Welcome, Guest. Please login or register.
January 01, 2010, 10:55:26 AM

Login with username, password and session length

346617 Posts
38320 Topics
87026 Members

Latest Member: msebisa

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Archive Boards
| |-+  Comodo BOClean Anti-Malware
| | |-+  A2GUARD.exe False Positive
« previous next »
Pages: [1] Go Down Print
Author Topic: A2GUARD.exe False Positive  (Read 6308 times)
ken1943
Newbie
*
Offline Offline

Posts: 7


« on: April 07, 2007, 03:29:06 AM »

Just got warning

worldcrypt malware

and another  solsuite.exe a solitare game
« Last Edit: April 07, 2007, 04:29:56 AM by ken1943 » Logged

KenW
TonyKlein
Comodo Family Member
***
Offline Offline

Posts: 85



« Reply #1 on: April 07, 2007, 05:22:45 AM »

I installed both A-Squared antimalware and Solsuite to see whether I could duplicate that.  Solsuite.exe scans clean here,  but I can confirm the a-squared FP.

I just reported the FP to both NSClean and Comodo directly,  and I have no doubt that this will be taken care of very fast indeed.  Smiley
Logged

Kevin McAleavey
Comodo's Hero
*****
Offline Offline

Posts: 369


Snag a nasty? NO problem! =)


« Reply #2 on: April 07, 2007, 06:06:22 AM »

Apologies to those affected, that one was entirely my own fault ... never used Delphi to code and thus thought I had a really good slice of code based on the WORLDCRYPT "obfuscator" which has become VERY popular with a LOT of those nasties that replicate hourly in the past few weeks. Messed up on where I took the sample from and have fixed it. Anyone affected, and those NOT already affected are advised to RIGHT click their BOClean traybar icon, and select "check for update" so you can quickly get the fix before something ends up going sideways on ya. Update's already there along with more new nasties covered.

 Would appreciate someone mentioning this elsewhere should it come up there ... in the meantime, here's our official "update notice" to our existing customers below ... and once again MY apologies, this one was entirely my fault for trying to do too many things at the same time, and not paying enough attention ...

 This update also fixes an accidental false positive on several DELPHI-based programmes which use a particular library "helper" routine which was incorrectly defined as a component of the "WORLDCRYPT" obfuscator. Please pass along the word if you hear of anyone else who's seen this false positive. It was MY fault, not our team of analysts.  Sad

 - Kevin McAleavey ...

 FILEDATE: 2007-04-07 10:48:31 (UTC)

 THIRTY-NINE new nasties for a total of 23232 UNIQUE infectors (275,990  variants of these including trojans, worms, bots, hijackers, downloaders, spam proxies, rootkits, adware, spyware, keyloggers, "dialers" and other malware in total) covered in today's update for BOClean 4.22. BOClean 4.23 for VISTA and others coming in about a week.

 Please also note that if you ever miss an update (or several) the update you collect includes *ALL* previous update information. There is no need to go hunting down other updates. The current one is always complete.
Logged

"I reject your reality and substitute my own." - (Adam Savage, "MYTHBUSTERS" TV show)
TonyKlein
Comodo Family Member
***
Offline Offline

Posts: 85



« Reply #3 on: April 07, 2007, 06:11:17 AM »

Hi Kevin.  Smiley

Thanks for the heads up,  and for that lightning fast response!

Cheers,
Logged

JWill
Guest
« Reply #4 on: April 07, 2007, 06:22:18 AM »

Thanks Kevin.
As always BOClean is already updated here.

You ALREADY HAVE the latest update.Nothing to download.Quitting  Wink

I have a question however.
You mentioned a license number/lifetime serial number for the current paid users of BOClean when Vista 4.23 comes out.
Where and how will we be able to get this download and license?
Logged
Kevin McAleavey
Comodo's Hero
*****
Offline Offline

Posts: 369


Snag a nasty? NO problem! =)


« Reply #5 on: April 07, 2007, 06:58:14 AM »

STILL working on the code for all that ... unfortunately, making sure we don't slip ANY gears in getting from hither to yon, making sure the nasties are dealt with as the *highest* priority has gotten in the way of getting code done, as it's always been with BOClean ... the folks at COMODO are getting VERY well trained and so far I'm impressed with how QUICKLY they're coming up to speed and that will free up time for me to get to all this. But right now, still coding when I can. Since BOClean never had any of this "licencing stuff" before, it's been a bit of work. Some other minor changes have been required as has been the case with any new BOClean - problems seen before get fixed too.  Smiley

EXISTING customers will be directed to a special page I'm guessing, and you'll need to download the new 4.23 from that link. Then you'll need to UNinstall the existing BOClean after shutting it down once you've GOT the download. When you go to install the 4.23 BOClean, you'll receive a popup that will ask you for your email address. Go ahead and fill THAT in. Underneath that, you'll see a checkbox if you WANT to receive any other information from COMODO. Folks will notice that it is NOT checked by default in accordance with OUR and COMODO's privacy policies. You'll need to CHECK it to "opt in" if you want to.

