Author Topic: CIS- Potential false positive or actual Trojan?  (Read 611 times)

Offline geoc

  • Newbie
  • *
  • Posts: 2
CIS- Potential false positive or actual Trojan?
« on: January 26, 2018, 06:56:35 PM »
Hi,

Over the past few days I've seen some strange activity with my PC.

Whenever I perform a full Malwarebytes scan, at the "File system" stage - I believe when it is searching the WindowsApps folder in Program Files; CIS flags something in relation to MBAM as an odd Trojan variant.

The path is generally shown as C:\ProgramData\Malwarebytes\MBAMService\Unique I'D..  and the variant is named TrojWare.Win32.TrojanDownloader.Tovkater.ID[at]452171600. There's around 4 instances been flagged by Comodo; only the unique id being different.

Comodo had also quarantined a few of my already existing trusted programs such as JetBrains Datagrip uninstall.exe; Notepad++ uninstall.exe and some Mozilla Maintenacnce service executable.

After looking up this Tovkater, it seems like a fairly new variant so I'm not entirely sure if this is an actual malware or it is the 2 programs colliding. Apparently the Trojan downloads more malware to install but the mentioned applications have been on my machine for quite a while and all came from trusted sources.

Does anyone have more info? I've been monitoring my processes and such but I'm not too sure what to think so my machine is currently offline for precautions.

Note; ran CIS quick and full scans, Malwarebytes, verified Windows files are digitally signed too.
« Last Edit: January 26, 2018, 07:04:37 PM by geoc »

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2582
Re: CIS- Potential false positive or actual Trojan?
« Reply #1 on: January 27, 2018, 01:04:39 AM »
Hi,geoc

This is to inform you that false-positive has been fixed.
You can update to AV database Version <28423> of  Comodo Internet Security Version<10.0.1.6223> and confirm it.

Best regards
Chunli.chen

Offline geoc

  • Newbie
  • *
  • Posts: 2
Re: CIS- Potential false positive or actual Trojan?
« Reply #2 on: January 27, 2018, 09:28:42 AM »
Hi there,

I will check shortly and let you know of updates.

So was this indeed a false positive issue and not an actual malware infection correct?

Thanks

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek