Whats the story with MFC45.DLL?????

[Guest]

[donnyd]

I've submitted a number of times going back as far as the beginning of March via e-mail attachment the mfc45.dll file and to this day do not know if it's malware or a FP. Is it a file that windows needs? As of now it's quarantined.. I also pick up c://System Volume Information/restore/******** when doing a scan, are these FP's? It would be nice to get some feed back.....   

[Ragwing]

Hello!

mcf45.dll is (most likely) a part of the Microsoft Foundation Class Library, but it might also be a malware with a very similar name. Please upload it to VirusTotal to verify that it's clean:
http://www.virustotal.com/

If it comes back as clean, please see this topic for instructions on how to report a false positive:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html

System Volume Information stores files that will be restored when doing a System Restore, and it's quite common for malware to place itself there, so that it'll be restored when/if the user does a System Restore.

[donnyd]

Hello!

mcf45.dll is (most likely) a part of the Microsoft Foundation Class Library, but it might also be a malware with a very similar name. Please upload it to VirusTotal to verify that it's clean:
http://www.virustotal.com/

If it comes back as clean, please see this topic for instructions on how to report a false positive:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html

System Volume Information stores files that will be restored when doing a System Restore, and it's quite common for malware to place itself there, so that it'll be restored when/if the user does a System Restore.

I know how to submit false positives and suspicious files via e-mail to Comodo avlab. Been there done that! I've already gone through that back in early March. That's my whole point!! I'm reporting a potential malware or hopefully just a FP and there's no response. Is it or is it not a problem. Come on, there's suppose to be a 2 day response according to the mediators of this forum and it's been over a month!! So again, "Whats the story"............ 
 

[commandor]

Hello this file is  False positive!,this file I submited in via e-mail to Comodo lab.

[Ragwing]

I know how to submit false positives and suspicious files via e-mail to Comodo avlab. Been there done that! I've already gone through that back in early March. That's my whole point!! I'm reporting a potential malware or hopefully just a FP and there's no response. Is it or is it not a problem. Come on, there's suppose to be a 2 day response according to the mediators of this forum and it's been over a month!! So again, "Whats the story"............ 

Have you tried to do a proper report here on the forums? I'm quite sure it's more likely to be seen here. Once you've had no reply in 2 days, you can post a note here:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/post_here_your_unfixed_fps_only_after_2_days-t36306.0.html

You can also include a link to it on VirusTotal, to show it's clean.

[umesh]

Hi donnyd,

I've submitted a number of times going back as far as the beginning of March via e-mail attachment the mfc45.dll file and to this day do not know if it's malware or a FP. Is it a file that windows needs? As of now it's quarantined.. I also pick up c://System Volume Information/restore/******** when doing a scan, are these FP's? It would be nice to get some feed back.....   

This seemed to be an incomplete file and scanner detected it as PEBomb. These sorts of cases have been resolved in next CIS 3.9 version, we have published BETA of the same and this file will not be detected by this BETA version:
https://forums.comodo.com/beta_corner_cis/comodo_internet_security_3973015489_beta_released-t37637.0.html

So it needed code fixes to address such cases.

Thanks
-umesh

[donnyd]

Hi donnyd,
This seemed to be an incomplete file and scanner detected it as PEBomb. These sorts of cases have been resolved in next CIS 3.9 version, we have published BETA of the same and this file will not be detected by this BETA version:
https://forums.comodo.com/beta_corner_cis/comodo_internet_security_3973015489_beta_released-t37637.0.html

So it needed code fixes to address such cases.

Thanks
-umesh

umesh,
 Thanks for the info.........
     donnyd

[rogerg2]

Hello, I am also now receiving from my CIS 5 today that this file is corrupt. I have received notification from AV telling me that this file is bad. I had ran this file through Virus Total and had received;
File name:
mfc45.dll
Submission date:
2010-10-10 19:30:13 (UTC)
Current status:
queued (#12) queued analysing finished
Result:
5/ 43 (11.6%)
MD5   : 24f479679d2ccf09c40acbb49e863fa1
SHA1  : 80a0a32f447414ad17099883cb8efea5a4ec4e58
SHA256: 023b50bd71f1b403af50a41e0a6dfddab50f53cdacc86c3e138efada73720fab

I have no idea what I should do next.

Thank You

[meidan]

Hello, I am also now receiving from my CIS 5 today that this file is corrupt. I have received notification from AV telling me that this file is bad. I had ran this file through Virus Total and had received;
File name:
mfc45.dll
Submission date:
2010-10-10 19:30:13 (UTC)
Current status:
queued (#12) queued analysing finished
Result:
5/ 43 (11.6%)
MD5   : 24f479679d2ccf09c40acbb49e863fa1
SHA1  : 80a0a32f447414ad17099883cb8efea5a4ec4e58
SHA256: 023b50bd71f1b403af50a41e0a6dfddab50f53cdacc86c3e138efada73720fab

I have no idea what I should do next.

Thank You

Hi rogerg2,

Thank you for your submission. We'll check this and get back to you soon.

Kind Regards,
Erik M.

[rogerg2]

Thank You

[rogerg2]

Hi rogerg2,

Thank you for your submission. We'll check this and get back to you soon.

Kind Regards,
Erik M.

I have just sent that file (mfc45.dll) to the link: http://www.comodo.com/home/internet-security/submit.php

[FangFang]

Hello, I am also now receiving from my CIS 5 today that this file is corrupt. I have received notification from AV telling me that this file is bad. I had ran this file through Virus Total and had received;
File name:
mfc45.dll
Submission date:
2010-10-10 19:30:13 (UTC)
Current status:
queued (#12) queued analysing finished
Result:
5/ 43 (11.6%)
MD5   : 24f479679d2ccf09c40acbb49e863fa1
SHA1  : 80a0a32f447414ad17099883cb8efea5a4ec4e58
SHA256: 023b50bd71f1b403af50a41e0a6dfddab50f53cdacc86c3e138efada73720fab

I have no idea what I should do next.

Thank You

Hi rogerg2 ,
This is to inform you that false-positive with
<mfc45.dll> (SHA1: <80a0a32f447414ad17099883cb8efea5a4ec4e58>)
has been fixed.
You can update to AV database Version <6349> of  Comodo Internet Security Version<5.0.162636.1135> and confirm it.

Regards,
fangfang

[rogerg2]

Once again thank you and all of you so very much for making CIS an awesome security product. :-)

Roger

 :comodorocks:

[Tags:]