Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Avast indicates infection from combofix download

  • Please log in to reply
1 reply to this topic

#1 Tenko Kitsune

Tenko Kitsune

  • Members
  • 1 posts
  • Local time:10:01 AM

Posted 09 January 2012 - 03:44 AM

Working on my room mates computer. He has a "Win 7 Antispyware 2012" infection. Was unable to download combofix. Attempted download from my computer. After download completed on my computer, I received a warning indicating an infection was blocked from bleepingcomputer.com.

I will submit a separate forum post for the rogue anti-spyware (after following instructions on http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012). For this post I am interested in the supposed threat from downloading combofix. I find it highly unlikely there is a real threat there, but would like a third party to investigate.

I will include the reports I received as well as a link to the avast reports. The first time I downloaded combofix was via "http://majorgeeks.com/Combofix_d6402.html". I ran a double check by going to "http://www.bleepingcomputer.com/download/anti-virus/combofix" and selecting "BleepingComputer Mirror". I was notified an infection was present both times.

Windows 7 Professional (64-bit)
Service Pack 1

Avast! Free Antivirus
Current Version: 6.0.1367
Engine and virus definitions are up to date

--- (via Majorgeeks)
Infection Details
URL: http://download.bleepingcomputer.com/sUBs/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]
Process: file://C:\Program Files (x86)\Mozilla Fiirefox\firefox.exe
Infection: win32:Rootkit-gen [Rtk]


----- (via Bleepingcomputer)
Infection Details
URL: http://download.bleepingcomputer.com/protected/df1da0ab99d7a48b686bde02a4ad31b7/4f0a9763/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]
Process: file://C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Infection: win32:Rootkit-gen [Rtk]


Error message on computer infected with rogue anti-spyware:

Download Error
C:\Users\Bajeeba\Downloads\comboFix.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator

BC AdBot (Login to Remove)


#2 Minh Triet Pham Tran

Minh Triet Pham Tran

  • Members
  • 110 posts
  • Gender:Male
  • Local time:01:01 PM

Posted 09 January 2012 - 05:24 AM

Avast usually have false positive problems.
It currently has a false detection:
VirusTotal - Free Online Virus, Malware and URL Scanner

You should read the following topic:
ComboFix usage, Questions, Help? - Look here

Edited by Minh Triet Pham Tran, 09 January 2012 - 05:25 AM.

If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users