Combofix.exe

[sweidre]

Hi, below there is a copy of an email sent to support@samples.immunet.com :

-----------------Quote------------------

Hello,

My Immunet Protect v.3.0.2.6548 Public Beta 1 Free (with enabled ClamAV) quarantined C:\Users\Goran\Desktop\Combofix.exe as a Malware! After restoration from quarantine I uploaded the file to Virus Total, where 35 AV engines of the total 43 analyzed the file. Four of the engines:

1. ClamAV

2. eSafe

3. Jiangmin

4. Sophos

reported the file as malware (virus, trojan etc. see attachment 1) The VT report shows that the file scored 4/35 = 11.4%! Maybe a “false positive”? The exe-file compressed into a zip-file is attached to this email: ComboFix.zip (see attachment 2)

Comments:

ComboFix.exe is a special software, that removes “rouges” & “rootkits”, but nobody knows, how the software really works in the blue screen (=DOS) environment! On the website “BleepingComputer”, that besides a download facility, also have very detailed descriptions of installation and handling of Combofix, it is written, that prior to installation all AV product(s) must be uninstalled! (Once Combofix has done its whole cleaning job, the AV product(s) should then be reinstalled!) Combofix.exe is clean, but a strange product, hence the negative view upon Combofix by 4 of the AVs! How will the laboratory of Immunet classify Combofix?? Interesting!

 

OK, Immunet (with ClamAV activated) quarantined three files of the C-drive (systemdrive). I do not expect to find any malwares on the pure datadrives, but I have two drives with software setup files! Let’s see! Scanning archives & packed files prolongs scanning time significantly! Scanning of my systemdrive took 4.5 hours!

-----------------Unquote------------------

Cheers,

sweidre

PS. Attachments 1-2 are attached to the email only, hence no upload of them to this forum! DS.