Odd ... Combofix from Major Geeks Infected? - RESOLVED -

General Topics
1

This past Sunday I went and used my sister’s High Speed Internet to download around 8 or so Apps onto my Flash Drive. Among them was the download of the latest Combofix from MajorGeeks at the time. When I got back here to my place, I proceeded to scan those Apps Setup files with MBAM and SAS. Both scans came up clean. I then ran an avast scan and Combofix was immediately tagged as being infected with a Trojan of some sort.

Not being imperative that I HAVE Combofix, I let avast send that Combofix Setup file to the Virus Chest. Is it possible that I got that Combofix infected from MajorGeeks? Or is it more likely that as I copied those Apps Setup files onto my Flash Drive, some Trojan from my sister’s computer decided to latch itself onto Combofix? I guess it could have been a False Positive. But, I can’t recall ever before having downloaded an App Setup file and have it be infected like that from the get go.

Interestingly enough, I noticed that there was a new Combofix available the following day Monday. I wonder if it was just coincidence or whether it was because the previous version was infected?

I’ve run at least 2 more scans with MBAM, SAS and avast on my Hard Drive and on my Flash Drives since then (sans the Combofix) and everything has come out clean.

2

malware removal tools can have virus like behavior…it is not uncommon that other security programs flag them

avast have many times detected OTL as malware…

you can try scan combofix at VT … will not be surprised if there are sevral detections

3

Hi Chim,

sUBs, the author of ComboFix has never agreed to host his tools outside of bleepingcomputer.
http://www.bleepingcomputer.com/download/combofix/
The link above is the only page as valid ComboFix download page as disclaimer says so.

You may read this official guide:
http://www.bleepingcomputer.com/combofix/

Also this one here:
http://www.bleepingcomputer.com/forums/topic273628.html

Yet again, MajorGeek is valid and known site, they do not spread malware. AV know to flag one of CF’s component as as threat due to his behavior.
So you may be free to consider the detection as AV’s FP.

4

Latest Scan of CF… https://www.virustotal.com/en/file/e5f19a5e1b3b8aeb1cf4b8bc72fc9dd1ae397bf1fb3c8f4b7563d75bc8007541/analysis/1400764813/

5

More than likely again a false positive for the packer used: https://www.virustotal.com/en/file/e5f19a5e1b3b8aeb1cf4b8bc72fc9dd1ae397bf1fb3c8f4b7563d75bc8007541/analysis/1400764813/

F-PROT NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, UPX, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, UPX, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, Unicode, NSIS, appended, Unicode, NSIS, appended, NSIS, NSIS, Unicode, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, Unicode, NSIS, appended, Unicode, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, Unicode, NSIS, appended, Unicode, NSIS, appended, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, Unicode, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, UPX, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, PecBundle, PECompact, NSIS, PecBundle, PECompact, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, UPX PE header basic information
and that is creating these generic false positive finds in legit tools, also see here: http://www.herdprotect.com/combofix.exe-215f42e6e987b63e782ca713da0b9fc04534f3bc.aspx

polonus

6

Ahhh, very interesting, useful information, guys.

Magna86, I rarely download from BleepingComputer. It’s that from what I vaguely recall, here and there I had encountered instances whereby the Apps I wanted did not specify what version they were. So, there was no way of knowing what version was there available at BleepingComputer for download. So, I go elsewhere where I can see what version they have available for download.

7

Interesting VirusTotal scan of Combofix there, Michael.

That Trojan[Dropper]Win32.Demp from Antiy-AVL looks very similar to what my avast flagged Combofix with.

8

Hmmm … a new animal there, Polonus.
I had never heard of herdProtect.

9

Hi Chim,

Meta cloud scanner and very useful for just these purposes.
The heuristic generic flags for Combofix should be categorized into the riskware realm,
this of course because of the functionality of the tool that could be considered quite a risk in the hands of the uneducated.
DrWeb’s has a good repitation to handle various packers and it handles the Major Geeks download link with DrWeb’s URL checker as follows:

Checking: htxp://kona.kontera.com/javascript/lib/KonaLibInline.js
File size: 14.71 KB
File MD5: 0b7e89babced608a243bb4dc7e0e9067

htxp://kona.kontera.com/javascript/lib/KonaLibInline.js - archive JS-HTML

htxp://kona.kontera.com/javascript/lib/KonaLibInline.js/JSTag_1[3a49][8d] - Ok
htxp://kona.kontera.com/javascript/lib/KonaLibInline.js - Ok

Checking: htxp://www.google-analytics.com/urchin.js
File size: 22.15 KB
File MD5: 1f36e699091daed40331072860cce88a

htxp://www.google-analytics.com/urchin.js - Ok

Checking: htxp://www.majorgeeks.com/mg/get///s7.addthis.com/js/300/addthis_widget.js%23pubid=majorgeeks
File size: 0 bytes
File MD5: d41d8cd98f00b204e9800998ecf8427e

