Author Topic: Whats the story with MFC45.DLL?????  (Read 20844 times)

Offline donnyd

  • Comodo Loves me
  • ****
  • Posts: 170
Whats the story with MFC45.DLL?????
« on: April 08, 2009, 03:53:51 PM »
I've submitted a number of times going back as far as the beginning of March via e-mail attachment the mfc45.dll file and to this day do not know if it's malware or a FP. Is it a file that windows needs? As of now it's quarantined.. I also pick up c://System Volume Information/restore/******** when doing a scan, are these FP's? It would be nice to get some feed back.....   

Offline Ragwing

  • Comodo's Hero
  • *****
  • Posts: 3498
Re: Whats the story with MFC45.DLL?????
« Reply #1 on: April 08, 2009, 04:20:27 PM »
Hello!

mcf45.dll is (most likely) a part of the Microsoft Foundation Class Library, but it might also be a malware with a very similar name. Please upload it to VirusTotal to verify that it's clean:
http://www.virustotal.com/

If it comes back as clean, please see this topic for instructions on how to report a false positive:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html

System Volume Information stores files that will be restored when doing a System Restore, and it's quite common for malware to place itself there, so that it'll be restored when/if the user does a System Restore.

Offline donnyd

  • Comodo Loves me
  • ****
  • Posts: 170
Re: Whats the story with MFC45.DLL?????
« Reply #2 on: April 08, 2009, 08:48:44 PM »
Hello!

mcf45.dll is (most likely) a part of the Microsoft Foundation Class Library, but it might also be a malware with a very similar name. Please upload it to VirusTotal to verify that it's clean:
http://www.virustotal.com/

If it comes back as clean, please see this topic for instructions on how to report a false positive:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html

System Volume Information stores files that will be restored when doing a System Restore, and it's quite common for malware to place itself there, so that it'll be restored when/if the user does a System Restore.
I know how to submit false positives and suspicious files via e-mail to Comodo avlab. Been there done that! I've already gone through that back in early March. That's my whole point!! I'm reporting a potential malware or hopefully just a FP and there's no response. Is it or is it not a problem. Come on, there's suppose to be a 2 day response according to the mediators of this forum and it's been over a month!! So again, "Whats the story"............ 
 

Offline commandor

  • Comodo Family Member
  • ***
  • Posts: 61
Re: Whats the story with MFC45.DLL?????
« Reply #3 on: April 09, 2009, 05:03:33 AM »
Hello this file is  False positive!,this file I submited in via e-mail to Comodo lab.

Offline Ragwing

  • Comodo's Hero
  • *****
  • Posts: 3498
Re: Whats the story with MFC45.DLL?????
« Reply #4 on: April 09, 2009, 06:03:21 AM »
I know how to submit false positives and suspicious files via e-mail to Comodo avlab. Been there done that! I've already gone through that back in early March. That's my whole point!! I'm reporting a potential malware or hopefully just a FP and there's no response. Is it or is it not a problem. Come on, there's suppose to be a 2 day response according to the mediators of this forum and it's been over a month!! So again, "Whats the story"............ 

Have you tried to do a proper report here on the forums? I'm quite sure it's more likely to be seen here. Once you've had no reply in 2 days, you can post a note here:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/post_here_your_unfixed_fps_only_after_2_days-t36306.0.html

You can also include a link to it on VirusTotal, to show it's clean. :)

Offline umesh

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 866
    • COMODO
Re: Whats the story with MFC45.DLL?????
« Reply #5 on: April 09, 2009, 06:35:22 AM »
Hi donnyd,
Quote
I've submitted a number of times going back as far as the beginning of March via e-mail attachment the mfc45.dll file and to this day do not know if it's malware or a FP. Is it a file that windows needs? As of now it's quarantined.. I also pick up c://System Volume Information/restore/******** when doing a scan, are these FP's? It would be nice to get some feed back.....   

This seemed to be an incomplete file and scanner detected it as PEBomb. These sorts of cases have been resolved in next CIS 3.9 version, we have published BETA of the same and this file will not be detected by this BETA version:
https://forums.comodo.com/beta_corner_cis/comodo_internet_security_3973015489_beta_released-t37637.0.html

So it needed code fixes to address such cases.

Thanks
-umesh

Offline donnyd

  • Comodo Loves me
  • ****
  • Posts: 170
Re: Whats the story with MFC45.DLL?????
« Reply #6 on: April 13, 2009, 04:03:41 PM »
Hi donnyd,
This seemed to be an incomplete file and scanner detected it as PEBomb. These sorts of cases have been resolved in next CIS 3.9 version, we have published BETA of the same and this file will not be detected by this BETA version:
https://forums.comodo.com/beta_corner_cis/comodo_internet_security_3973015489_beta_released-t37637.0.html

So it needed code fixes to address such cases.

