 replies to this topic

#1 jonas4321

jonas4321

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 09 December 2009 - 01:13 PM

I have tried downloading ComboFix.exe from both of the links provided on this site, and my Computer Associates eTrust Threat Management Antivirus (the commercial software) engine version 35.1.0.0, signature version 35.1.7166.0 keeps killing the downloaded file with the claim that it is infected (I replaced identifying info with the dots):

The Win32/SillyDl.PRR was detected in C:\DOCUMENTS AND SETTINGS\.....\COMBOFIX.EXE.
Machine: ............, User: .......
Status: File was cured; system cure performed.

The "cure" is to delete the file.

I have been able to download this file on other PCs with other AV running, so I assume that it's a false positive. But, I usually trust the corporate version of CA AV than I do free stuff.

Thoughts?

Edit: Moved topic from Tutorials to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:38 AM

Posted 09 December 2009 - 05:16 PM

It is a FP
There is nothing malicious in Combofix, providing it was downloaded from this site
Offhand I don't remember the files in question
I do remind you to read the disclaimer

Edited by garmanma, 09 December 2009 - 05:18 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:38 AM

Posted 09 December 2009 - 06:10 PM

You might also want to take a look here: ComboFix usage, Questions, Help? - Look here

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:38 AM

Posted 10 December 2009 - 03:14 PM

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or it can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users