Author Topic: Post here your unfixed FP's (only after 2 days)  (Read 121346 times)

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Post here your unfixed FP's (only after 2 days)
« on: March 10, 2009, 09:16:12 AM »
Please post here all unfixed FP's . Please only post them when they're not detected after 2 days.

Please include,

- your original FP post
- when you last tested CIS against it + what database

When the FP is fixed, please delete your post in this topic again !

Thanks,

Xan
« Last Edit: March 10, 2009, 02:25:23 PM by eXPerience »

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 866
    • COMODO
Re: Post here your unfixed FP's (only after 2 days)
« Reply #1 on: March 10, 2009, 09:20:30 AM »
Thanks eXPerience,
This will help us to clean up whatever is left.

Thanks
-umesh

Offline evil_religion

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 475


Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: Post here your unfixed FP's (only after 2 days)
« Reply #4 on: March 11, 2009, 09:33:18 AM »
yo!
what about the b2e.exe
i've posted it several times, but i can't remember where my posts are  88)

but i remember it's been removed from BOClean database  :-La

Offline MJ.nfl

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 280
Re: Post here your unfixed FP's (only after 2 days)
« Reply #5 on: March 11, 2009, 04:51:18 PM »
RAR Slayer v1.1.exe
Sent it via mail.

Virus total results

http://www.virustotal.com/analisis/e28c42883cc2ab0c8a1f6f60f1f1f626

1. CPU Athlon 64 X2 4600+
2. Windows XP pro, service pack 3, 32 bit
3. CIS 3.8.65951.477
4. Antivirus - default settings
5. Firewall - custom policy mode
6. Defense+ - clean PC mode
7. Administrator account

Last scan today. Virus database 1049
« Last Edit: March 11, 2009, 04:56:25 PM by MJ.nfl »

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 866
    • COMODO
Re: Post here your unfixed FP's (only after 2 days)
« Reply #6 on: March 11, 2009, 05:04:00 PM »
Hi,
We will have a look at this today.

Thanks
-umesh

Offline donnyd

  • Comodo Loves me
  • ****
  • Posts: 170
Re: Post here your unfixed FP's (only after 2 days)
« Reply #7 on: March 11, 2009, 05:11:23 PM »
Hey guys,

It seems you reported 1 or more FP's to Comodo. Now it seems that some FP still haven't been fixed. I would like to ask you guys to report them again in this special topic. Please include :

- your original FP post
- when you last tested CIS against it + what database

When the FP is finally fixed, I would also like to request that you delete your post there, it will be easier for the devs then.

