Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix removes UltraVNC...


  • Please log in to reply
6 replies to this topic

#1 Shimonhead

Shimonhead

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 13 February 2014 - 12:04 PM

This happens in every case with the latest version. Is there any way this program can be made exempt from being removed as as malware by ComboFix when it runs?

 

If this is the wrong place to post this, or if there is a way to mail the ComboFix creator directly, please let me know.

 

Thank you,

 

Shimonhead


Edited by Shimonhead, 13 February 2014 - 12:20 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 AM

Posted 13 February 2014 - 12:58 PM

The developer (sUBs) will need to see the log and a sample of the file so he can investigate. Please submit (upload) a copy of ComboFix.txt and the file(s) to this Submit Malware Sample page.
  • Fill in the requested information, comments and any further information.
  • Zip the file(s) using a zipping program (i.e. 7-zip, WinRAR).
  • Click the Browse... button and navigate to the location of the file.
  • Click on the file to highlight it and choose Open.
  • Click the Send File button.
  • You will not be able to view the files that have been uploaded as they only show to the authorized users who can download them.
  • sUBs will be able to collect the file(s) from there and examine them.
  • Let me know when you have done this.
Thanks.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Shimonhead

Shimonhead
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 13 February 2014 - 02:46 PM

Update...upon looking through the log, it turns out ComboFix is not actually removing the UltraVNC program...just killing the service, which will not restart after a reboot. You have to manually restart-rerun the service from the Program Files/UltraVNC start menu and it will resume normal function therafter...but the killing of the service by ComboFix still needs addressed.

 

As there is no actual file to send, should i just forward the log to the Submit Malware Sample form?


Edited by Shimonhead, 13 February 2014 - 02:47 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 AM

Posted 13 February 2014 - 03:18 PM

Yes submit the log. I provided a link to this topic so sUBs will be able to read your update.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Shimonhead

Shimonhead
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 14 February 2014 - 08:59 AM

Ok...file and link to this topic submitted at 8:57 AM, Eastern Time.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 AM

Posted 14 February 2014 - 09:09 AM

When I hear from sUBs I will let you know.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 AM

Posted 15 February 2014 - 08:39 AM

sUBs said this issue was addressed a few years ago, ComboFix was not intended to be run from within a VNC session. You can use Malwarebytes for that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users