Checking: htxp://ads.pro-market.net/ads/scripts/site-133323.js
File size: 2190 bytes
File MD5: 023c00bf4955398788f378da9113dcab

htxp://ads.pro-market.net/ads/scripts/site-133323.js - archive JS-HTML *

htxp://ads.pro-market.net/ads/scripts/site-133323.js/JSFile_1[0][88e] - Ok
htxp://ads.pro-market.net/ads/scripts/site-133323.js - Ok

Checking: htxp://edge.quantserve.com/quant.js
File size: 7874 bytes
File MD5: 072a287f4dab753f2d5972202d0de920

htxp://edge.quantserve.com/quant.js - Ok

Checking: htxp://dev.majorgeeks.com/b/advertisement.js
File size: 43 bytes
File MD5: 911056fa3030d7a95e1c447bf767a932

htxp://dev.majorgeeks.com/b/advertisement.js - archive JS-HTML
htxp://dev.majorgeeks.com/b/advertisement.js - Ok

Checking: htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js
File size: 7687 bytes
File MD5: 60d98f4174ecf05444007791d915265b

htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js - archive JS-HTML

htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js/JSTAG_1[6c8][58] - Ok
htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js/JSTAG_2[11c2][d0] - Ok
htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js/JSTAG_3[131a][ae4] - Ok
htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js/JSTAG_4[135f][a9f] - Ok
htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js - Ok

Checking: htxp://www.majorgeeks.com/mg/get/combofix,1.html
Engine version: 7.0.9.4080
Total virus-finding records: 5247643
File size: 15.22 KB
File MD5: 81439913f571ba420e63480ca5390edf

htxp://www.majorgeeks.com/mg/get/combofix,1.html - archive JS-HTML

htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_1[871][58] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_2[14ec][6b] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_3[166e][5a] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_4[1927][58] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_5[1e16][c7] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_6[2812][6e] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_7[2a7e][b5] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_8[30a6][d0] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_9[31fe][adc] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html/JSTAG_10[3243][a97] - Ok
htxp://www.majorgeeks.com/mg/get/combofix,1.html - Ok

From the above you understand that a decent Adblocker is a must to-day even on Major Geeks downloads.
With free downloads you are the product to pay for keeping it a free downlaod link. 8)
See for * here: https://www.virustotal.com/nl/url/bb05afea99fa5f884a2baa99f2db342669e9863112d5d4ef67867e828b212d16/analysis/
and https://www.mywot.com/en/scorecard/ads.pro-market.net?utm_source=addon&utm_content=popup

polonus

10

@ Damian,
A simple explanation of your analysis about Major Geeks would be helpful.
I personally have never received anything from that download site except the program
I went there to download. No toolbars, no add ons. ???

11

Hi bob3160,

This is the link I scanned: hxtp://www.majorgeeks.com/mg/get/combofix,1.html

Look here in this scan for the external elements: http://zulu.zscaler.com/submission/show/006b388139c10c60cc6e6b80086d3a16-1400836957
htxp://s7.addthis.com/js/300/addthis_widget.js%23pubid=majorgeeks script Benign *
htxp://kona.kontera.com/javascript/lib/KonaLibInline.js script Benign
htxp://ads.pro-market.net/ads/scripts/site-133323.js script Benign
htxp://majorgeeks.us4.list-manage.com/subscribe/post?u=11e02cf9dc4ef3eb0ab4606ef&id=8c93a2875d form Benign
htxp://www.uniblue.com/cm/majorgeeks/driverscanner/statictxtlink/download/ a Benign
htxp://www.reimageplus.com/includes/router_land.php?tracking=MajorGeeks&banner=txt&adgroup=1 a Benign
htxp://www.driverupdate.net/lp/partners/1003/1/?utm_campaign=1003&utm_source=1003&utm_medium=paid-media a Benign
htxp://www.reimageplus.com/includes/router_land.php?tracking=MajorGeeks&banner=336&adgroup=static a Benign
htxp://www.contentteller.com/ a Benign
htxp://www.majorgeeks.com/mg/get/core/javaload/jquery.js script Benign

I do not like downloads with the additional adware like kontera, ads.pro-market dot net, all blocked in my case.
I am not making this up, majorgeeks apparently earns from additional adware launching and tracking.
Are you surprised ;D Iit is a common download model we now find almost everywhere (except for the downlaod at G2G,
which is what you describes). Another scan of that link: http://fetch.scritch.org/%2Bfetch/?url=www.majorgeeks.com%2Fmg%2Fget%2Fcombofix%2C1.html&useragent=Fetch+useragent&accept_encoding=

polonus

P.S. Good you reacted, bob3160, I would not have expected that but the site of majorgeeks is vulnerable itself with outdated server software detected there ( http://httpd.apache.org/security/vulnerabilities_22.html ) Would you believe ;D , see: http://sitecheck.sucuri.net/results/www.majorgeeks.com (incompetence could now be walking around on every work-floor 8))

Damian

12

Sorry Damien but still haven’t run into any download from Major Geeks
that gave me anything but what i went there for.
I also have the option from their site to download directly from the authors site.