When I first report the FP this is what I came up with, I then put what I felt was FP in the exclusion list and it continued to flag the files that were in the exclusion list including the files that were quarantined. Log below:
Table :  Antivirus Logs
    Date Created :  2/13/2009 10:24:43 AM
    Log Scope :  Last 7 Days
    Records count :  58
Date/Time Action Location Malware Name Status
2/12/2009 4:43:49 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:44:49 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:44:49 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:45:08 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:45:08 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:45:29 PM Quarantine C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:56:23 PM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 5:43:22 PM Detect C:\My Downloads\My Downloads\copytodvd4se.exe Application.Win32.FraudTool.MacroVirus.~A[at]2937430 Success
2/12/2009 5:44:02 PM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 5:44:03 PM Detect C:\Program Files\CachemanXP\CachemanXPLauncher.exe Heur.Packed.Unknown Success
2/12/2009 5:44:44 PM Detect C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 5:47:12 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP103\A0014036.exe Heur.Packed.Unknown Success
2/12/2009 5:47:25 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014488.exe Heur.Packed.Unknown Success
2/12/2009 5:47:25 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014495.dll Heur.Packed.Unknown Success
2/12/2009 5:50:11 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008025.dll Heur.Packed.Unknown Success
2/12/2009 5:50:11 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008035.exe Heur.Packed.Unknown Success
2/12/2009 5:51:07 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP82\A0012050.dll Heur.Packed.Unknown Success
2/12/2009 5:51:34 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013767.dll Heur.Packed.Unknown Success
2/12/2009 5:51:34 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
2/12/2009 5:59:50 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:07:30 PM Ignore C:\My Downloads\My Downloads\copytodvd4se.exe Application.Win32.FraudTool.MacroVirus.~A[at]2937430 Success
2/12/2009 6:07:30 PM Ignore C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 6:07:31 PM Ignore C:\Program Files\CachemanXP\CachemanXPLauncher.exe Heur.Packed.Unknown Success
2/12/2009 6:07:31 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP103\A0014036.exe Heur.Packed.Unknown Success
2/12/2009 6:07:32 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014488.exe Heur.Packed.Unknown Success
2/12/2009 6:07:32 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014495.dll Heur.Packed.Unknown Success
2/12/2009 6:07:32 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008025.dll Heur.Packed.Unknown Success
2/12/2009 6:07:33 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008035.exe Heur.Packed.Unknown Success
2/12/2009 6:07:33 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP82\A0012050.dll Heur.Packed.Unknown Success
2/12/2009 6:07:34 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013767.dll Heur.Packed.Unknown Success
2/12/2009 6:07:34 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
2/12/2009 6:22:04 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:06 PM Ignore C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:06 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:15 PM Ignore C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:15 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:20 PM Quarantine C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:24:28 PM Quarantine C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 6:24:28 PM Quarantine C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:39:41 PM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 6:39:42 PM Detect C:\Program Files\CachemanXP\CachemanXPLauncher.exe Heur.Packed.Unknown Success
2/12/2009 6:40:34 PM Detect C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe1 Unclassified Malware[at]4237958 Success
2/12/2009 6:40:34 PM Detect C:\Program Files\Comodo\COMODO Internet Security\Quarantine\mfc45.dll Heur.PEBomb Success
2/12/2009 6:47:41 PM Quarantine C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe1 Unclassified Malware[at]4237958 Success
2/12/2009 6:47:41 PM Quarantine C:\Program Files\Comodo\COMODO Internet Security\Quarantine\mfc45.dll Heur.PEBomb Success
2/12/2009 11:40:13 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0019151.dll Heur.PEBomb Success
2/13/2009 2:39:51 AM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0019151.dll Heur.PEBomb Success
2/13/2009 6:39:51 AM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0019151.dll Heur.PEBomb Success
2/13/2009 9:18:52 AM Detect C:\Program Files\Auslogics\AusLogics Disk Defrag\is-UMABG.tmp Heur.Pck.MEW Success
2/13/2009 9:19:05 AM Ignore C:\Program Files\Auslogics\AusLogics Disk Defrag\is-UMABG.tmp Heur.Pck.MEW Success
2/13/2009 9:19:35 AM Detect C:\Program Files\Auslogics\AusLogics Disk Defrag\AxPackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:19:42 AM Ignore C:\Program Files\Auslogics\AusLogics Disk Defrag\AxPackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:25:15 AM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\is-TV8VC.tmp Heur.Pck.MEW Success
2/13/2009 9:25:19 AM Ignore C:\Program Files\Auslogics\AusLogics Registry Defrag\is-TV8VC.tmp Heur.Pck.MEW Success
2/13/2009 9:25:22 AM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axpackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:25:27 AM Ignore C:\Program Files\Auslogics\AusLogics Registry Defrag\axpackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:28:52 AM Detect C:\Program Files\Auslogics\AusLogics Disk Defrag\is-V7N3F.tmp Heur.Pck.MEW Success
2/13/2009 9:28:56 AM Ignore C:\Program Files\Auslogics\AusLogics Disk Defrag\is-V7N3F.tmp Heur.Pck.MEW Success
End of The Report


