OK I’ve got another result from my scan to ask about …
Three files from my downloaded “Hiren’s Boot CD” collection are triggering UnclassifiedMalware warnings from CIS. I guessed that they might be false positives at first, but after uploading one to VirusTotal and seeing most of the scanners flag it as some sort of bug, I’m not so sure.
Here’s the VT link:
That was on “splitter.exe”. I’m submitting the other two as I type this. Here’s VT for “autorun.exe”:
And here’s “proceXP.exe”:
So all of them are setting off alarms all over the place. Given the sort of “gray area” status of Hiren’s BootCD, I can imagine that either these are all false positives triggered by software that does a lot of low-level stuff that might look suspicious to an AV scanner, OR that they’re real malware that someone injected into a collection that is popular on file-sharing networks.
I’ve been doing a lot of system building & OS-installing lately, so I’ve certainly used Hiren’s Boot CD recently, and I’m not sure whether this is the download that I burned my CD from.
Any thoughts? I’ll submit at least one of these files to Comodo unless someone tells me that’s a bad idea for some reason…
We’ll check the submission and get back to you after investigation.
Reported files are not False Positives.
Thanks Haja. I certainly beleived that, but I appreciate the official confirmation.
Can you (or anyone) suggest where I should go from here to determine (a) whether I am actually infected from those files, (b) what the behavior is of the malware in question, and (c) how to make sure all remnants are removed from my system? I realize that this is no longer an issue for the “false positives” forum, but I’m not sure exactly what to do next other than deleting the infected files.
I often find myself in this spot - I’ve discovered that I have some malware residing in a file or files on my computer, but I’m not sure whether I ever executed the infected file, or, if I did, whether the virus or malware got a foothold in my system, or, if it did, whether it actually did any damage.
If there is another forum where I should be posting more questions, let me know… I can’t find an obvious choice in the Comodo forum hierarchy, but maybe I’m being blind.
A more general form of the same question - where should I post questions about a file that CIS flags that I do not believe to be a false positive? If I should be moving outside the Comodo forums for that kind of query, that’s fine - just let me know…
Thanks again for your help!