Publicado por Marcelo Rivero de InfoSpyware:
Información detallada desde BleepingComputer:
Así que ojo, y de momento se recomienda no usar esta herramienta hasta nuevo aviso por parte de los sitios oficiales.
Desafortunadamente el día de hoy Martes 29 de Enero 2013, se descubrió que la última versión del programa Antimalwares ComboFix, se encontraba infectado internamente con una variante del peligroso virus Sality.
Sality es una familia de virus polimórficos que infectan los archivos ejecutables de Windows con extensiones EXE. o SCR. logrando el control del equipo que en sus diferentes variantes lo puede convertir en botnet, instalar un troyano downloader para descargar otros malware o un rootkit para permanecer oculto e imborrable en el sistema de la víctima.
Si bien la descarga del programa antimalware ComboFix desde nuestro espejo oficial de descarga en InfoSpyware.com no se encontraba infectada, al descargar CF en su equipo hace una actualización automática descargando su última versión disponible desde BleepingComputer, por lo que hemos procedido a informar a través de nuestro Twitter y quitar momentáneamente la descarga desde nuestros sitios para evitar cualquier inconveniente.
Si lo han descargado y ejecutando en el día de hoy o creen que pueden haber sido infectados por el virus Sality, recuerden que estamos para ayudarlos y puede abrir un nuevo tema en el sector de "Virus y Spywares" del foro.
Ya se está investigando el asunto y preparando una versión limpia para ofrecer próximamente, por lo que estaremos informando cualquier novedad y solo les recomendamos que por el momento y hasta nuevo aviso no ejecuten ComboFix en sus equipos...
Información detallada desde BleepingComputer:
Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus. The minute we heard about this, we pulled the executable so that it is no longer available from BleepingComputer.com. Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.
The developer, sUBs, is currently looking into what happened and when I have a full update, I will be sure to let you know. From the limited information that I have, it appears that the affected version has been available since approximately 2am EST on January 29th, but it may have been earlier. If this timeframe changes, I will update this topic to let you know. If you have used a new copy of ComboFix in the last day or so, then you should examine your system for possible infection. If you have used a copy of ComboFix prior to this version, then you should be ok.
SHA256 Hashes of known affected versions are:
4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333
e5341c3c32a9726a2d3dd1ac0b90f13d896581ab8707dd0a17431df061a2a71d
4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333
e95f77fd437b16312fbd66a02fed8b179968a7615c1bd3cd3b2fd86879b4bbc8
In the meantime, it is important for those who may have used ComboFix recently and are concerned they are infected to get the help they need. As the Sality infection has been around for a while, almost all antivirus vendors will have detected it and blocked it when you ran ComboFix. Unfortunately, not everyone has up-to-date virus definitions or uses an AV program, so it is important to examine your system if you have downloaded a new copy and used it since 2am EST.
The steps we suggest you take to make sure your computer is not infected are:
Scan your computer with ESET's Online Scanner.
Download and scan your computer with the Kaspersky Rescue Disk
Use SalityKiller if you are unable to use the above tools for some reason. When using this tool, you should disconnect from your network first.
Use AVG Sality Remover Tool. When using this tool, you should disconnect from your network first.
All of these tools should be able to detect and remove Sality from your computer. Sality is also able to spread through mapped network drives and shares. If you share any folders on your network, you should perform the above steps on those computers as well.
If you need help with any of these steps, or would like us to check your computer, please feel free to ask us in the forums. You can either post in the Am I infected? forum or create a virus removal assistance topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum using these steps.
We are here to help you, so please do not hesitate to ask.
I sincerely apologize for any issues this may have caused and assure you that we will do our utmost to help anyone who may have been affected by this situation.
Lawrence Abrams
BleepingComputer.com
Así que ojo, y de momento se recomienda no usar esta herramienta hasta nuevo aviso por parte de los sitios oficiales.