13

OK when they link right through to the download,
but the vulnerability on the site server is still there (as Sucuri’s shows)

  • outdated Apache server software should not be used there.
    I would not have expected that for a site like Major Geeks ;D

polonus

I scanned that link again at Web Security Test: wXw.majorgeeks.com/mg/get/combofix,1.html
I got for Javascript check: Suspicious

ocument.write(’
');} else {document.write(“”);} …

On iFrame check I have: Suspicious

htxp://ox-d.majorgeeks.com/w/1.0/afr?auid=437934&cb=insert_random_number_here’
htxp://ox-d.majorgeeks.com/w/1.0/afr?auid=11160&cb=insert_random_number_here’

External links to be checked:
Please check this list for unknown links on your website:

htxp://www.reimageplus.com/includes/router_land.php?tracking → ‘click here to repair/restore m’
htxp://www.contentteller.com → ‘contentteller® business editi’

D

14

So then BleepingComputer is supposed to be safer than MajorGeeks?

Where do FileHippo, Snapfiles and Softpedia stand in comparison to MajorGeeks as far as being safe?

15

Snapfiles download seems OK: https://www.virustotal.com/nl/url/ef266b7f5e914935f25eb4d4ef7d04958615f5d08209a381c84b105c8990b568/analysis/1400864822/
also see: http://www.snapfiles.com/php/sfdwnld.php?id=112944 redirects to http://www.snapfiles.com/downloads/combofix/dlcombofix.html

Checking: http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js
File size: 22.56 KB
File MD5: aa29d1943e4ee77b0481e961cdb8df22

http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js - archive JS-HTML

http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTAG_1[abc][1b7] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTAG_2[ca3][ba] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTAG_3[ed0][2d9] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTAG_4[122c][1d6] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTAG_5[1a35][1e9] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTag_6[1231][1d1] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSTag_7[1a3a][1e4] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_8[41] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_9[44] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_10[4a] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_11[4b] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_12[48] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_13[4c] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_14[4b] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_15[4c] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js/JSEvent_16[48] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery.superbox-min.js - Ok

Checking: http://www.snapfiles.com/scripts/tabboxfunctions.js
File size: 553 bytes
File MD5: 6e495693cb5b6153ab11b4cfcde0fb88

http://www.snapfiles.com/scripts/tabboxfunctions.js - archive JS-HTML

http://www.snapfiles.com/scripts/tabboxfunctions.js/JSFile_1[0][229] - Ok
http://www.snapfiles.com/scripts/tabboxfunctions.js - Ok

Checking: http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js
File size: 22.56 KB
File MD5: aa29d1943e4ee77b0481e961cdb8df22

http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js - archive JS-HTML

http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTAG_1[abc][1b7] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTAG_2[ca3][ba] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTAG_3[ed0][2d9] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTAG_4[122c][1d6] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTAG_5[1a35][1e9] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTag_6[1231][1d1] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSTag_7[1a3a][1e4] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_8[41] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_9[44] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_10[4a] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_11[4b] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_12[48] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_13[4c] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_14[4b] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_15[4c] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js/JSEvent_16[48] - Ok
http://www.snapfiles.com/downloads/combofix///pagead2.googlesyndication.com/pagead/show_ads.js - Ok

Checking: http://pagead2.googlesyndication.com/pagead/show_ads.js
File size: 19.45 KB
File MD5: e916db9d3ee3e55774e3ee3b7644ff8a

http://pagead2.googlesyndication.com/pagead/show_ads.js - Ok

Checking: http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js
File size: 22.56 KB
File MD5: aa29d1943e4ee77b0481e961cdb8df22

http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js - archive JS-HTML

http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTAG_1[abc][1b7] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTAG_2[ca3][ba] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTAG_3[ed0][2d9] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTAG_4[122c][1d6] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTAG_5[1a35][1e9] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTag_6[1231][1d1] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSTag_7[1a3a][1e4] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_8[41] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_9[44] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_10[4a] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_11[4b] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_12[48] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_13[4c] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_14[4b] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_15[4c] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js/JSEvent_16[48] - Ok
http://www.snapfiles.com/downloads/combofix//scripts/jquery-1.3.2.min.js - Ok

Checking: http://www.snapfiles.com/downloads/combofix/dlcombofix.html
Engine version: 7.0.9.4080
Total virus-finding records: 5249893
File size: 37.25 KB
File MD5: 7f3a4b53c1c5c4dfea3c6e891589ad71

http://www.snapfiles.com/downloads/combofix/dlcombofix.html - archive JS-HTML

http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_1[2af][9e] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_2[bce][1b7] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_3[db5][ba] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_4[f8e][218] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_5[11d4][ba] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_6[12be][122] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_7[1a6a][1e9] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_8[1d0a][102] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_9[5da0][d4] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTAG_10[868d][af] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTag_11[1a6f][1e4] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTag_12[1d0f][fd] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTag_13[5da5][cf] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSTag_14[8692][aa] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_15[41] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_16[44] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_17[4a] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_18[4b] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_19[48] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_20[4c] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_21[4b] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_22[4c] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html/JSEvent_23[48] - Ok
http://www.snapfiles.com/downloads/combofix/dlcombofix.html - Ok

checked here: http://anubis.iseclab.org/?action=result&task_id=12304c149c23359344dcb0010c9635752

polonus

16

Thanks, Polonus.