Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam and Combofix


  • Please log in to reply
1 reply to this topic

#1 lkegley9

lkegley9

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 19 April 2011 - 03:47 PM

Hello. I'm new to BleepingComputer but I'm not new to the world of computing. And I had a question that you may or may not be able to answer due to the whole secrecy thing with ComboFix, but its a regular tool that I use to remove the remnants malware and I love it. Have had some irritations regarding it, but thats not necessary to get into right now.

But yes, ComboFix on one system that I got in (Windows Vista), and it removed Steam.exe. I have already restored it back to its original filepath, but just weirded out as to why it would remove it. Just out of curiousity.

Again, I understand the whole secrecy thing, so its no problem if you can't tell me. But I am just curious.

Edited by boopme, 19 April 2011 - 10:04 PM.
Moved to approptiate forum.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:50 AM

Posted 20 April 2011 - 12:51 PM

If it was a legitimate file, then the explanation could be as simple as a "false positive". One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file so a second opinion would help make the confirmation.

If you ran or want to run ComboFix on your own due to malware infection, please be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.

Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users