False positives in V3 Malware scanner [Merged Threads]

[Guest]

[Ragwing]

btw, is it OK to run 2 AVs? NOD32 & AVG

It's ok, but it's not recommend. Instead, use one for real-time, and the other one as an on-demand scanner.
They might conflict with eachother.

Cheers,
Ragwing

[Colon]

Hello!

During Installation Comodo Firwall Pro Version 3.0.18.309 I have been scanning my System.
Comodo showed me also 2 files:
Trojan.Win32.Patched.m(ID = 0x72d15) C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
Trojan.Win32.Patched.m(ID = 0x72d15) C:\WINDOWS\system32\winlogon.exe

But ein cannot believe that this 2 files are trojans?
To delete this files may cause a incorrect working system ist my opinion.

I uploaded this 2 files to an online Scanner. The result was " no Threat".
   

[sded]

There are a number of false positives reported with this initial version of the cfp3 virus scanner.  Should be upgraded as we go along.  These should just be verified with a second anti-virus tool-which you would probably do anyway.  I get two false positives also. 

[simmikie]

Hello!

During Installation Comodo Firwall Pro Version 3.0.18.309 I have been scanning my System.
Comodo showed me also 2 files:
Trojan.Win32.Patched.m(ID = 0x72d15) C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
Trojan.Win32.Patched.m(ID = 0x72d15) C:\WINDOWS\system32\winlogon.exe

But ein cannot believe that this 2 files are trojans?
To delete this files may cause a incorrect working system ist my opinion.

I uploaded this 2 files to an online Scanner. The result was " no Threat".
   

you may want to take a look at this:  http://www.techsupportforum.com/security-center/hijackthis-log-help/152865-nhfenhf-dll-removal.html or you may not.


Mike

[Colon]

Thank you for your prompt reply.

Is there a chance to get the Firewall 3.0  in german language?

[sded]

There is a forum auf Deutsch hierin-fragen sie nach es dort.  http://forums.comodo.com/deutsch_german-b79.0/ .

[Colon]

There are a number of false positives reported with this initial version of the cfp3 virus scanner.  Should be upgraded as we go along.  These should just be verified with a second anti-virus tool-which you would probably do anyway.  I get two false positives also. 

Yes, its correct you are right.   It is definitiv a false positives reported.
I have checked the files with "FileAlyzer". 
MD5:    2B6A0BAF33A9918F09442D873848FF72
SHA1:  E94549181CC6CDF9F5373E86C857049B73BAEE66

Both files are "C L E A N"

[Carolina Senior]

I ran the Comodo Firewall scanner last evening, and it found this one item. I did not delete it yet, as I don't know if it's a FP or something I need.

Ran Spybot and Ewido online scan, they found nothing. It was getting late so put off running SUPERAntiSpyware and HouseCall till later today. I also did a Google, and found a couple posts on the Wilders Forums, but they really didn't tell me much. What is it and should it be deleted?

Thanks.
Larry

[Vettetech]

You can see when the file was created. It sounds like a false positive to me. The Comodo scanner still has a ways to grow. I use SuperAntiSpyware and Spybot once a week only on demand. If its a file that has been in your pc for years then its safe. You can quarantine it rather then delete it.

[jalobservateur]

Hi folks !
Sorry for my english 
Since 12 hours , i was surching for and alert on my comodo Pro 3 scan on my 2 cumputers.
About : Trojan Win 32.Patched.m, at Winlogon and Winlogon .exe.
I am working on computer security and i tried about everything !
Nothing told me that trojan isi true .
Absolutetly nothing goes wrong whit my 2 machcines except this indication ?
Somebody have a idea ?
Thank you
 jal

[GYL]

hello,i've exactly the same problem ;i've tested with virustotal and jotti nothing.Je pense que tu es français,surtout,ne vires pas winlogon,tu ne pourras plus redemarrer,cele m"est arrivé avec une fp de dr web

[GYL]

http://forums.comodo.com/help_for_v3/winlogonexe-t20095.0.html    the fp was already signified with older version and nothing has been done:not very serious

[fidmas]

There are a load of Legacy and DOS programs on this box that are being falsely called VBS.ka.\\.A, Worm.Win9x.LJacker.4352 and Chill.544 threats by "Defense+ Common Tasks > Scan My System".  Is there any way to:

- Ignore a threat
- Get COMODO to stop making these mistakes

short of just not using this feature?

Thanks.

[fidmas]

I hope I'm not posting twice, but I ca't find the previous post. :-/

So here it is again if anyone can help.
-----
There are a load of Legacy and DOS programs on this box that are being falsely called VBS.ka.\\.A, Worm.Win9x.LJacker.4352 and Chill.544 threats by "Defense+ Common Tasks > Scan My System".  Is there any way to:

- Ignore a threat
- Get COMODO to stop making these mistakes

short of just not using this feature?

Thanks.

[sded]

Probably will need to wait for the next revison of the on-demand scanner.  Unfortunately, don't know when that is scheduled.  I just got a couple of false postives, and after checking them with another anti-virus program just ignore them.  The main purpose of the scanner is to remind you to make sure that when you install CFP and tell it you have a clean PC, that you really do and haven't accumulated some virus along the way that you didn't know about.  After that, assuming you have a good antivirus program, that should take care of you as usual along with the HIPS capabilities in D+.

[Tags:]