3 UnclassifiedMalware flags in my Hirens Boot CD files

huge1 · December 8, 2010, 4:24am

OK I’ve got another result from my scan to ask about …

Three files from my downloaded “Hiren’s Boot CD” collection are triggering UnclassifiedMalware warnings from CIS. I guessed that they might be false positives at first, but after uploading one to VirusTotal and seeing most of the scanners flag it as some sort of bug, I’m not so sure.

Here’s the VT link:

http://www.virustotal.com/file-scan/report.html?id=a6f4c52aed92aa1787810ea7ab6851e9803b37d83d09fcaf5a906825f4bfda4d-1291780602

That was on “splitter.exe”. I’m submitting the other two as I type this. Here’s VT for “autorun.exe”:

http://www.virustotal.com/file-scan/report.html?id=387a0e84072d8baff4ef964f1a5bdc434777d2744aadd7b9b9860c886fbfcd90-1291781402

And here’s “proceXP.exe”:

http://www.virustotal.com/file-scan/report.html?id=ea0048fa7f7a31f7521a2f30e9fb0c1b3e83a13f92904ceb3e9e492c3e7d6fa9-1291781739

So all of them are setting off alarms all over the place. Given the sort of “gray area” status of Hiren’s BootCD, I can imagine that either these are all false positives triggered by software that does a lot of low-level stuff that might look suspicious to an AV scanner, OR that they’re real malware that someone injected into a collection that is popular on file-sharing networks.

I’ve been doing a lot of system building & OS-installing lately, so I’ve certainly used Hiren’s Boot CD recently, and I’m not sure whether this is the download that I burned my CD from.

Any thoughts? I’ll submit at least one of these files to Comodo unless someone tells me that’s a bad idea for some reason…

e_xistense · December 8, 2010, 12:08pm

Hello huge1,

We’ll check the submission and get back to you after investigation.

Regards,
Ionel

haja · December 8, 2010, 12:49pm

Hi huge1,

Reported files are not False Positives.

Regards,
Haja

huge1 · December 10, 2010, 12:29am

Thanks Haja. I certainly beleived that, but I appreciate the official confirmation.

Can you (or anyone) suggest where I should go from here to determine (a) whether I am actually infected from those files, (b) what the behavior is of the malware in question, and (c) how to make sure all remnants are removed from my system? I realize that this is no longer an issue for the “false positives” forum, but I’m not sure exactly what to do next other than deleting the infected files.

I often find myself in this spot - I’ve discovered that I have some malware residing in a file or files on my computer, but I’m not sure whether I ever executed the infected file, or, if I did, whether the virus or malware got a foothold in my system, or, if it did, whether it actually did any damage.

If there is another forum where I should be posting more questions, let me know… I can’t find an obvious choice in the Comodo forum hierarchy, but maybe I’m being blind.

A more general form of the same question - where should I post questions about a file that CIS flags that I do not believe to be a false positive? If I should be moving outside the Comodo forums for that kind of query, that’s fine - just let me know…

Thanks again for your help!