[pchelpers] Re: Combofix

Hi PcCowboy

> Has anyone looked at Combofix.exe?
> 
> I ran it and it deleted one thing. tm24.tmp
> It is some kind of rootkit tool.

No, it doesn't seem to have anything to do with removing rootkits, but 
it was/is apparently itself targeted by some, and then it deletes 
everything on your hard drive. This is not one of those hoaxes about 
emails or viruses that do that; the warning was posted by the developer 
himself in Feb 2007:

"I have just encountered a rootkit that will cause CF to recursively 
delete all files from SystemDrive.

Pulling the tool till further notice.

Please inform your users not to use CF. Who knows if that rootkit is in 
there.

Please spread the word. Also have users delete their copies of CF"
http://boards.cexx.org/index.php?topic=15787.msg65211

It seems to also sometimes trash Win9X machines:
http://www.castlecops.com/p810496-combofix_exe_trashed_my_desktop.html

It's however a very good and well-respected tool used on many reputable 
antimalware sites against specific spy/malware. It will do no harm when 
in expert hands...
http://www.windowsbbs.com/showthread.php?t=57442



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: