* Home Help Search Calendar Login Register  

Welcome, Guest. Please login or register.
May 17, 2008, 02:37:25 AM

Login with username, password and session length

155185 Posts
19179 Topics
47326 Members
Latest Member: mazukka

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo BOClean Anti-Malware
| | |-+  Comodo BOClean Anti-Malware FAQ
| | | |-+  False Positives...where to send? [Resolved]		 « previous next »
Pages: [1] Go Down Print
Author Topic: False Positives...where to send? [Resolved]  (Read 2638 times)
Jbob
Comodo Member
**
Offline Offline

Posts: 34
« on: May 05, 2007, 09:51:32 AM »
I've looked and I'm sure I've overlooked but where do we send the files that are being alerted on that we suspect are FPs?
« Last Edit: May 08, 2007, 06:32:26 PM by Soya » Logged
mike6688
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 1993
« Reply #1 on: May 05, 2007, 12:03:23 PM »
[edit] sorry, misread the post, please see ~cats~ reply below. [/edit]
« Last Edit: May 05, 2007, 03:57:10 PM by mike6688 » Logged
C.O.M.O.D.O: CFP3 & Defence+ | CMF | VEngine | TrustConnect | CAVS 3 (soon)
XP SP3 32bit | 2.16GHz | 2GB Ram
~cat~
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 964


CBO "...there is nothing better."
« Reply #2 on: May 05, 2007, 01:39:29 PM »
Hi Jbob,
You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line "False Positive?" for clarity's sake.
As usual, zip and password protect with "infected" including that information in the body.

Edited for new submissions address.
« Last Edit: November 18, 2007, 01:06:12 PM by ~cat~ » Logged
Parched dry and thirsty, knee deep in the river of life.
Jbob
Comodo Member
**
Offline Offline

Posts: 34
« Reply #3 on: May 05, 2007, 08:36:57 PM »
Ok thanks Cat, that's what I was looking for.

In this case the alert was on the file npad.exe in my system32 folder.  The alert occured on bootup this morning.  No alerts before and this file has been on my computers for a while now.  This file is called by a startup command and has something to do with Notepad.  If I'm not mistaken it has to do with NotePad2.  This file is loaded as part of a RyanVM install of WinXP and was created by dgelwin.  I trust his sources.  It is part of one of the extra Cab installers that is designed to load NotePad2 during the windows install.   It is called from HKCU.../run.  The description shows Notepad Shortcut Replacement.

I am almost 100% this file is ok however I think it uses UPX so might be part of the issue.  I sent the file to both Jotti and Virustotal.  Jotti found nothing but did say UPX packers detected.  Virustotal has three vendors, eSafe, Panda and Prevx1 show a result of suspicious Trojan/Worm, Suspicious file and Win32.Malware.gen.  I presume that is just an alert on the UPX packer used.

The BOC alert was:(of which this is still BOC version 4.22.002)
MSNSC Malware Stopped by BOCLEAN along with the file name and the usual gui info.

What is strange about this alert is even though I told it to NOT delete the file each time I clicked on the file it alerted me again.  I had thought that with BOC once you told it to not delete the file it ignored the detection until a restart?
Logged
~cat~
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 964


CBO "...there is nothing better."
« Reply #4 on: June 06, 2007, 03:42:16 PM »
Jbob,
I'm going to assume this was a FP and it was resolved..?
I'll lock it and mark as resolved unless I hear back otherwise.
Thanks!
Logged
Parched dry and thirsty, knee deep in the river of life.
Tags: False Positives 
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.25 seconds with 19 queries.
Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com