Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Renamed ComboFix


  • Please log in to reply
2 replies to this topic

#1 PixelPlay

PixelPlay

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 24 July 2010 - 01:47 PM

A few months back I came to BC for malware detection and removal and was instructed to use ComboFix. I wasn't able to get through the whole process the last time and was left with ComboFix on my system. Just recently my Avira AntiVir detected ComboFix as malware and it hasn't had this problem before.

The automatic scanner reported this:

The file 'C:\Documents and Settings\Keo\Desktop\schrauber.exe'
contained a virus or unwanted program 'TR/ADH.CNQ' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4f039503.qua'.

Note that schrauber.exe is my renamed ComboFix.

Is this a sign of malware taking advantage of ComboFix on my system?

Will the problem go away if I simply remove ComboFix?

Or should I seek further help in the malware removal forums here on BC?

Update: Apparently Avira completely quarantined ComboFix and removed it from my desktop. Should there be any further problems?

Edited by PixelPlay, 24 July 2010 - 01:49 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:33 PM

Posted 24 July 2010 - 02:23 PM

Hi,

AV programs oftentimes reports one of our tools as malware. This is a false alarm.

You can run this to delete any leftovers related to our tools.
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

If you still have any problems with the system, it would be good to open up a new thread in the malware removal area.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 25 July 2010 - 06:47 AM

As schrauber indicated this is a false positive.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users