Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
January 01, 2010, 11:29:42 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
346620
Posts
38320
Topics
87029
Members
Latest Member:
Rezina Rittenhouse
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Archive Boards
Comodo BOClean Anti-Malware
false positive??
« previous
next »
Pages:
[
1
]
2
Author
Topic: false positive?? (Read 4684 times)
Toxteth O'Grady
Comodo's Hero
Offline
Posts: 538
false positive??
«
on:
April 22, 2007, 08:20:07 AM »
To my surprise giFTl.exe, which is part of KCEasy, is reported to be a trojan horse. I have had this program for years. Who knows what damage it has done, if this alarm is correct. How do I know whether it is or not?
Logged
TonyKlein
Comodo Family Member
Offline
Posts: 85
Re: false positive??
«
Reply #1 on:
April 22, 2007, 10:32:39 AM »
It has to be a False Positive, I should think. Hopefully Kevin or someone else will be around before long to comment.
Logged
Tony
CLSID List
-
Autostart Locations
Toxteth O'Grady
Comodo's Hero
Offline
Posts: 538
Re: false positive??
«
Reply #2 on:
April 22, 2007, 10:47:37 AM »
I hope (and think) you're right about it being a false positive. I never had the impression that the programmer of KCeasy was one of the bad guys.
Anyway, lets consider this incident to be something positive. Now I have experienced myself how effective BOclean stops something (bad) from launching.
Logged
TonyKlein
Comodo Family Member
Offline
Posts: 85
Re: false positive??
«
Reply #3 on:
April 22, 2007, 10:51:58 AM »
Well, I'm not familiar with KCeasy myself, but I Googled around a little, and I could not find any information to suggest that it is bad news.
I suggest you add the KCeasy executable to BOClean's program excluder for the time being (if you haven't done so already.)
Logged
Tony
CLSID List
-
Autostart Locations
Toxteth O'Grady
Comodo's Hero
Offline
Posts: 538
Re: false positive??
«
Reply #4 on:
April 22, 2007, 11:07:23 AM »
Thanks for the suggestion. I'll do that.
Logged
dwax
Comodo Family Member
Offline
Posts: 62
Re: false positive??
«
Reply #5 on:
April 22, 2007, 11:37:11 AM »
I have had BoClean for about 5 years now, and if BoClean caught something you can pretty well be sure it was a bad guy. There are not many false positives.
Logged
TonyKlein
Comodo Family Member
Offline
Posts: 85
Re: false positive??
«
Reply #6 on:
April 22, 2007, 11:43:31 AM »
Quote from: dwax on April 22, 2007, 11:37:11 AM
I have had BoClean for about 5 years now, and if BoClean caught something you can pretty well be sure it was a bad guy. There are not many false positives.
I agree, but they do occur, and I do believe this probably is one of those cases, as I believe KCeasy has been around for quite some time as well.
If it were indeed malware, I'm sure that by now there would be ample information to that effect.
... this is of course assuming you downloaded KCeasy from a reputable source, and that the executable in question is indeed located in the Program Files\KCeasy directory ...
But let's wait for Kevin or someone else to drop by.
Logged
Tony
CLSID List
-
Autostart Locations
Toxteth O'Grady
Comodo's Hero
Offline
Posts: 538
Re: false positive??
«
Reply #7 on:
April 22, 2007, 11:58:45 AM »
Straight from the source. In fact, I just downloaded and installed it again. The same warning popped up with the new version\installation.
Logged
TonyKlein
Comodo Family Member
Offline
Posts: 85
Re: false positive??
«
Reply #8 on:
April 22, 2007, 12:05:44 PM »
Thought it might; alrighty, let's wait for someone who'll be able to shed some light on the phenomenon..
Logged
Tony
CLSID List
-
Autostart Locations
Kevin McAleavey
Comodo's Hero
Offline
Posts: 369
Snag a nasty? NO problem! =)
Re: false positive??
«
Reply #9 on:
April 22, 2007, 12:40:04 PM »
Quote from: user4 on April 22, 2007, 08:20:07 AM
To my surprise giFTl.exe, which is part of KCEasy, is reported to be a trojan horse. I have had this program for years. Who knows what damage it has done, if this alarm is correct. How do I know whether it is or not?
Can you tell me what it's being reported as? That'd help in tracking down where the problem definition is. I'm no longer doing the whole nine yards myself, so need to find out what we've got and get my guys on fixing it ...
Logged
"I reject your reality and substitute my own." - (Adam Savage, "MYTHBUSTERS" TV show)
Toxteth O'Grady
Comodo's Hero
Offline
Posts: 538
Re: false positive??
«
Reply #10 on:
April 22, 2007, 01:11:09 PM »
This is the message:
------------------------------------------------------------------
Location of startup: FILE
D:\SOFTWARE\KCEASY\GIFT\GIFTL.EXE
This trojan horse program was found on your machine.
It has been shut down, but the FILE from which it
started still remains and can be started up again.
Do you want the file removed also?
-------------------------------------------------------------------------
The file from which it started would be kceasy.exe itself. At least, that is where the shortcut to the program points to.
Logged
~cat~
Global Moderator
Comodo's Hero
Offline
Posts: 969
CBO "...there is nothing better."
Re: false positive??
