Please understand that cryptodan is simply responding in accordance with sUBs' (the developer) warning which says ComboFix is permitted for non-commerical purposes only and should not be used in an unsupervised environment. sUBs includes such a statement in his disclaimer
which you see when running his tool.
It's not that ComboFix is dangerous, but that it is a powerful
tool. Using this tool incorrectly even by experienced techs could lead to disastrous problems with your operating system such as preventing it from ever starting again. Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, our experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.
We are only attempting to look out for the best interests of all our members (including you) when we provide these warnings. Our forums are targeted more for the novice user which makes up most of our membership. We provide help based on that premise since it is impossible for us to know the extent of a member's background, knowledge level and experience until we get to know them. I hope you can appreciate and understand why we do this.
With that said, let me explain what you most likely encountered.
Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool
", "Hacking Tool
", "Potentially Unwanted Program
", or even "Malware
" (virus/trojan) when that is not the case
. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed
, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.
Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program.
It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis
engine which provides the ability to detect possible new variants of malware
. Anti-virus scanners cannot distinguish
between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove
them. In these cases the detection is a "false positive
The problem is really with the anti-vendors who keep targeting these embedded files and NOT with ComboFix. We can inform the developer but he has encountered this issue before and in most cases there isn't much he can do about it.