I ran a MBAM scan last night - it turned up several items, but two of them look pretty bad, and CIS doesn’t flag them. Plus the name MBAM gives them (spyware.passwords.XGen) is a big horrifying, although none of the other VT detections give a name that sounds so specifically bad.
I’ve submitted both to Comodo (did it through the software instead of the web interface - is it preferable to use the web?).
They are “test.exe” inside an online poker application folder (which I, strangely enough, think of as being reasonably trustworthy), and 1818543287[1].exe inside the directory:
…\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GHNNA8G
Neither exact file had been seen by VT before, but it analyzed them and gave beck a lot of badness:
Erik - Thanks for the reply, but I submitted these because I think they’re false NEGatives (abbreviated in the post title). MBAM and VT are clearly flagging them, but CIS is not giving me a warning on scanning them. Are you saying that on your system CIS is flagging them as malware?
I submitted both of them already, through the CIS software. And then I nuked them both, since they seemed pretty clearly to be bad news, and I figured you guys had them already. I also previously submitted them both to VT.
So I’m afraid I don’t have copies anymore. Do you have access to the files I submitted through the software? Is it better somehow for us to submit files through the web interface?