 When the installation finishes and BOClean does its "first update" then it will automatically send in the registration to COMODO silently in the background as you grab your first update to bring you current in BOClean. In a short while, you'll receive an email from COMODO that will look like this:

---------------------------------------------------------------------
Subject: ORDER #xxxxxxxxxx - CONFIRMATION
From: "Comodo Security Services" <support[at]comodo.com>
To: (you)
Date: Sat, 07 Apr 2007 10:30:20 +0000


Your order has been received!


Dear (you),

Thank you for placing your order. Your Order Number is xxxxxxxxxx. Please quote this Order Number in all correspondence. You have applied for:
Product Value
Comodo BO Clean $0.00
Total Value $0.00


Kind Regards,


Comodo Security Services

Support Email: support[at]comodo.com
Support Telephone: +1.206.203.6361
Support Website: http://support.comodo.com

Comodo CA Limited - US Office
525 Washington Blvd.
Jersey City, NJ 07310-1600

Comodo CA Limited - European Office
26 Office Village,
Exchange Quay, Trafford Road,
Salford, Manchester M5 3EQ,
United Kingdom

Comodo is a leading global provider of trust and assurance services for the Internet - Creating Trust Online™. Executed through a range of Business Infrastructure Solutions differentiated by security and total cost of ownership. Comodo's web hosting automation and infrastructure solutions offer enterprise class digital e-commerce products and services. Leveraging from a broad range of security-centric solutions allows customers' telecommunications networks to become more intelligent, reliable and secure. Maintaining an intense focus on customers who derive strategic value from their business infrastructures has paved the way for a diverse yet perfectly synergistic portfolio of security focused solutions and services. Comodo is the main driving force behind Establishing Trust™ initiatives for e-Business, curbing Phishing attacks and creating an Identity Assurance and Brand Protection framework.

Expertise with the life cycle management of Digital Certificates and creation of issuance tools enables Comodo to provide infinitely scaleable security deployment to individuals and enterprises alike. Comodo is the world's second largest and fastest growing High Assurance Certification Authority.

Join the online fax revolution! Send your faxes online with TrustFax!

Trustix Operating System - The launch platform for Zero Touch Linux™ applications.
---------------------------------------------------------------------

 And you're all done! We want to make this as painless as any other dealings with us BOClean folks, nice, easy, "zero touch" as possible. But it'll all be taken care of conveniently and quickly.

 I'm sure it'll be exactly the same for our "NEW customers" as well ...

 Now need to beg everyone's indulgence ... have a LOT of work to do, but need me some sleep first. For the next week or so, will be WAY too busy to hit any forums but once all of this is done and my folks are up to speed, will finally have time to come out and play again. In the meantime, folks should ALSO know that the BOClean assets and the attenion of some INCREDIBLY talented malware and virus analysts are now all under one roof, and that means that COMODO Antivirus is also well on its way to some serious improvements as well ... and it's PARTICULARLY nice to be able to combine BOClean and CAV into something you'll never have to worry about getting along nicely!   Smiley
Logged

"I reject your reality and substitute my own." - (Adam Savage, "MYTHBUSTERS" TV show)
JWill
Guest
« Reply #6 on: April 07, 2007, 07:20:16 AM »

Thanks Kevin!!
Support of BOClean is great as always, I really appreciate that!!
Logged
Kevin McAleavey
Comodo's Hero
*****
Offline Offline

Posts: 369


Snag a nasty? NO problem! =)


« Reply #7 on: April 07, 2007, 07:35:22 AM »

Thanks, J! Once again, my personal apologies that anyone NEEDED support in the first place.  Sad

An EMPTY support mailbox is a HAPPY one! Heh.
Logged

"I reject your reality and substitute my own." - (Adam Savage, "MYTHBUSTERS" TV show)
greenhatch
Comodo Member
**
Offline Offline

Posts: 43


« Reply #8 on: April 07, 2007, 09:49:39 AM »

Very informative, Kevin, as always: thanks. Smiley
Logged
strange quark
Comodo Family Member
***
Offline Offline

Posts: 87



« Reply #9 on: April 10, 2007, 04:29:45 PM »

Now need to beg everyone's indulgence ... have a LOT of work to do, but need me some sleep first.

 SLEEP, SLEEP............................ your getting up to your bad habits again, quick more black coffee and buckets full of NoDoze for the man.  Grin
Logged

Cartoon Laws of Physics:
Law 9 : Everything falls faster than an anvil.
Rednose
Malware Research Group
Comodo's Hero
*****
Offline Offline

Posts: 1689


Ganda's wet dream ...


« Reply #10 on: April 10, 2007, 05:31:55 PM »

Lol Smiley Yeah we can't wait any longer Wink

Greetz, Red.
Logged

Malware Fighter !
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 1 seconds with 18 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com