I don’t know if it’s a false positive or not. Please let me know!
I downloaded this latest version of 7zip x64 from 7-zip.org site and when installing I got a VirusScope event saying it has a Generic.Trojan @ 137 @ 1.
Attached zip file contains the executable.
TotalVirus page link:
Comodo VirusScope version details:
recognizerCryptolocker.dll 1.11.0.135
recognizer_v10.1.0.6476.dll 10.1.0.6476
Hi justin_smith,
Thank you for reporting this.
We’ll check them and get back to you soon.
Regards,
Deepak PV
Hi justin_smith,
The sample you have submitted as false-positive is Not Detected by Comodo Internet Security version 10.2.0.6514 with database version 28664
Please make sure the Antivirus database is updated and check again. If detection is still present, please submit the file to
Comodo Antivirus Database | Submit Files for Malware Analysis.
SHA1:0a5059aaf7f0006c09632ebe39abae37cd739011 7z1801-x64.exe
Regards,
Deepak PV
Deepak, please note that it’s the VirusScope that flags this item, not AV. Is that the same thing? Sorry if a dumb question.
No, VirusScope is comodo’s behavior blocker which monitors for suspicious activities by unknown applications, the 7zip installer is trusted so I’m not sure why VirusScope was monitoring it. Make sure the installer is rated trusted in the file list.
The install file (7z1801-x64.exe) and all the (7-z*exe) files it installed into Program Files and Program Files (x86) are Unrecognized in File List.
Lookup probably failed for some reason. Try performing a lookup in File List. Provided hash is the correct one… it’s trusted.
Ahh! Thank you! That’s was it. I was offline I bet when I was installing it.
Now I tried the Lookup feature (did not know it existed!) and they got cleared up.
Questions:
I noticed C:\Windows\system32\cscript.exe is Untrusted too (the only one remaining!) and Lookup for it shows Trusted rating but for some reason it does not get changed to being trusted and remains Untrusted with Orange question mark next to it (not the regular gray question mark)
I wanted to remove some of the older files from the list. When I click Purge however, it shows not just selected but ALL files it wants to purge. It says they are NOT valid files but I see many of them still exist on the system. Anyway, I later found “Remove” option and used that instead of Purge to purge some older non-existing files.
Thanks!
The file list is not dynamic, you would need to close and re-open file list to see the change.
2. I wanted to remove some of the older files from the list. When I click Purge however, it shows not just selected but ALL files it wants to purge. It says they are NOT valid files but I see many of them still exist on the system. Anyway, I later found "Remove" option and used that instead of Purge to purge some older non-existing files.file list keeps track of each file per file hash, so if hash changes then the entry with the previous hash becomes invalid.