3 False Positives [FIXED]

fOrTy_7 · March 21, 2009, 10:06am

FP - Unclassified Malware[at]8429306

WindowsXP/system32/drivers/ithsgt.sys ( I have no idea what it’s for but seems to be a FP)

https://www.virustotal.com/pl/analisis/57ddb01c7d1172357b1bfea62603ca21

============================================

NirCmd 2.00 ( NirCmd - Windows command line tool )

FP - Unclassified Malware[at]5300955

nircmd.exe

https://www.virustotal.com/pl/analisis/3b9984c6ec97a2d3824279867d2afed3

FP - Unclassified Malware[at]5324401

nircmdc.exe

https://www.virustotal.com/pl/analisis/a1d2fba5333f9f4d67dad324c84b7f17

All files are detected as threat by CIS with database version 1076 and earlier.

sriramp · March 21, 2009, 12:03pm

Hi fOrTy_7,

These mentioned tools, “NirCMD” from nirsoft, are termed as potentially unsafe applications and are not false positives. Please add them to your exclusion lists if you really want to continue using those files.

Regarding the file “WindowsXP/system32/drivers/ithsgt.sys”, the file shall be checked for false positive and shall be fixed. Thanks for your submissions.

Regards,
Sriram.P

fOrTy_7 · March 22, 2009, 9:15pm

I see that ithsgt.sys FP has been fixed. Thanks. :-TU

As for NirCmd command line tool, I know that some antivirus vendors detect this tool as riskware, hackertool or unwanted/unsafe application because it was / is often used by malware. But the application itself isn’t a malware, so shouldn’t it be labeled by CIS as ApplicUnsaf… or ApplicUnwnt… instead of Unclassified Malware[at]… ? At least I saw these categories on your website Comodo Anti-Malware Database - Latest additions.

sriramp · March 24, 2009, 5:41am

Hi,

Yes! The detected names have now been renamed. Please update your bases to check the detection names.

Regards,
Sriram.P

fOrTy_7 · March 24, 2009, 7:58am

All has been fixed now. Thanks. :-TU