Thanks
-umesh
umesh,
 Thanks for the info.........
     donnyd

Offline rogerg2

  • Comodo's Hero
  • *****
  • Posts: 298
  • If It Is Not Broken, DO NOT TRY TO FIX IT!
Re: Whats the story with MFC45.DLL?????
« Reply #7 on: October 10, 2010, 02:42:19 PM »
Hello, I am also now receiving from my CIS 5 today that this file is corrupt. I have received notification from AV telling me that this file is bad. I had ran this file through Virus Total and had received;
File name:
mfc45.dll
Submission date:
2010-10-10 19:30:13 (UTC)
Current status:
queued (#12) queued analysing finished
Result:
5/ 43 (11.6%)
MD5   : 24f479679d2ccf09c40acbb49e863fa1
SHA1  : 80a0a32f447414ad17099883cb8efea5a4ec4e58
SHA256: 023b50bd71f1b403af50a41e0a6dfddab50f53cdacc86c3e138efada73720fab

I have no idea what I should do next.

Thank You
Windows 7 Ultimate/Asus Crosshair V Formula/AMD 8350FX 4.4xx GHz/CD 31.1 /CIS 7.0.315459.4132/Norton DNS/Malwarebytes 2.0.1.1004

Offline meidan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 2676
Re: Whats the story with MFC45.DLL?????
« Reply #8 on: October 10, 2010, 02:48:54 PM »
Hello, I am also now receiving from my CIS 5 today that this file is corrupt. I have received notification from AV telling me that this file is bad. I had ran this file through Virus Total and had received;
File name:
mfc45.dll
Submission date:
2010-10-10 19:30:13 (UTC)
Current status:
queued (#12) queued analysing finished
Result:
5/ 43 (11.6%)
MD5   : 24f479679d2ccf09c40acbb49e863fa1
SHA1  : 80a0a32f447414ad17099883cb8efea5a4ec4e58
SHA256: 023b50bd71f1b403af50a41e0a6dfddab50f53cdacc86c3e138efada73720fab

I have no idea what I should do next.

Thank You

Hi rogerg2,

Thank you for your submission. We'll check this and get back to you soon.

Kind Regards,
Erik M.

Offline rogerg2

  • Comodo's Hero
  • *****
  • Posts: 298
  • If It Is Not Broken, DO NOT TRY TO FIX IT!
Re: Whats the story with MFC45.DLL?????
« Reply #9 on: October 10, 2010, 02:50:52 PM »
Thank You
Windows 7 Ultimate/Asus Crosshair V Formula/AMD 8350FX 4.4xx GHz/CD 31.1 /CIS 7.0.315459.4132/Norton DNS/Malwarebytes 2.0.1.1004

Offline rogerg2

  • Comodo's Hero
  • *****
  • Posts: 298
  • If It Is Not Broken, DO NOT TRY TO FIX IT!
Re: Whats the story with MFC45.DLL?????
« Reply #10 on: October 10, 2010, 03:17:10 PM »
Hi rogerg2,

Thank you for your submission. We'll check this and get back to you soon.

Kind Regards,
Erik M.

I have just sent that file (mfc45.dll) to the link: http://www.comodo.com/home/internet-security/submit.php
Windows 7 Ultimate/Asus Crosshair V Formula/AMD 8350FX 4.4xx GHz/CD 31.1 /CIS 7.0.315459.4132/Norton DNS/Malwarebytes 2.0.1.1004

Offline FangFang

  • First Response Group
  • Comodo Member
  • *****
  • Posts: 49
Re: Whats the story with MFC45.DLL?????
« Reply #11 on: October 11, 2010, 01:35:20 AM »
Hello, I am also now receiving from my CIS 5 today that this file is corrupt. I have received notification from AV telling me that this file is bad. I had ran this file through Virus Total and had received;
File name:
mfc45.dll
Submission date:
2010-10-10 19:30:13 (UTC)
Current status:
queued (#12) queued analysing finished
Result:
5/ 43 (11.6%)
MD5   : 24f479679d2ccf09c40acbb49e863fa1
SHA1  : 80a0a32f447414ad17099883cb8efea5a4ec4e58
SHA256: 023b50bd71f1b403af50a41e0a6dfddab50f53cdacc86c3e138efada73720fab

I have no idea what I should do next.

Thank You
Hi rogerg2 ,
This is to inform you that false-positive with
<mfc45.dll> (SHA1: <80a0a32f447414ad17099883cb8efea5a4ec4e58>)
has been fixed.
You can update to AV database Version <6349> of  Comodo Internet Security Version<5.0.162636.1135> and confirm it.

Regards,
fangfang

Offline rogerg2

  • Comodo's Hero
  • *****
  • Posts: 298
  • If It Is Not Broken, DO NOT TRY TO FIX IT!
Re: Whats the story with MFC45.DLL?????
« Reply #12 on: October 11, 2010, 10:56:58 AM »
Once again thank you and all of you so very much for making CIS an awesome security product. :-)

Roger

 :comodorocks:
Windows 7 Ultimate/Asus Crosshair V Formula/AMD 8350FX 4.4xx GHz/CD 31.1 /CIS 7.0.315459.4132/Norton DNS/Malwarebytes 2.0.1.1004

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek