* Home Help Search Login Register  

Welcome, Guest. Please login or register.
January 04, 2010, 11:44:53 AM

Login with username, password and session length

347403 Posts
38435 Topics
87347 Members
Latest Member: curtit

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Internet Security - CIS
| | |-+  Bug Report - CIS
| | | |-+  False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
| | | | |-+  Post here your unfixed FP's (only after 2 days)		 « previous next »
Pages: [1] 2 3 ... 5 Go Down Print
Author Topic: Post here your unfixed FP's (only after 2 days)  (Read 12716 times)
eXPerience
Malware Researcher Virus Removal Helper Advanced Tweak Freak Crazy Little Devil
Global Moderator
Comodo's Hero
*****
Online Online

Posts: 6631


Why not ? The choice is yours !
« on: March 10, 2009, 09:16:12 AM »
Please post here all unfixed FP's . Please only post them when they're not detected after 2 days.

Please include,

- your original FP post
- when you last tested CIS against it + what database

When the FP is fixed, please delete your post in this topic again !

Thanks,

Xan
« Last Edit: March 10, 2009, 02:25:23 PM by eXPerience » Logged
umesh
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 568



WWW
« Reply #1 on: March 10, 2009, 09:20:30 AM »
Thanks eXPerience,
This will help us to clean up whatever is left.

Thanks
-umesh
Logged
evil_religion
Malware Research Group
Comodo's Hero
*****
Offline Offline

Posts: 345
« Reply #2 on: March 10, 2009, 04:23:57 PM »
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/again_heurpebomb_in_browser_cache-t35714.0.html
First post.
Last tested with DB 1046.
Logged
umesh
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 568



WWW
« Reply #3 on: March 11, 2009, 07:48:40 AM »

Quote
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/again_heurpebomb_in_browser_cache-t35714.0.html
First post.
Last tested with DB 1046.
Hi,
I have responded here:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/again_heurpebomb_in_browser_cache-t35714.0.html;msg258622#msg258622

Thanks
-umesh
Logged
ganda claus
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 5621


ho ho ho
« Reply #4 on: March 11, 2009, 09:33:18 AM »
yo!
what about the b2e.exe
i've posted it several times, but i can't remember where my posts are  Roll Eyes

but i remember it's been removed from BOClean database  Idea
Logged
MJ.nfl
Product Translator
Comodo Loves me
*****
Offline Offline

Posts: 156
« Reply #5 on: March 11, 2009, 04:51:18 PM »
RAR Slayer v1.1.exe
Sent it via mail.

Virus total results

http://www.virustotal.com/analisis/e28c42883cc2ab0c8a1f6f60f1f1f626

1. CPU Athlon 64 X2 4600+
2. Windows XP pro, service pack 3, 32 bit
3. CIS 3.8.65951.477
4. Antivirus - default settings
5. Firewall - custom policy mode
6. Defense+ - clean PC mode
7. Administrator account

Last scan today. Virus database 1049
« Last Edit: March 11, 2009, 04:56:25 PM by MJ.nfl » Logged
umesh
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 568



WWW
« Reply #6 on: March 11, 2009, 05:04:00 PM »
Hi,
We will have a look at this today.

Thanks
-umesh
Logged
donnyd
Comodo Loves me
****
Offline Offline

Posts: 119
« Reply #7 on: March 11, 2009, 05:11:23 PM »
Quote from: eXPerience on March 10, 2009, 02:23:40 PM
Hey guys,

It seems you reported 1 or more FP's to Comodo. Now it seems that some FP still haven't been fixed. I would like to ask you guys to report them again in this special topic. Please include :

- your original FP post
- when you last tested CIS against it + what database

When the FP is finally fixed, I would also like to request that you delete your post there, it will be easier for the devs then.

When I first report the FP this is what I came up with, I then put what I felt was FP in the exclusion list and it continued to flag the files that were in the exclusion list including the files that were quarantined. Log below:
Table :  Antivirus Logs
    Date Created :  2/13/2009 10:24:43 AM
    Log Scope :  Last 7 Days
    Records count :  58
Date/Time Action Location Malware Name Status
2/12/2009 4:43:49 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:44:49 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:44:49 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:45:08 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:45:08 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:45:29 PM Quarantine C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 4:56:23 PM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 5:43:22 PM Detect C:\My Downloads\My Downloads\copytodvd4se.exe Application.Win32.FraudTool.MacroVirus.~A[at]2937430 Success
2/12/2009 5:44:02 PM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 5:44:03 PM Detect C:\Program Files\CachemanXP\CachemanXPLauncher.exe Heur.Packed.Unknown Success
2/12/2009 5:44:44 PM Detect C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 5:47:12 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP103\A0014036.exe Heur.Packed.Unknown Success
2/12/2009 5:47:25 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014488.exe Heur.Packed.Unknown Success
2/12/2009 5:47:25 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014495.dll Heur.Packed.Unknown Success
2/12/2009 5:50:11 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008025.dll Heur.Packed.Unknown Success
2/12/2009 5:50:11 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008035.exe Heur.Packed.Unknown Success
2/12/2009 5:51:07 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP82\A0012050.dll Heur.Packed.Unknown Success
2/12/2009 5:51:34 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013767.dll Heur.Packed.Unknown Success
2/12/2009 5:51:34 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
2/12/2009 5:59:50 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:07:30 PM Ignore C:\My Downloads\My Downloads\copytodvd4se.exe Application.Win32.FraudTool.MacroVirus.~A[at]2937430 Success
2/12/2009 6:07:30 PM Ignore C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 6:07:31 PM Ignore C:\Program Files\CachemanXP\CachemanXPLauncher.exe Heur.Packed.Unknown Success
2/12/2009 6:07:31 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP103\A0014036.exe Heur.Packed.Unknown Success
2/12/2009 6:07:32 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014488.exe Heur.Packed.Unknown Success
2/12/2009 6:07:32 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP114\A0014495.dll Heur.Packed.Unknown Success
2/12/2009 6:07:32 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008025.dll Heur.Packed.Unknown Success
2/12/2009 6:07:33 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP75\A0008035.exe Heur.Packed.Unknown Success
2/12/2009 6:07:33 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP82\A0012050.dll Heur.Packed.Unknown Success
2/12/2009 6:07:34 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013767.dll Heur.Packed.Unknown Success
2/12/2009 6:07:34 PM Ignore C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
2/12/2009 6:22:04 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:06 PM Ignore C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:06 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:15 PM Ignore C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:15 PM Detect C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:23:20 PM Quarantine C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:24:28 PM Quarantine C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe Unclassified Malware[at]4237958 Success
2/12/2009 6:24:28 PM Quarantine C:\WINDOWS\system32\mfc45.dll Heur.PEBomb Success
2/12/2009 6:39:41 PM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl Heur.Pck.MEW Success
2/12/2009 6:39:42 PM Detect C:\Program Files\CachemanXP\CachemanXPLauncher.exe Heur.Packed.Unknown Success
2/12/2009 6:40:34 PM Detect C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe1 Unclassified Malware[at]4237958 Success
2/12/2009 6:40:34 PM Detect C:\Program Files\Comodo\COMODO Internet Security\Quarantine\mfc45.dll Heur.PEBomb Success
2/12/2009 6:47:41 PM Quarantine C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A0018919.exe1 Unclassified Malware[at]4237958 Success
2/12/2009 6:47:41 PM Quarantine C:\Program Files\Comodo\COMODO Internet Security\Quarantine\mfc45.dll Heur.PEBomb Success
2/12/2009 11:40:13 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0019151.dll Heur.PEBomb Success
2/13/2009 2:39:51 AM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0019151.dll Heur.PEBomb Success
2/13/2009 6:39:51 AM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP151\A0019151.dll Heur.PEBomb Success
2/13/2009 9:18:52 AM Detect C:\Program Files\Auslogics\AusLogics Disk Defrag\is-UMABG.tmp Heur.Pck.MEW Success
2/13/2009 9:19:05 AM Ignore C:\Program Files\Auslogics\AusLogics Disk Defrag\is-UMABG.tmp Heur.Pck.MEW Success
2/13/2009 9:19:35 AM Detect C:\Program Files\Auslogics\AusLogics Disk Defrag\AxPackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:19:42 AM Ignore C:\Program Files\Auslogics\AusLogics Disk Defrag\AxPackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:25:15 AM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\is-TV8VC.tmp Heur.Pck.MEW Success
2/13/2009 9:25:19 AM Ignore C:\Program Files\Auslogics\AusLogics Registry Defrag\is-TV8VC.tmp Heur.Pck.MEW Success
2/13/2009 9:25:22 AM Detect C:\Program Files\Auslogics\AusLogics Registry Defrag\axpackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:25:27 AM Ignore C:\Program Files\Auslogics\AusLogics Registry Defrag\axpackage10.bpl Heur.Pck.MEW Success
2/13/2009 9:28:52 AM Detect C:\Program Files\Auslogics\AusLogics Disk Defrag\is-V7N3F.tmp Heur.Pck.MEW Success
2/13/2009 9:28:56 AM Ignore C:\Program Files\Auslogics\AusLogics Disk Defrag\is-V7N3F.tmp Heur.Pck.MEW Success
End of The Report

