• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Compromised ComboFix anti-malware tool infects computers with Sality virus

Compromised ComboFix anti-malware tool infects computers with Sality virus

2013-01-30 by Jason

ComboFix is a popular anti-malware tool used by many computer technicians. Unlike most scanner applications that check files for particular signatures, ComboFix is more of a script that runs through its different stages completing various tasks to counter specific malware infections. It also stops all services while running which gives it a fighting chance against rootkits that few other tools can clean up.

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

Unfortunately, for roughly nine hours yesterday, a compromised version of the anti-malware tool was served up that would actually infect a computer with the Sality virus. As a self-replicating virus, Sality infects a computer and is also found to copy itself to USB drives and network drives.

The information about ComboFix’s compromise was shared in a thread over at BleepingComputer, the primary mirror for ComboFix.

Known impacted versions have a SHA256 hash:

4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333
e5341c3c32a9726a2d3dd1ac0b90f13d896581ab8707dd0a17431df061a2a71d
4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333
e95f77fd437b16312fbd66a02fed8b179968a7615c1bd3cd3b2fd86879b4bbc8

The download link on BleepingComputer was removed yesterday after learning of the compromise. Earlier this afternoon, a clean version of ComboFix was again made available: http://www.bleepingcomputer.com/download/combofix/

combofix

In case you downloaded and ran ComboFix yesterday, BleepingComputer Admin Grinler recommends taking the following steps:

  • Scan your computer with ESET’s Online Scanner.
  • Download and scan your computer with the Kaspersky Rescue Disk
  • Use SalityKiller if you are unable to use the above tools for some reason. When using this tool, you should disconnect from your network first.

It is not currently known or released how the download came to be compromised, so users may be cautious in using ComboFix and any others until an investigation can be completed to ensure that any open doors have been closed. Fortunately, given the age of the Sality virus, most antivirus products catch and block the infection but that is assuming the client PC has an antivirus on it.

Filed Under: Security and Privacy, Software

Trending

  • Office 365 Admin keeps asking for phone number and alternative email
    In Tech Solutions
  • Ask 404TS: What router should I get to improve wireless coverage?
    In Hardware, Gadgets, and Products
  • IT and March Madness
    In Infographics

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in