.

Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW

<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Tue Mar 23, 2010 5:56 am

Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW

Hey guys I have used the above mentioned Boot CD in our environment for various reasons, now I am unclear if I have used this particular disk, I may have, but then again I may not have.  I popped the disk into a workstation yesterday and BOOM Symantec detected a generic Trojan virus, with the wild level of Low.  Now I am pretty sure that symantec have just recently updated their signatures, which now detects this tool as a trojan and in reality it is a false positive.  Have any of you guys experienced any false positives OR viruses from the Hirens Boot Disk?

I have explored the Cyberwebs/Symantec threat explorer/SecurityFocus with no exciting discoveries  :P

I look forward to hearing about your experience with this Boot CD  8)
You Cant Resolve Problems Whilst At WAR!
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Wed Mar 24, 2010 2:00 pm

Re: Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW

If it is an option, I usually identify the suspect file and submit it to virustotal.com or jotti. This will scan the file using a large number of AVs. See what else it gets flagged as. To further verify the files integrity I submit the file to an online virus sandbox like CWSandbox or Anubis to see if any malicious registry, network or file activity occurs. This is by no means 100% confirmation, but allows you to make an informed decision about the executable/file's intentions!

Hope it helps in some way
n1p
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Sat Mar 27, 2010 9:42 am

Re: Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW

That was informative, thanks for your help  8)
You Cant Resolve Problems Whilst At WAR!
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Mar 28, 2010 11:35 am

Re: Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW

I don't believe that Hiren's boot CD is a licensed distribution of the tools that it includes.  If you downloaded the CD from a questionable source, it is possible that it could be infected with a virus.  The other possibility is that anti-virus software is detecting a security tool as a virus.  Some software will identify metasploit as a virus for example.
~~~~~~~~~~~~~~
Ketchup
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Sun Mar 28, 2010 1:43 pm

Re: Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW

Yeah.. One of the issues with heuristics scanning

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software