is a rootkit scanner that detects userland rootkits and is used with some specialized fix tools. It is not harmful. Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool
", "Hacking Tool
", "Potentially Unwanted Program
", or even "Malware
" (virus/trojan) when that is not the case
. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.
Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.
It means it has the potential
for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis
engine which provides the ability to detect possible new variants of malware
. Anti-virus scanners cannot distinguish
between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove
them. In these cases the detection is a "False Positive
SHould I leave combofix on my PC or uninstall it? Is there a security risk to leave it there?
Please note the message text in blue
at the top of the Am I infected? What do I do?
forum. No one should be using ComboFix
unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator
to be "used under the guidance and supervision of an expert
. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read the pinned topic ComboFix usage, Questions, Help? - Look here
To uninstall ComboFix, go to
and type in the run dialog box: ComboFix /Uninstall
- Press OK.
- If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
- This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
users, users can refer to these instructions: How to Enable Run Command in Vista
Edited by quietman7, 19 April 2010 - 07:20 AM.