sweidre Posted June 6, 2011 Report Share Posted June 6, 2011 Hi, below there is a copy of an email sent to firstname.lastname@example.org : -----------------Quote------------------ Hello, My Immunet Protect v.18.104.22.16848 Public Beta 1 Free (with enabled ClamAV) quarantined C:\Users\Goran\Desktop\Combofix.exe as a Malware! After restoration from quarantine I uploaded the file to Virus Total, where 35 AV engines of the total 43 analyzed the file. Four of the engines: 1. ClamAV 2. eSafe 3. Jiangmin 4. Sophos reported the file as malware (virus, trojan etc. see attachment 1) The VT report shows that the file scored 4/35 = 11.4%! Maybe a “false positive”? The exe-file compressed into a zip-file is attached to this email: ComboFix.zip (see attachment 2) Comments: ComboFix.exe is a special software, that removes “rouges” & “rootkits”, but nobody knows, how the software really works in the blue screen (=DOS) environment! On the website “BleepingComputer”, that besides a download facility, also have very detailed descriptions of installation and handling of Combofix, it is written, that prior to installation all AV product(s) must be uninstalled! (Once Combofix has done its whole cleaning job, the AV product(s) should then be reinstalled!) Combofix.exe is clean, but a strange product, hence the negative view upon Combofix by 4 of the AVs! How will the laboratory of Immunet classify Combofix?? Interesting! OK, Immunet (with ClamAV activated) quarantined three files of the C-drive (systemdrive). I do not expect to find any malwares on the pure datadrives, but I have two drives with software setup files! Let’s see! Scanning archives & packed files prolongs scanning time significantly! Scanning of my systemdrive took 4.5 hours! -----------------Unquote------------------ Cheers, sweidre PS. Attachments 1-2 are attached to the email only, hence no upload of them to this forum! DS. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.