Author Topic: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[resolved]  (Read 24626 times)

Offline pudelein

  • Comodo Loves me
  • ****
  • Posts: 128
Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[resolved]
« on: December 04, 2008, 08:05:02 PM »
I have been using CMF for ages alongside Avira AntiVir Free without any problems,  However, in my scan this evening,
using today's updates, Antivir reports that %ProgramFiles%\Comodo\Memory Firewall\cmfd.sys is "TR/Rootkit.Gen".  I will report this to Avira as a false positive, but think Comodo might like to know about the situation.
« Last Edit: December 07, 2008, 03:47:48 AM by ganda (256mb) »

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: Avira AntiVir identifies CMF as TR.Rootkit.Gen!
« Reply #1 on: December 04, 2008, 08:13:33 PM »
Thanks pudelein..

For everyone who's getting this alert you can put the CMF folder into avira's exlusion list until avira fixes this problem.
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline pudelein

  • Comodo Loves me
  • ****
  • Posts: 128
Re: Avira AntiVir identifies CMF as TR.Rootkit.Gen!
« Reply #2 on: December 04, 2008, 08:29:29 PM »
Kyle,

Avira may wish to download the CMF installer to try the whole thing themselves (I did upload cmfd.sys for their inspection), but I cannot find it on Comodo's pages anymore!  Do you have a notion about that?

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: Avira AntiVir identifies CMF as TR.Rootkit.Gen!
« Reply #3 on: December 04, 2008, 08:32:08 PM »
http://www.memoryfirewall.comodo.com/

It's not exactly easy to find unless you know where to look on the homepage :(
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline Bracca

  • Comodo Loves me
  • ****
  • Posts: 103
Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan. Help needed.
« Reply #4 on: December 05, 2008, 04:13:47 AM »
I think this is false positive? Since i tried to update comodo memory firewall since it asked for me to update it. As soon as i clicked ythe update choice, Avira pops up and says that C:\Documents and settings\Bracca\Application Data\Comodo\Comodo\Memory Firewall\Data\Tempfiles\cmfd.sys as a Rootkit/Trojan. Weird since Avria has never done this before.

Offline Cordialis

  • Newbie
  • *
  • Posts: 7
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan. Help needed.
« Reply #5 on: December 05, 2008, 04:18:07 AM »
Yes, it probably is. I have the same issue. Avira wants someone to upload the file and send it to their lab. I don't know if anyone did it.

There is one more thread about it here: https://forums.comodo.com/help/avira_antivir_identifies_cmf_as_trrootkitgen-t31243.0.html
« Last Edit: December 05, 2008, 04:24:30 AM by Cordialis »

Offline Cordialis

  • Newbie
  • *
  • Posts: 7
Re: Avira AntiVir identifies CMF as TR.Rootkit.Gen!
« Reply #6 on: December 05, 2008, 04:21:10 AM »
There is one more thread about it here: https://forums.comodo.com/empty-t31261.0.html

Offline Bracca

  • Comodo Loves me
  • ****
  • Posts: 103
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan. Help needed.
« Reply #7 on: December 05, 2008, 04:59:51 AM »
Ah. Thanks n.n

Offline Cordialis

  • Newbie
  • *
  • Posts: 7
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan. Help needed.
« Reply #8 on: December 05, 2008, 05:10:37 AM »
You're welcome. I actually think Comodo should write Avira a little friendly note. Avira is fine company, - I'm sure they'll work something out...

Offline pudelein

  • Comodo Loves me
  • ****
  • Posts: 128
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan. Help needed.
« Reply #9 on: December 05, 2008, 09:38:34 AM »
I submitted cmfd.sys to Avira last night as a suspected false positive.  ID number is 25203587.  They replied to me  this morning that it is indeed a false positive and will be removed in an updated signature file.

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5896
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan. Help needed.
« Reply #10 on: December 05, 2008, 09:48:12 AM »
merged here  :)
double post removed  (:m*)
 :Beer

Offline weaker

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 505
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[merged thread]
« Reply #11 on: December 05, 2008, 04:57:46 PM »
I also submitted it but pudelein was faster because it immediately recognised it as a FP and after the update everything was well again. Avira is really quick with FP.

Offline Cordialis

  • Newbie
  • *
  • Posts: 7
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[merged thread]
« Reply #12 on: December 06, 2008, 12:14:41 PM »
It's fixed! The update went through smoothly just an hour ago! Thanks Comodo and Avira!

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5896
Re: Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[merged thread]
« Reply #13 on: December 07, 2008, 03:46:47 AM »
locked then  :)
 :Beer

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek