The official site for downloading ComboFix
is provided in the authorized Guide and tutorial on How to use ComboFix
. The link in that guide redirects to ComboFix Download page
hosted by BleepingComputer.
There are a number of unofficial sites
which host various unauthorized versions
of ComboFix (many of which are outdated) or files which claim to be ComboFix. Both ComboFix.org and ComboFixdownload.com offer unauthorized versions of the tool and the download links are seldom current. None of these sites are affiliated with the legitimate tool created by sUBs.
Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix
may at times be detected by some anti-virus and anti-malware scanners as suspicious
, a Risk Tool
, Hacking Tool
, Potentially Unwanted Program
, a possible threat
or even Malware (virus/trojan) when that is not the case
. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed
, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.
When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis
engine which provides the ability to detect possible new variants of malware
. Anti-virus scanners cannot distinguish
between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove
them. In these cases the detection is a "false positive
" and can be ignored. Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with ComboFix
. We can inform the developer but he has encountered this issue many times before and in most cases there isn't much he can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.
If you need individual assistance with a malware infection, please follow the instructions in the Preparation Guide For Requesting Help
starting at Step 6.
- If you cannot complete a step, then skip it and continue with the next.
- In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs
in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team Experts.Start a new topic
, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway
. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.