Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast indicates infection from combofix download


  • Please log in to reply
1 reply to this topic

#1 Tenko Kitsune

Tenko Kitsune

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 09 January 2012 - 03:44 AM

Working on my room mates computer. He has a "Win 7 Antispyware 2012" infection. Was unable to download combofix. Attempted download from my computer. After download completed on my computer, I received a warning indicating an infection was blocked from bleepingcomputer.com.

I will submit a separate forum post for the rogue anti-spyware (after following instructions on http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012). For this post I am interested in the supposed threat from downloading combofix. I find it highly unlikely there is a real threat there, but would like a third party to investigate.

I will include the reports I received as well as a link to the avast reports. The first time I downloaded combofix was via "http://majorgeeks.com/Combofix_d6402.html". I ran a double check by going to "http://www.bleepingcomputer.com/download/anti-virus/combofix" and selecting "BleepingComputer Mirror". I was notified an infection was present both times.

-----
Windows 7 Professional (64-bit)
Service Pack 1

Avast! Free Antivirus
Current Version: 6.0.1367
Engine and virus definitions are up to date

--- (via Majorgeeks)
Infection Details
URL: http://download.bleepingcomputer.com/sUBs/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]
Process: file://C:\Program Files (x86)\Mozilla Fiirefox\firefox.exe
Infection: win32:Rootkit-gen [Rtk]

http://www.avast.com/en-us/lp-security-information-fp?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_vir=win32:Rootkit-gen%20[Rtk]&p_prc=file://C:\Program%20Files%20%28x86%29\Mozilla%20Firefox\firefox.exe&p_obj=http://download.bleepingcomputer.com/sUBs/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=232&p_lng=en&p_lid=en-us&p_elm=7&p_vbd=1367


----- (via Bleepingcomputer)
Infection Details
URL: http://download.bleepingcomputer.com/protected/df1da0ab99d7a48b686bde02a4ad31b7/4f0a9763/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]
Process: file://C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Infection: win32:Rootkit-gen [Rtk]

http://www.avast.com/en-us/lp-security-information-fp?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_vir=win32:Rootkit-gen%20[Rtk]&p_prc=file://C:\Program%20Files%20%28x86%29\Mozilla%20Firefox\firefox.exe&p_obj=http://download.bleepingcomputer.com/protected/df1da0ab99d7a48b686bde02a4ad31b7/4f0a9763/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=232&p_lng=en&p_lid=en-us&p_elm=7&p_vbd=1367


-----
Error message on computer infected with rogue anti-spyware:

Download Error
--
C:\Users\Bajeeba\Downloads\comboFix.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator

BC AdBot (Login to Remove)

 


#2 Minh Triet Pham Tran

Minh Triet Pham Tran

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 09 January 2012 - 05:24 AM

Avast usually have false positive problems.
It currently has a false detection:
VirusTotal - Free Online Virus, Malware and URL Scanner
http://www.virustotal.com/file-scan/report.html?id=437441626166fac349681f726ef20877447d58995d2046ed0f8bb5644f88e9f1-1326102653

You should read the following topic:
ComboFix usage, Questions, Help? - Look here
http://www.bleepingcomputer.com/forums/topic273628.html

Edited by Minh Triet Pham Tran, 09 January 2012 - 05:25 AM.

If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users