Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix-changed My Default Browser Settings?


  • Please log in to reply
9 replies to this topic

#1 zorandjr

zorandjr

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 08 February 2007 - 09:46 AM

Windows XP(NT) Pro SP2


I have downloaded Combofix.exe from this address

http://download.bleepingcomputer.com/sUBs/combofix.exe

I have scanned with it and got a report,nothing found I think- no indication in the report

But after scanning with it , IE icon showed up on Desktop and Firefox reported that it is not Default browser ,and my IE home page changed from Blank to MSN, and this is what I have discovered for now.
Is this normal or I did something wrong?

After scanning with it all I did was download AVG AntiSpyware from Ewido/AVG site
All downloads were done with Opera


Second question is- Do you know why I have this from UNA at Virustotal.com:

UNA -1.83 -01.30.2007 Trojan.Win32.Agent.BA1E (and today too) for DrWeb Cure-it?

This was something that happened once before when I accidentally emailed Stinger, Combofix and Vcleaner/grisoft/ to Virustotal - but from ESafe( -Trojan/Worm)

Edited by zorandjr, 08 February 2007 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 zorandjr

zorandjr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 08 February 2007 - 01:00 PM

and the almost the same for combofix.exe, as the last time

Complete scanning result of "combofix.exe", received in VirusTotal at 02.08.2007, 18:45:06 (CET)

AntiVir 7.3.1.34 02.08.2007 no virus found
Authentium 4.93.8 02.07.2007 no virus found
Avast 4.7.936.0 02.08.2007 no virus found
AVG 386 02.08.2007 no virus found
BitDefender 7.2 02.08.2007 no virus found
CAT-QuickHeal 9.00 02.08.2007 no virus found
ClamAV devel-20060426 02.08.2007 no virus found
DrWeb 4.33 02.08.2007 no virus found
eSafe 7.0.14.0 02.08.2007 suspicious Trojan/Worm
eTrust-InoculateIT 30.4.3378 02.08.2007 no virus found
eTrust-Vet 30.4.3378 02.08.2007 no virus found
Ewido 4.0 02.08.2007 no virus found
Fortinet 2.85.0.0 02.08.2007 no virus found
F-Prot 4.2.1.29 02.07.2007 no virus found
F-Secure 6.70.13030.0 02.08.2007 no virus found
Ikarus T3.1.0.31 02.08.2007 Trojan-Dropper.Win32.Delf.FZ
Kaspersky 4.0.2.24 02.08.2007 no virus found
McAfee 4959 02.08.2007 no virus found
Microsoft 1.2101 02.08.2007 no virus found
NOD32v2 2046 02.08.2007 no virus found
Norman 5.80.02 02.08.2007 no virus found
Panda 9.0.0.4 02.08.2007 Suspicious file
Prevx1 V2 02.08.2007 no virus found
Sophos 4.13.0 02.08.2007 no virus found
Sunbelt 2.2.907.0 02.02.2007 no virus found
Symantec 10 02.08.2007 no virus found
TheHacker 6.1.6.053 02.07.2007 no virus found
UNA 1.83 02.08.2007 Trojan.BAT.Small.BC0B
VBA32 3.11.2 02.08.2007 no virus found
VirusBuster 4.3.19:9 02.08.2007 no virus found

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 08 February 2007 - 02:12 PM

I have scanned with it and got a report,nothing found I think- no indication in the report...

Do you know what to look for? Who asked you to download and run Combofix? What problems are you having that you needed to use it? This is an advanced tool normally used by experts who are helping others to investigate and remove malware infections in the Hijackthis forum. It is intended to be used under the guidance and supervision of an expert, not for private use.

I will let sUBs know so he can look at these results.

Edited by quietman7, 08 February 2007 - 02:37 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 zorandjr

zorandjr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 08 February 2007 - 07:08 PM

Sorry if I have upset anyone.
This was just a question.


It was not a some big problem in question, just doing the scans with usual AV/Anti spyw/adware programs and few tools,
because I was going to uninstall and install some things/defrag and make a Window Update.
So I did this scan too,
and I didn't think that I will know what to look for,

but I did expect something like this:

from the report of combofix-


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

This is only a part of it, and I suppose that it is not not the full result
but there was no prompt for removal or reboot, so I didn't think that there was anything wrong.
And I don't think that there was any permanent damage

I didn't know that this was something that I'm not supposed to try-
I am aware that it is my fault if anything goes wrong-and this was just a question,I repeat

Neither of my posts wasn't intended to be insulting or offensive, or accusing
,
I just wanted some information, and to know if it happened before
so if there are some other changes, I can reverse them

As for Virustotal, I just wanted to know, if there was anything wrong with my computer, or these are just false positives, again



That is all, thanks

Edited by zorandjr, 08 February 2007 - 07:29 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 08 February 2007 - 07:52 PM

I understand you had a question and that's fine. However, I also have an obligation to advise members on the proper use or misuse of such tools. Using a tool your not familiar with and/or using it incorrectly could result in unintended consequences. By advising you of ComboFix's intended use, I am also advising others reading this thread.

BTW its not unusual for ComboFix to be flagged as a Trojan by some anti-virus programs due to a variety of reasons relating to how the tool is created.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 zorandjr

zorandjr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 08 February 2007 - 07:59 PM

Thanks

#7 zorandjr

zorandjr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 20 February 2007 - 01:48 PM

Should I be worried about this:


The tool, ComboFix has been temporarily withdrawn.

The author discovered a rootkit infection that will intefere with ComboFix's running.

This will cause Combofix to be UNSAFE FOR USE on your machine.

Even if you manage to find a mirror for the tool, PLEASE DO NOT RUN THIS TOOL

Apologies for any inconvenience caused


and

I have just encountered a rootkit that will cause CF to recursively delete all files from SystemDrive.

Pulling the tool till further notice.

Please inform your users not to use CF. Who knows if that rootkit is in there.

Please spread the word. Also have users delete their copies of CF

?


I have scanned recently, not with combofix.Nothing was found.


Everything was slower, mainly downloads, after my mistake with combofix.

and avgas.exe (avg antispyware) jumping, wanting to enter the Internet, even if I have the free version,
therefore no automatic updates....

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 20 February 2007 - 02:17 PM

No, that was a more recent advisory posting after discovering the problem. Just delete all instances of combofix you may have and do not use it again until further notice.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 zorandjr

zorandjr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 20 February 2007 - 02:23 PM

thanks

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:01 PM

Posted 20 February 2007 - 02:40 PM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users