To Customer Support To Customer Support
Solved

For Malware Removers Only: Information about ComboFix being infected and what you should do:

  • 29 January 2013
  • 8 replies
  • 1327 views
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus. The minute we heard about this, we pulled the executable so that it is no longer available from BleepingComputer.com. Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.

The developer, sUBs, is currently looking into what happened and when I have a full update, I will be sure to let you know. From the limited information that I have, it appears that the affected version has been available since approximately 2am EST on January 29th, but it may have been earlier. If this timeframe changes, I will update this topic to let you know. If you have used a new copy of ComboFix in the last day or so, then you should examine your system for possible infection. If you have used a copy of ComboFix prior to this version, then you should be ok.

In the meantime, it is important for those who may have used ComboFix recently and are concerned they are infected to get the help they need. As the Sality infection has been around for a while, almost all antivirus vendors will have detected it and blocked it when you ran ComboFix. Unfortunately, not everyone has up-to-date virus definitions or uses an AV program, so it is important to examine your system if you have downloaded a new copy and used it since 2am EST.
 
Full Article
 
TH
icon

Best answer by RetiredTripleHelix 29 January 2013, 21:13

View original

8 replies

JimM
Userlevel 7
Good to know! This infection was very short-lived on his site according to his post. Webroot users wouldn't typically ever need to run ComboFix, but this information is still quite applicable to others.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ wrote:
Good to know! This infection was very short-lived on his site according to his post. Webroot users wouldn't typically ever need to run ComboFix, but this information is still quite applicable to others.
I agree and I know that some users that use it and wanted to let them know just in case. ;)
 
TH
superssjdan
Rank
Userlevel 7
Badge +13
I definitely find it troubling that a tool experts use to help remove certain stubborn infections indeed contained a file that was infected with Sality.What's next?Combofix infected
I must continue to say it's great being part of the Webroot team:D
WSA 9.0.29.62,Macrium Reflect Paid, Diskeeper 18,AMD Ryzen 7 3700X - 32GB 3000mhz Memory - AMD Radeon RX 5700 XT - 2TB HDD + 1 TB Samsung M.2 970 EVO SSD
pegas
Rank
Userlevel 7
Thanks superssjdan but TH already posted it https:///t5/Security-Industry-News/For-Malware-Removers-Only-Information-about-ComboFix-being/m-p/23576 yesterday ;)
JimM
Userlevel 7
@ wrote:
Thanks superssjdan but TH already posted it here yesterday ;)
Time for a ComboThread :D
I'll just merge these.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
ProTruckDriver
Rank
Userlevel 7
Thanks TH for the heads up on ComboFix. I see many people using it on other forums. It's great to know the we using WSA don't have to worry about it. 😉
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm.  "An Apple a Day, Keeps Microsoft Away." 
superssjdan
Rank
Userlevel 7
Badge +13
Oops.Didnt realize it had been posted already.Should have known TH would have been on it.That's why he's an MVP:D
WSA 9.0.29.62,Macrium Reflect Paid, Diskeeper 18,AMD Ryzen 7 3700X - 32GB 3000mhz Memory - AMD Radeon RX 5700 XT - 2TB HDD + 1 TB Samsung M.2 970 EVO SSD
cohbraz
Rank
Userlevel 7
It is getting bad when you use a removal tool to get rid of one malware only to install a different one.

That's like trading Roger Clemens for Alex Rodriguez.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.