[Phantom010]

In the past, you couldn't find a Combofix website with Google to download the program, unless you would search through malware removal threads within computer help forums. Now I find this!!! A great way to get in trouble!

[danlan]

unfortunately sites are now vulching off of the search also. Users need to be vary wary. I have also found that the variants of malware are hard keyed to prevent Combofix from running. It's now getting harder to get a foothold into a system with these "safe guards"

[Elvandil]

People like to fix their own machines and don't like relying on others to do it. So they download and run "fixers" they find everywhere. I understand the feeling, but sometimes the wrong fix is worse than the disease.

[Phantom010]

Yeah but who the hell got that almost on top of Google search? It's not intended for the general public!

[Byteman]

http://www.bleepingcomputer.com/forums/topic214023.html

[Phantom010]

Quote:

Originally Posted by Byteman

http://www.bleepingcomputer.com/forums/topic214023.html

Well, the .exe file seems to come from Bleeping Computers. It's like a copied shortcut, possibly updated once in a while. Is the link provided by the Bleeping Computers' administrators, which would be unprofessional? I don't think so.

[Byteman]

Hi, To see the owner/registrant of a domain, go here

http://www.whois.net/ First level, lookup registration

in the space, type the first part combofix

and, change the drop-down extension part to .org


You will see the owner. They are probably not affiliated with the creator of combofix.

Sometimes, companies register domains hoping to sell them later at a huge markup or profit.

There are other "replicas" of combofix with slightly different domain names, and they also seem to belong to the same registrant.

In the thread I linked to before, you see two links in Post# 5

Those, are definitely not good sites so be warned. If you downloaded what they have to offer you would quickly learn that these are rogue, or fake, security apps.

[Phantom010]

I'm sure they aren't affiliated with the creator of Combofix. I never thought so.

[Byteman]

OK, I didn't mean you thought they were!

I'm showing you how they aren't since you asked or questioned the site and it's content. The first one combofix . org is not affiliated with the real combofix nor it's people, it just has a valid download of the real combofix but it is outdated....when someone runs combofix, with the newer versions, it checks and tells you that it needs to be re--downloaded....
So, a checker is built into ComboFix these days--- maybe sites like that fake one had something to do with version checking at least partly.

Those other 2 rogue sites do not have the real combofix, they will download something you do not want.
All is good- I understand exactly why you were concerned and now I know you can see the reasons why.

[Phantom010]

Anyway, the fact is that a lot of people will discover the site and will probably use an outdated version of Combofix (.org), most importantly, without supervision, and possibly run into trouble.

[Byteman]

Hey, I decided to test what version they have right now

Here is the top portion of my own log just made

ComboFix 09-04-04.01 - Bill 2009-04-04 17:30:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.701 [GMT -4:00]
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090404-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))


The combofix.org site may have just been updated....but, it is serving up the real software, and quite a recent version.....perhaps the creator of combofix got something straightened around with who ever put that site up? I dunno..... but it seems OK, as far as the file itself.

You are right about there being no directions etc...so someone is bound to get themselves into trouble. You could check in BleepingComputer forums, maybe they have something more recent about this....?

There are several folks here at TSG that work quite closely with the creator of combofix so we might get a reply here about it.

[Phantom010]

Ok, thank you for the details.

[Gizzy]

I've actually started to see people using combofix in their security setup with other scanners....

I wonder if they even know how to use it or what it does...

[Phantom010]

I know! Some members come here with problems and say that they've scanned their computer with AV or antispyware programs, and they've used Combofix or SDFix...

[Byteman]

Yes we are seeing quite a few of the special tools being used without advice first....

We only hope that the poster has gotten the download at the correct place, and has had the directions and in fact, read through them....

What we also see is the ones who ran one of the specialized tools once or twice and their problems seemed to disappear> these posters disappear from fixing the rest of the malware that did not get removed--- and those will probably be back shortly with other problems. But, a big problem is our being so swamped with requests for malware help- we just cannot keep up with getting to all the threads.

We do wish that new users of the forum read the Rules, and the Sticky threads at the top of the pages...