Today I removed the files from the exclusion list with the exception of //Comodo.**** and ran the scan again with the lateset version and DB and this is what it flaged:
  Table :  Antivirus Logs
    Date Created :  3/11/2009 12:15:51 PM
    Log Scope :  Today
    Records count :  2
Date/Time Action Location Malware Name Status
3/11/2009 12:03:08 PM Detect C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success
3/11/2009 12:11:20 PM Quarantine C:\System Volume Information\_restore{6D3FBDEF-8C21-4647-9BF3-72176E328E86}\RP99\A0013776.exe Heur.Packed.Unknown Success  

It seems the system volume info is always flaged as a threat and whats the story with this file?
C:\WINDOWS\system32\mfc45.dll



Thanks,
donnyd
Logged
Ramanan
Global Moderator
Comodo Family Member
*****
Offline Offline

Posts: 81
« Reply #8 on: March 12, 2009, 02:42:32 AM »
Quote from: Lt.ganda on March 11, 2009, 09:33:18 AM
yo!
what about the b2e.exe
i've posted it several times, but i can't remember where my posts are  Roll Eyes

but i remember it's been removed from BOClean database  Idea

Hi Lt.ganda,

CIS is not detecting the file b2e.exe with/without heuristics. Please verify it with the latest base update. If you still find the detection in CIS, please submit the sample to AVLab.

Thanks,
Ramanan
Logged
ganda claus
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 5621


ho ho ho
« Reply #9 on: March 12, 2009, 03:32:20 AM »
nope, still there with database #1049  Tongue
Logged
eXPerience
Malware Researcher Virus Removal Helper Advanced Tweak Freak Crazy Little Devil
Global Moderator
Comodo's Hero
*****
Online Online

Posts: 6631


Why not ? The choice is yours !
« Reply #10 on: March 12, 2009, 06:35:36 AM »
This is what I got over pm

Original post:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/qfecheck_fp-t36252.0.html

Last test:  today with DB 1049

Thanks
Hakan

Xan
Logged
Ramanan
Global Moderator
Comodo Family Member
*****
Offline Offline

Posts: 81
« Reply #11 on: March 13, 2009, 05:56:34 AM »
Quote from: Lt.ganda on March 12, 2009, 03:32:20 AM
nope, still there with database #1049  Tongue

Hi Lt.ganda,

Please check with the latest base update.

Thanks,
Ramanan
Logged
Ramanan
Global Moderator
Comodo Family Member
*****
Offline Offline

Posts: 81
« Reply #12 on: March 13, 2009, 06:01:01 AM »
Quote from: MJ.nfl on March 11, 2009, 04:51:18 PM
RAR Slayer v1.1.exe
Sent it via mail.

Virus total results

http://www.virustotal.com/analisis/e28c42883cc2ab0c8a1f6f60f1f1f626

1. CPU Athlon 64 X2 4600+
2. Windows XP pro, service pack 3, 32 bit
3. CIS 3.8.65951.477
4. Antivirus - default settings
5. Firewall - custom policy mode
6. Defense+ - clean PC mode
7. Administrator account

Last scan today. Virus database 1049

Hi MJ.nfl,

The file in question is detected by heuristics and is a cracking application. Although it is not a "maliclious software", the purpose of the detection is to warn the user about potentially unwanted/dangerous applications. Moreover, such cracking applications are packed/protected by some non standard programs which are used almost only by malicious files. This detection is one such generic detection. If someone still wants to use the crack application, the user can just add the file to exclusion list.

Thanks,
Ramanan
Logged
monkeytails
Newbie
*
Offline Offline

Posts: 8
« Reply #13 on: March 14, 2009, 06:52:18 AM »
False Positive in relation to BOClean files (evidence.boc) has reappeared although different threat this time.

See attached image file.

Should I upload to avlab again?

Edit: reappeared with Database version 1049 and still present with Database version 1056
Logged
sureshk
Comodo Loves me
****
Offline Offline

Posts: 112
« Reply #14 on: March 15, 2009, 02:02:28 AM »
Quote from: monkeytails on March 14, 2009, 06:52:18 AM
False Positive in relation to BOClean files (evidence.boc) has reappeared although different threat this time.

See attached image file.

Should I upload to avlab again?

Edit: reappeared with Database version 1049 and still present with Database version 1056

Hi monkeytails,

Thanks for reporting,
FYI : evidence.boc is a backup file ,which BOClean takes before removing the file on detection.

That might not be a FP.

Thanks and Regards,
Suresh.
Logged
Tags:
Pages: [1] 2 3 ... 5 Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.055 seconds with 20 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com