Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Issues


  • Please log in to reply
8 replies to this topic

#1 Ambibambi

Ambibambi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 18 April 2010 - 02:58 PM

Hi

I rang combofix and it turned out I didnt have any issues, but I wanted to check three things:
1. Is the file catchme.cfxxe harmful?
2. It keeps saying I have cd emulation drivers installed that need to be disabled. I dont. I ran deFogger, and even that ddint ask me to restart my Computer after disabling (which I think it should do if there were any). Correct? Is there something else that could be installed that it is confusing with CD emulators? I am paranoid about potential hackers installing stuff without me being aware.
3. SHould I leave combofix on my PC or uninstall it? Is there a security risk to leave it there? If uninstall, what is the procedure>?

Thanks for your help!
Amber

Edited by Orange Blossom, 18 April 2010 - 03:02 PM.
Move to AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 AM

Posted 19 April 2010 - 07:15 AM

Catchme is a rootkit scanner that detects userland rootkits and is used with some specialized fix tools. It is not harmful. Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

SHould I leave combofix on my PC or uninstall it? Is there a security risk to leave it there?

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

To uninstall ComboFix, go to Posted Image > Run... and type in the run dialog box: ComboFix /Uninstall
  • Press OK.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
-- Vista users, users can refer to these instructions: How to Enable Run Command in Vista

Edited by quietman7, 19 April 2010 - 07:20 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Ambibambi

Ambibambi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 19 April 2010 - 12:53 PM

Thank you so much for your quick reply. I understand your explanation for catchme.cfxxe. Do you know about CD EMulators as well - my second point?

As for uninstalling combofix, both the methods failed. THe COmbofix folder has only one item, NirCmD NirSoft. I renamed it to uninstall.exe but double clicking it just brings up a popup telling me about the file. Doesnt uninstall


THanks so much!!!
AMber

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 AM

Posted 19 April 2010 - 01:34 PM

About CD Emulation & Malware Removal

Download OTC by OldTimer and save to your Desktop.
  • Connect to the Internet and double-click on OTC.exe to start the program.
  • Click on the green CleanUp! button.
  • If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.
  • When it has finished, OTC will ask you to reboot so it can remove itself.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.

If you find any leftover folders/files related to CF after running OTC, you can just delete them manually.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Williamwarn

Williamwarn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 20 April 2010 - 08:32 AM

it's a very powerful program since it can operate below the gui(windows) at an instruction level against rootkits, it depends on the malware but you can wreck your computer if you are not sure what you are doing or check the wrong defaults, not all rootkits or sub gui processes are bad or harmful, try malwarebytes first

#6 Ambibambi

Ambibambi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 20 April 2010 - 12:32 PM

quietman7, williamwarn

THanks for your response. IN the circumstances, shall I just leave combofix there without trying to remove it. Assume it cant do harm if I don't try to run it?

Regards
Amber

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 AM

Posted 20 April 2010 - 12:38 PM

CF has a built-in time out (expiration) feature which is there for protection against using outdated versions. Why would you want to leave an unusable and outdated version of a tool on your machine?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Ambibambi

Ambibambi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 30 April 2010 - 08:51 AM

Hello-sorry for the delay in replying. Well, if combofix is not harming my computer, i dont have issues leaving it there if removing it is so troublesome. Let me know if you think I am bonkers, but as far as i know combofix is harmless, right?

PS - any news about cd emulators. I cant find any on my PC, yet combofix was saying it detected cd emulators runnings

THanks!

#9 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:07:34 AM

Posted 30 April 2010 - 01:18 PM

but as far as i know combofix is harmless, right?

Harmless? Hardly...

It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Why leave a battle axe lying on your kitchen table? See what I mean?

If you need Combofix in the future (DON'T use it unsupervised!), you can always download it again. There is no need to keep it on your computer. What will you do if another person that uses your computer accidentally runs it?
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users