Author Topic: setup_1096_MTE1NXwzNXww_.exe (false negative)  (Read 6326 times)

Offline DarthTrader

  • Comodo Member
  • **
  • Posts: 44
setup_1096_MTE1NXwzNXww_.exe (false negative)
« on: September 12, 2008, 08:30:57 PM »
Hello,

setup_1096_MTE1NXwzNXww_.exe is a malware sample from hxxp://www.bestantivirus2009.com, which no longer exists, but may come back anytime.  CIMA reports that this file is not suspicious, but in fact it is a fake security app.  I can PM the sample if you wish.

DarthTrader

Offline Baskar

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 84
Re: setup_1096_MTE1NXwzNXww_.exe (false negative)
« Reply #1 on: September 13, 2008, 03:08:10 AM »
Hello Darth Trader,

Could you please submit the file to us.

To know how to submit the file to us, please check the following link,

How to report/submit false positives

Much appreciated. :)

Regards,

Offline DarthTrader

  • Comodo Member
  • **
  • Posts: 44
Re: setup_1096_MTE1NXwzNXww_.exe (false negative)
« Reply #2 on: September 13, 2008, 06:19:51 AM »
Hello Baskar,

The file was submitted last night with "CIMA FALSE NEGATIVE..." in the subject line.

Baskar, please have a look at this page:

-Removed by 3xist for Safety Reasons of our users-

This page has a list of recently discovered malware sites.  Look for sites like "anti-spyware-this" or "anti-virus-that" and you can download and test the very latest malware samples.  This list is updated several times a day.

Regards,
DarthTrader

« Last Edit: September 13, 2008, 07:26:28 AM by 3xist »

3xist

  • Guest
Re: setup_1096_MTE1NXwzNXww_.exe (false negative)
« Reply #3 on: September 13, 2008, 07:27:29 AM »
Hi Darth.

Please Email the link to Basker. I removed the link to prevent users from accidentally clicking on infected links, etc.

Josh

Offline DarthTrader

  • Comodo Member
  • **
  • Posts: 44
Re: setup_1096_MTE1NXwzNXww_.exe (false negative)
« Reply #4 on: September 13, 2008, 09:09:39 AM »
Hello 3xist,

I have just PMed the link to Baskar.  Please be advised that I do not intend to submit many malware files for analysis.  I think the researchers should be "proactive" at finding samples.  :)

Some these sites are being taken down:
http://msmvps.com/blogs/hostsnews/archive/2008/09/12/1647592.aspx

But there are still plenty of live ones left and more are being added to "hphosts-partial" list every day.  I spend a lot of time looking for those sites and making sure they get added to that list.

Regards,
DarthTrader

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek