The ComboFix tool from BleepingComputer.com which supposed to remove viruses and other threats has been badly infected with Sality virus. Bleeping Computer acknowledged this and asking affected users who used their tool recently to scan with virus scanner and lists tools to remove Sality as well. If you’re planning to fix your friend or relative’s Computer with ComboFix, don’t use it for now.
Currently ComboFix is not available for download from BleepingComputer.com as they’re already removed it from their site. Since they don’t have control on mirror sites offering this tool, that’s why they’re requesting users not to attempt the download of same from other sites like Cnet.
BleepingComputer’s ComboFix infected with Sality Virus
“Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus. The minute we heard about this, we pulled the executable so that it is no longer available from BleepingComputer.com. Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.” says Glinter, admin in BC forum.
If you’ve downloaded ComboFix recently where “affected version has been available since approximately 2am EST on January 29th, but it may have been earlier”, compare Hashes with SHA256 Hashes of affected versions listed below.
SHA256 Hashes of Sality Infected ComboFix
You can also scan downloaded ComboFix file from your Computer using VirusTotal Uploader or VirusTotal Scanner or manually upload to VT website which also have those hashes checked and shows Sality virus infection of the file in scan results.
How to remove Sality Virus from your Computer
1. Scan with ESET online scanner.
2. Download and use Kaspersky rescue disk.
All the above tools mentioned can detect and remove Sality virus from your Computer. If you’re connected to a network then you need to perform scan for Sality on those computers as well.
Update 01/02/2013: ComboFix is now virus free and safe to download.
Please share this article