Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix SonicWall warning


  • Please log in to reply
3 replies to this topic

#1 dparrish2

dparrish2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 10 February 2011 - 07:06 AM

I have been able to download ComboFix and use it with great success. However, our SonicWall now kills the download and I get a warning message that it now contains Downloader.HA_4 which is a trojan. It states that it is trying to drop the following files on the hard drive:

c:\Windows\Temp\svchost.exe (373896 bytes)
c:\Windows\Temp\hosts (1458 bytes)

Has something changed with ComboFix?

PS. This is my first post and I may not be in the correct topic, sorry.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:24 PM

Posted 10 February 2011 - 09:05 AM

Combofix is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "threat" when that is not the case. In those cases the detection is a "false positive".


Where did you try to download ComboFix from? (do not post an active link)

The only download links you should be using can be found in the authorized How to use ComboFix guide.

...you should download ComboFix from one of the following URLs:

  • BleepingComputer.com
  • InfoSpyware.net
To download ComboFix, simply left-click on one of the links above and you will see a prompt similar to the figure below.

Click on the text highlighted in blue in that guide.

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses.

I ask that you heed our warning about using this tool on your own without proper supervision. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dparrish2

dparrish2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 10 February 2011 - 01:47 PM

I have always downloaded ComboFix from BleepingComputer.com and never had an issue until recently.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:24 PM

Posted 10 February 2011 - 02:54 PM

If Sonic is detecting CF as a threat when you download, then the issue is with the vendor for targeting it. If Sonic is detecting CF when running it, be aware that it is recommended that all security tools running in real-time be disabled first. If security tools are running after CF performs its routine and reboots, they may detect files moved by CF into its quarantine folder.

I've have never used Sonic so if you are just trying to download CF, I don't understand how this program is detecting CF as dropping files into temp folders.

Sounds like something else is going on. What issues are you having that requires using CF?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users