Today I removed the files from the exclusion list with the exception of //Comodo.**** and ran the scan again with the lateset version and DB and this is what it flaged:
  Table :  Antivirus Logs
    Date Created :  3/11/2009 12:15:51 PM
    Log Scope :  Today
    Records count :  2
Date/Time Action Location Malware Name Status
3/11/2009 12:03:08 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
3/11/2009 12:11:20 PM Quarantine C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
 


It seems the system volume info is always flaged as a threat and whats the story with this file?
C:\WINDOWS\system32\mfc45.dll



Thanks,
donnyd




Offline Ramanan

  • Comodo Family Member
  • ***
  • Posts: 63
Re: Post here your unfixed FP's (only after 2 days)
« Reply #8 on: March 12, 2009, 02:42:32 AM »
yo!
what about the b2e.exe
i've posted it several times, but i can't remember where my posts are  88)

but i remember it's been removed from BOClean database  :-La

Hi Lt.ganda,

CIS is not detecting the file b2e.exe with/without heuristics. Please verify it with the latest base update. If you still find the detection in CIS, please submit the sample to AVLab.

Thanks,
Ramanan

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: Post here your unfixed FP's (only after 2 days)
« Reply #9 on: March 12, 2009, 03:32:20 AM »
nope, still there with database #1049  :P

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Re: Post here your unfixed FP's (only after 2 days)
« Reply #10 on: March 12, 2009, 06:35:36 AM »
This is what I got over pm


Original post:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/qfecheck_fp-t36252.0.html

Last test:  today with DB 1049

Thanks
Hakan


Xan

Offline Ramanan

  • Comodo Family Member
  • ***
  • Posts: 63
Re: Post here your unfixed FP's (only after 2 days)
« Reply #11 on: March 13, 2009, 05:56:34 AM »
nope, still there with database #1049  :P

Hi Lt.ganda,

Please check with the latest base update.

Thanks,
Ramanan

Offline Ramanan

  • Comodo Family Member
  • ***
  • Posts: 63
Re: Post here your unfixed FP's (only after 2 days)
« Reply #12 on: March 13, 2009, 06:01:01 AM »
RAR Slayer v1.1.exe
Sent it via mail.

Virus total results

http://www.virustotal.com/analisis/e28c42883cc2ab0c8a1f6f60f1f1f626

1. CPU Athlon 64 X2 4600+
2. Windows XP pro, service pack 3, 32 bit
3. CIS 3.8.65951.477
4. Antivirus - default settings
5. Firewall - custom policy mode
6. Defense+ - clean PC mode
7. Administrator account

Last scan today. Virus database 1049

Hi MJ.nfl,

The file in question is detected by heuristics and is a cracking application. Although it is not a "maliclious software", the purpose of the detection is to warn the user about potentially unwanted/dangerous applications. Moreover, such cracking applications are packed/protected by some non standard programs which are used almost only by malicious files. This detection is one such generic detection. If someone still wants to use the crack application, the user can just add the file to exclusion list.

Thanks,
Ramanan

Offline monkeytails

  • Newbie
  • *
  • Posts: 8
Re: Post here your unfixed FP's (only after 2 days)
« Reply #13 on: March 14, 2009, 06:52:18 AM »
False Positive in relation to BOClean files (evidence.boc) has reappeared although different threat this time.

See attached image file.

Should I upload to avlab again?

Edit: reappeared with Database version 1049 and still present with Database version 1056

Offline sureshk

  • Comodo Family Member
  • ***
  • Posts: 71
Re: Post here your unfixed FP's (only after 2 days)
« Reply #14 on: March 15, 2009, 02:02:28 AM »
False Positive in relation to BOClean files (evidence.boc) has reappeared although different threat this time.

See attached image file.

Should I upload to avlab again?

Edit: reappeared with Database version 1049 and still present with Database version 1056

Hi monkeytails,

Thanks for reporting,
FYI : evidence.boc is a backup file ,which BOClean takes before removing the file on detection.

That might not be a FP.

Thanks and Regards,
Suresh.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek