combofix(still compressed) flagged as being infected - normal?

Title says it all. I have a copy of combofix, still in it's compressed state, and it was flagged by my security software as infected. Is this normal, or should I be concerned?

 

I wouldn't be too concerned as long as you downloaded ComboFix from a reputable site, like from Major Geeks (which actually links up with 'bleepingcomputer' for this particular download). What software is flagging it?
ComboFix direct download link http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

I'm almost positive that I downloaded from this site, or used a link from this site if it links to somewhere else.

The software that I'm using is Trend Micro Internet Security.
It says that,
File dd.cfexe is infected with or is TROG_Generic.ADV
and file dumphive.cfexe is or is infected with Freeloader_Smitfraud

I uploaded the file to www.virustotal.com and it said that it had already been analyzed or something, and gave me these results:

Antivirus Version Last Update Result
AhnLab-V3 2008.5.15.0 2008.05.14 -
AntiVir 7.8.0.17 2008.05.14 APPL/Tool.NirCmd.D
Authentium 5.1.0.4 2008.05.15 -
Avast 4.8.1195.0 2008.05.14 Win32:Rootkit-gen
AVG 7.5.0.516 2008.05.14 -
BitDefender 7.2 2008.05.15 -
CAT-QuickHeal 9.50 2008.05.14 -
ClamAV 0.92.1 2008.05.15 -
DrWeb 4.44.0.09170 2008.05.14 SCRIPT.Virus
eSafe 7.0.15.0 2008.05.14 suspicious Trojan/Worm
eTrust-Vet 31.4.5788 2008.05.14 -
Ewido 4.0 2008.05.14 -
F-Prot 4.4.2.54 2008.05.15 W32/KillProc.C
F-Secure 6.70.13260.0 2008.05.15 -
Fortinet 3.14.0.0 2008.05.14 RAT/ProcLaunch
GData 2.0.7306.1023 2008.05.15 -
Ikarus T3.1.1.26.0 2008.05.15 Backdoor.Win32.VB.awx
Kaspersky 7.0.0.125 2008.05.15 -
McAfee 5295 2008.05.14 potentially unwanted program RemAdm-ProcLaunch!171
Microsoft 1.3408 2008.05.13 -
NOD32v2 3100 2008.05.14 -
Norman 5.80.02 2008.05.14 -
Panda 9.0.0.4 2008.05.14 Bck/VB.XB
Prevx1 V2 2008.05.15 -
Rising 20.44.22.00 2008.05.14 Backdoor.Win32.VB.xb
Sophos 4.29.0 2008.05.15 NirCmd
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.15 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.14 BackDoor.TerraBit
VirusBuster 4.3.26:9 2008.05.14 -
Webwasher-Gateway 6.6.2 2008.05.15 Win32.ModifiedUPX.gen (suspicious)



I downloaded from the link you provided and my security software gave the same results for it, so I believe it is a false alarm as far as my Trend Micro goes. For the virustotal scan, I'm not sure though.


And I haven't gone over every little detail of the results page but I think that the virustotal scan is the same for both as well. I think it's all false alarms.

 

The list of other antivirus apps that you provided shows that roughly half do not flag combofix. The ones that do flag it all seem to have a different name for it; 2 or 3 label it as a Visual Basic (VB) virus, and all the others call it something totally different. So I'd say that they are false positives. Due to the nature of combofix, and the task it performs, it may appear to be a virus just because of what it's designed to do. Here's more detailed info about combofix direct from the folks that created it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
And here's more info about false positives, combofix, and components of combofix:
http://www.bleepingcomputer.com/forums/topic98878.html
That should clear it up for you.