site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Beware of Combofix - contains infected file

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


MumRAR

@sky.com

reply to Jrb2

Re: Beware of Combofix - contains infected file

Unsure where Eset got their installer from but the official Combofix download link is at Bleepingcomputer.

The IExplorer.exe file is Nircmd.exe(renamed) with MD5 753BC16326FEE4A421ACB636CCD602F4

VT report would not say Sality for that file as its 3 year old legitimate tool.
»www.virustotal.com/file/24ca5ceb···nalysis/
to forum · permalink · 2013-01-29 07:46:29 ·


therube

join:2004-11-11
Randallstown, MD

quote:
IExplorer.exe file is Nircmd.exe(renamed)
Why would they do that, unless to act like a chameleon?
to forum · permalink · 2013-01-29 10:52:26 ·


therube

join:2004-11-11
Randallstown, MD

reply to MumRAR
What version & size of nircmd.exe ?

In what I have (Combofix.exe), both firefox.exe.VIR & iexplore.exe.VIR (both lower case, the .VIR added by me) are 256,000 bytes (& are exactly the same, chameleons if you will) but neither compare in any way to any nircmd.exe that I have?

VirusTotal (1 / 46) iexplore.exe.

to forum · permalink · 2013-01-29 12:39:48 ·

Grinler

join:2004-03-31
New York, NY

The affected file was not nircmd. It was a different file unfortunately.

to forum · permalink · 2013-01-29 12:44:03 ·
Forums > Broadband Tech > Security > Security

Wednesday, 22-May 07:40:50 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics