BoClean & Combofix?

Discussion in 'other anti-trojan software' started by controler, Dec 14, 2008.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Last edited by a moderator: Dec 14, 2008
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    combofix is safe and clean.
     
  3. controler

    controler Guest

    Why is it is BoCleans defs? you think someone would have mentioned it to them by now to be removed.
    Are all the AV's flagging it's packing then?

    Actualy I have used it before and BoClean never flagged it at that time. Maybe a few months ago.
     
  4. controler

    controler Guest

    This version of Combofix also asks to close BoClean..

    Why is that?
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    not sure why BOclean is saying that, but my AV or any other of my security have never had this kind of FP with combofix, i guess it could be asking that due to incompatibility?
     
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Bruce,

    Please allow me to give a more general answer. I hope that that is OK.

    In the following two postings I will give you examples from the DSLR Security Cleanup forum. HJT-logs are there handled by experts.

    Why am I giving these examples, from two different HJT-experts?
    Well, both of them give a strong advice to disable your AV, AT, AS, etc. when running ComboFix.

    I am afraid that I might blow up the margins with my following screenshots. I do apologize for that.

    I hope this might help, although it was more a general answer ;)

    Cheers, Jan.
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564

    Attached Files:

  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564

    Attached Files:

  9. controler

    controler Guest

    Hi Jan

    Yup I knew that about disabling things. I was just wondering why in the past when i ran it I got no flag from boclean and why the AV's keep it in their Defs.
    I think now I see why. I think it is because they use a very powerful command line tool called NirCmd. I believe i posted a link to what all it does but may have been removed.

    http://www.nirsoft.net/utils/nircmd.html

    Thanks

    bruce
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    If anyone routinely reads hijackthis forums as i still occasionally do, one has to wonder if malware makers also monitor those fixes because for the longest time it seems they consistently throw Combofix or a few other of the same fix utilities all the time. Not to say they aren't useful but it strikes me as odd that they are still routine and long used tools against malware infections whether they seem to always to be of the same type or not.

    Beats me, but odd IMO.
     
  11. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    AV's like Avira or Dr.Web (those 2 I have experienced this) flag this kind of tool. Can't remember exactly which, because I have comboFix, VundoFix, Virtumondobegone, etc in my arsenal... some of them are flagged all the time...
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    using avira here and it hasnt flagged my combofix. :cool:
     
  13. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Indeed these malware authors/jerks/*$^$*$^$*$ do monitor many, many sites. MS monthly patches = "HOW TO DISABLE WINDOWS," by Bill and Linda Gates

    Firewall updates = how to bypass firewall and steal identity (SEE HOW MANY MORE HACKER PINGS YOU GET AFTER VISITING WWW.GRC.COM!)

    How to remove crudware = how to make better crudware.

    Finally, many years ago, circa 2000, several jerks joined a forum by a very popular antimalware good guy, then they hacked his forum using free hours from a VERY well-known internet provider.

    Dave
     
  14. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    some of the tools combofix uses are the same types of programs viruses use

    as such some of the exe's are flagged

    it is, infact safe though
     
  15. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    combofix is updated ALOT btw
     
  16. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Correct. ComboFix is a homemade program and uses a variety of "tools", some which are "potentially malicious/dangerous" to disinfect malware.

    A word to the wise; if you are going to use ComboFix, make sure that your AV is disabled; its behavioral analysis may block ComboFix.

    Now, would you consider blocking ComboFix a FP?
     
  17. Rednose!

    Rednose! Registered Member

    Joined:
    Apr 7, 2008
    Posts:
    80
    Location:
    Netherlands
    Hi bruce.

    You are perfectly right. BOClean flags NirCmd as RSK-NIRCMD.SAA

    RSK stands for RISK, which means that NirCmd itself is not Malware, but it can be used Malicious as well.

    Greetz, Red.
     
  18. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Specfically, NirCmd can be leveraged and exploited or be modified and used for malicious purposes.
     
Thread Status:
Not open for further replies.