ComboFix, the malware removal tool, infected with Sality Virus

In a recent not-so-good development, ComboFix, the popular malware removal tool, hosted by well-known Bleeping Computers has been found to be infected with the Sality Virus and has been termed as dangerous for download.

combofix

Confirming this discovery, Lawrence Abrams says:

 “Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus. The minute we heard about this, we pulled the executable so that it is no longer available from Bleeping Computer.”

From rough information, it is known that the Sality Virus has been available in ComboFix since 2am EST on January 29th 2013 and the developer, sUBs is presently hooked on to help fix it. In the meanwhile, users are discouraged from downloading ComboFix from other mirror sites which may be hosting the program since the developers have no control on the mirror versions and there is a high probability that the infected virus sits in them.

In case you already happen to have ComboFix installed on your system, it’s highly recommended that you undertake the following steps:

  • Scan your computer with ESET’s Online Scanner.
  • Download and scan your computer with the Kaspersky Rescue Disk
  • Use SalityKiller if you are unable to use the above tools for some reason. When using this tool, you should disconnect from your network first.
  • Use AVG Sality Remover Tool. When using this tool, you should disconnect from your network first.

According to Lawrence, all of these (above) tools should be able to detect and remove Sality from your computer. Sality is also able to spread through mapped network drives and shares. If you share any folders on your network, you should perform the above steps on those computers as well.

If you visit the download page now, you will see the following message:

This download is not available at this time. We apologize for the issues and hope to have it available soon.

Users are advised to wait for developments from its developers sUBs and not download from any other mirror sites. Once a clean version of the tool is made available, you may download it from BleepingComputer.com which is the official download site for Combofix.

For assistance or more details, head over to the forum post.

UPDATE: The problem has been resolved and the new version of ComboFix can be downloaded from Bleeping Computer.

ComboFix is not your regular malware scanner and should be run only under the guidance of an expert.

Posted by with Tags
Anand Khanse is the Admin of TheWindowsClub.com and a 10-year Microsoft MVP Awardee in Windows for the period 2006-16. He enjoys following and reporting Microsoft news and developments in the world of Personal Computing & Social Media.