Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Infected by TR/Agent.5617275


  • Please log in to reply
4 replies to this topic

#1 rocketeer_1968

rocketeer_1968

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 14 April 2015 - 04:46 PM

Hello everyone!

 

This is going to sound weird, I know:

 

AVIRA has repeatedly detected a: TR/Agent.5617275 ... in Combo Fix. 

 

I don't know what to think... I've been using Combo Fix for a couple years, and never once have I experienced problems. 

 

Is this a false positive, or is there something else going on in my PC?

 

It's driving me crazy. I am aware there's at least one virus I need to remove, but this Avira message really baffled me. 

 

Any suggestions, opinions more than welcome...  Thanks!

 

Stefano


Edited by Queen-Evie, 14 April 2015 - 04:54 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:55 PM

Posted 14 April 2015 - 04:52 PM

Hello there,
 
This is a false positive.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk ToolHacking ToolPotentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored. Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with ComboFix. We can inform the developer but he has encountered this issue many times before and in most cases there isn't much he can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database. 
 
Also, you should NOT run ComboFix on your own without the guidance of a trained Malware Response Team member.
 
If you need help with malware removal, please follow the Preparation Guide and start a new topic in the appropriate area.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:55 AM

Posted 14 April 2015 - 07:39 PM

:welcome: to Bleeping Computer.

If you did not download ComboFix from the authorized download page, the above explanation may not apply. There are a number of unofficial sites which host various unauthorized versions of ComboFix (many of which are outdated) or files which claim to be ComboFix. None of these sites are affiliated with the legitimate tool created by sUBs.

If you did download from the authorized site here, then as noted, either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 rocketeer_1968

rocketeer_1968
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 15 April 2015 - 09:54 AM

Thank you very much (Alexstrasza and quietman7) for your information and advice. I alway try to be careful, follow directions, and read instruction sheets and manuals. In fact, I had serious doubts regarding Avira's diagnosis, and virtually none about Combofix. Whenever I need it, I either check or log on to Bleeepin' Computer website to ensure I have the latest and safest release. One thought just crossed my mind ... Is it even conceivable for a Combofix file (stored in Downloads folder) that worked fine the first time around could get infected?  Just a thought .. Thanks much again!   S.C.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:55 AM

Posted 15 April 2015 - 01:01 PM

Yes it is always possible for any .exe file to become infected especially if dealing with file infectors. However that type of malware more typically known for injecting code into legitimate critical system files, especially those required for the boot up process.

Keep in mind that ComboFix is frequently updated. When needed the most current version should always be downloaded. You should not attempt to use older versions so there really isn't any need to save it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users