FP Google toorbar (AGAIN!)

[Guest]

[patrice58]

C:\Users\Smile\AppData\Local\Temp\Low\Google Toolbar\gtbFD44.tmp.exe Heur.Dual.Extensions thanks

[Ionel]

Hi Patrice58,

C:\Users\Smile\AppData\Local\Temp\Low\Google Toolbar\gtbFD44.tmp.exe Heur.Dual.Extensions thanks

Files having two extensions are commonly used by malware creators to mislead users into executing them. For example, a file named "picture.jpg.exe" can trick user into opening it believing it's an image file format when, in fact, it's a malware executable. Giving this scenario, a heuristic approach was necessary to notify users of such files, therefore allowing them to further choose to allow the execution of such files (if he's aware of it and fully knows the implications and purpose of files) or deny the execution of files if he's not aware of the purpose of the applications.

For this particular case, if you were trying to install "Google Toolbar" application and the warning came up during this procedure, it means you can further allow the file to be executed.

In order to fix this, please submit the file as false-positive at http://internetsecurity.comodo.com/submit.php. Until a fix will be available, to avoid CIS denying access to file, you can either add it to exclusion list or lower heuristic levels.

Thanks and regards,
Ionel

[patrice58]

I tried to submit the file but it came up with some blah blah about it being a 0mb file so it did not send it, but anyhow I have upgraded CIS since the FP so I don't know if that means anything, but more to the point why can't that file be put in the whitelist?

[Ionel]

Hi Patrice58,

The very reason which lead to 0kb warning on submission webpage is that CIS denies access to file unconditionally so no program/human can interact with it (neither the browser). Please add the file to exclusion list and after you'll be able to submit it.

We do add such files to white list, but there are cases when a single file have more than one variant (multiple build versions, multiple languages, etc) so we need the file itself that caused the false-positive in order to verify it and add the specific entry to white list.

Thanks and regards,
Ionel

[patrice58]

I can't upload the file as I am told I need permissions or whatnot so I logged in as a admin (I am typing this as a admin) and yet it still stays I needs permission to open the file. The real time scanner now sees it as a virus. Tho it's still classed as a Heur.Dual.Extensions but oddly in my last set up of CIS I had all heuristics on high, but with the new build I have not changed the heuristic setting so it is still on low.  So something is wrong somewhere.

[hailong.wang]

Hi Patrice58,

could you please tell me what the virus name reported by CIS ?

[patrice58]

Heur.Dual.Extensions

[shaogang.he]

Hi Patrice58
Before upload the file,pls disable real time scanner,Defense+ ,and firewall.
if the sampls has been quarantined,pls recovey it from quarantine zone,and then upload.
Thanks
Shaogang

[patrice58]

So disable all my security to send you a file...................

[Tags:]