«
Reply #11 on:
April 22, 2007, 01:20:25 PM »
It's detecting it as Safeshare.
Logged
Parched dry and thirsty, knee deep in the river of life.
TonyKlein
Comodo Family Member
Offline
Posts: 85
Re: false positive??
«
Reply #12 on:
April 22, 2007, 01:23:35 PM »
Incidentally, I just came across
this forum thread
in which AVG Anti-Spyware detected the same file as "Not-A-Virus.PornTool.Win32.Porn2Peer.a"
Now AVG FP or not, could there be a relation?
Logged
Tony
CLSID List
-
Autostart Locations
Toxteth O'Grady
Comodo's Hero
Offline
Posts: 538
Re: false positive??
«
Reply #13 on:
April 22, 2007, 01:32:43 PM »
It says it's not a virus, but Porn2Peer. That's why I use this program.
I just checked and none of the scanners over at
http://virusscan.jotti.org/
found anything. It must be safe. I hope...
«
Last Edit: April 22, 2007, 01:35:21 PM by user4
»
Logged
Kevin McAleavey
Comodo's Hero
Offline
Posts: 369
Snag a nasty? NO problem! =)
Re: false positive??
«
Reply #14 on:
April 22, 2007, 09:32:03 PM »
[edited]
My error ... it was reported as malware but apparently the variant you have is just "not a good idea." Based on reports from other antimalware vendors, I'll have that one removed. However the detect was not a false positive - it dates back a ways and definitely wasn't clean at the time ...
«
Last Edit: April 22, 2007, 09:36:42 PM by Kevin McAleavey
»
Logged
"I reject your reality and substitute my own." - (Adam Savage, "MYTHBUSTERS" TV show)
Tags:
Pages:
[
1
]
2
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Want to help Comodo?
-----------------------------
=> Help Spread the Word - Official Comodo banners and logos
=> How can you help Comodo? (Please we do need you!)
===> Help spread the word! (Please read and help)
===> Comodo website issues for submitting website problems only
=> Please tell us your views and Vote here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Comodo.TV - Our Internet Video Channel
===> Comodo.TV - News and Announcements
===> Comodo.TV - Program Lineup
===> Audience Feedback and Suggestions
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Internet Security - CIS
===> Overview - CIS
===> Help - CIS
=====> Anti Virus Help
=====> Firewall Help
=====> Defense+ Help
=====> Install / Setup / Configuration Help
===> FAQ - CIS
=====> Anti Virus FAQ
=====> Firewall FAQ
=====> Defense+ FAQ
=====> Install / Setup / Configuration FAQ
===> Feedback/Comments/Announcements/News - CIS
===> Guides - CIS
=====> Anti Virus Guides
=====> Firewall Guides
=====> Defense+ Guides
=====> Install / Setup / Configuration Guides
=====> Video Guides
===> Wishlist - CIS
=====> Anti Virus Wishlist
=====> Firewall Wishlist
=====> Defense+ Wishlist
=====> GUI -Graphical User Interface - Wishlist
===> Bug Report - CIS
=====> Anti Virus Bugs
=====> Firewall Bugs
=====> Defense+ Bugs
=====> Other - General - GUI etc Bugs
=====> False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
===> Virus/Malware Removal Assistance
===> Leak Testing/Attacks/Vulnerability Research
=> Comodo Time Machine - CTM
===> Frequent Asked Questions (FAQ)
=> Comodo Dragon - CD
=> Comodo Instant Malware Analysis Online - CIMA
=> Comodo Disk Encryption - CDE
===> Overview - CDE
===> Help - CDE
===> FAQ - CDE
===> Feedback/Comments/Announcements/News - CDE
===> Wishlist - CDE
===> Beta Corner - CDE
===> BUG Reports - CDE
=> Comodo Secure Email - CSE
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo TrustConnect - Securing the Wireless world!
=> Comodo EasyVPN - CEVPN
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about Comodo EasyVPN
===> Bug reports
===> Help for Comodo EasyVPN
=> HopSurf (Bringing Internet to you)
=> Comodo Online Backup - COB
=> Comodo Backup - CB
===> Comodo Backup - FAQ
===> Comodo Backup - Help
=> Verification Engine - CVE
=> Comodo Vulnerability Analyzer - CVA
=> Comodo AntiSpam - CAS
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo System Cleaner - File/Registry/Privacy Cleaner
=> Live PC Support (geeks ready to help 24/7/365)
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Computer Firewalls
=> Anti Virus/Malware Products/Other Security products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> HIPS (Host Intrusion Prevention Systems)
=> Anti Phishing solutions
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments (not product related)
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> tiếng Việt / Vietnamese
===> Slovenský / Slovak
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
-----------------------------
Archive Boards
-----------------------------
=> Comodo Diskshield
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
=> Launch Pad (Discontinued)
=> Trusttoolbar (Discontinued)
=> Comodo Meet (Web Conferencing Product) (Discontinued)
=> User Anywhere (Remote Access product) (Discontinued)
=> Trustix Enterprise Firewall
=> ZTL
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Comodo Memory Firewall Beta Corner
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> i-Vault
=> Safesurf
Page created in 0.039 seconds with 16 queries.
Powered by SMF 1.1.11
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com