Jump to content

Information about ComboFix being infected and what you should do

Starbuck
 Share

Recommended Posts

Starbuck Newbie

Starbuck

Posted
Posted

http://img.photobucket.com/albums/v708/starbuck50/Combofix_infected.jpg

 

Posted by Grinler at Bleeping Computer today:

 

Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus. The minute we heard about this, we pulled the executable so that it is no longer available from BleepingComputer.com. Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.

 

The developer, sUBs, is currently looking into what happened and when I have a full update, I will be sure to let you know. From the limited information that I have, it appears that the affected version has been available since approximately 2am EST on January 29th, but it may have been earlier. If this timeframe changes, I will update this topic to let you know. If you have used a new copy of ComboFix in the last day or so, then you should examine your system for possible infection. If you have used a copy of ComboFix prior to this version, then you should be ok.

 

Hashes of known affected versions are:

 

SHA256: 4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333

MD5: c71b0515ef1200755ae61a5c4c9e8a86

 

In the meantime, it is important for those who may have used ComboFix recently and are concerned they are infected to get the help they need. As the Sality infection has been around for a while, almost all antivirus vendors will have detected it and blocked it when you ran ComboFix. Unfortunately, not everyone has up-to-date virus definitions or uses an AV program, so it is important to examine your system if you have downloaded a new copy and used it since 2am EST.

 

The steps we suggest you take to make sure your computer is not infected are:

 

Scan your computer with ESET's Online Scanner.

 

Download and scan your computer with the Kaspersky Rescue Disk

 

Use SalityKiller if you are unable to use the above tools for some reason. When using this tool, you should disconnect from your network first.

 

Use AVG Sality Remover Tool. When using this tool, you should disconnect from your network first.

 

 

All of these tools should be able to detect and remove Sality from your computer. Sality is also able to spread through mapped network drives and shares. If you share any folders on your network, you should perform the above steps on those computers as well.

 

If you need help with any of these steps, or would like us to check your computer, please feel free to ask us in the forums. You can either post in the Am I infected? forum or create a virus removal assistance topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum using these steps.

 

We are here to help you, so please do not hesitate to ask.

 

I sincerely apologize for any issues this may have caused and assure you that we will do our utmost to help anyone who may have been affected by this situation.

 

Lawrence Abrams

BleepingComputer.com

 

Source:

http://www.bleepingcomputer.com/forums/topic483431.html

Member of:

UNITE

  • Replies 7
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Plastic Nev Newbie

Plastic Nev

Posted
Posted

Nasty indeed, if the hackers can get malware into a malware removal tool, what next?

 

Nev.

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

seedy21 Newbie

seedy21

Posted
Posted

Starbuck

 

 

Did any body found out how the download got infected????

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

Starbuck Newbie

Starbuck

Posted
  • Author
Posted

Posted by sUBs today:

 

I was infected. Actually not so unlikely since I have to on a daily basis, download/processes a large amount of malware specimens. After so many years, this is the first time which I unintentionally infected myself; reason being a faulty mice which triggered an unwanted double click within a zipped attachment of live samples. For those affected, I offer my deepest apologies. It was never my intention to distribute malware.

 

Source:

http://www.bleepingcomputer.com/forums/topic483431.html/page__view__findpost__p__2962903

Member of:

UNITE

neill10 Newbie

neill10

Posted
Posted
"Faulty mice" I had a batch of them once, the snakes refused to eat any of them! ( sorry bored ridged and couldn't resist )

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...