A2GUARD.exe False Positive

Just got warning

worldcrypt malware

and another solsuite.exe a solitare game

I installed both A-Squared antimalware and Solsuite to see whether I could duplicate that. Solsuite.exe scans clean here, but I can confirm the a-squared FP.

I just reported the FP to both NSClean and Comodo directly, and I have no doubt that this will be taken care of very fast indeed. :slight_smile:

Apologies to those affected, that one was entirely my own fault … never used Delphi to code and thus thought I had a really good slice of code based on the WORLDCRYPT “obfuscator” which has become VERY popular with a LOT of those nasties that replicate hourly in the past few weeks. Messed up on where I took the sample from and have fixed it. Anyone affected, and those NOT already affected are advised to RIGHT click their BOClean traybar icon, and select “check for update” so you can quickly get the fix before something ends up going sideways on ya. Update’s already there along with more new nasties covered.

Would appreciate someone mentioning this elsewhere should it come up there … in the meantime, here’s our official “update notice” to our existing customers below … and once again MY apologies, this one was entirely my fault for trying to do too many things at the same time, and not paying enough attention …

This update also fixes an accidental false positive on several DELPHI-based programmes which use a particular library “helper” routine which was incorrectly defined as a component of the “WORLDCRYPT” obfuscator. Please pass along the word if you hear of anyone else who’s seen this false positive. It was MY fault, not our team of analysts. :frowning:

  • Kevin McAleavey …

FILEDATE: 2007-04-07 10:48:31 (UTC)

THIRTY-NINE new nasties for a total of 23232 UNIQUE infectors (275,990 variants of these including trojans, worms, bots, hijackers, downloaders, spam proxies, rootkits, adware, spyware, keyloggers, “dialers” and other malware in total) covered in today’s update for BOClean 4.22. BOClean 4.23 for VISTA and others coming in about a week.

Please also note that if you ever miss an update (or several) the update you collect includes ALL previous update information. There is no need to go hunting down other updates. The current one is always complete.

Hi Kevin. :slight_smile:

Thanks for the heads up, and for that lightning fast response!
http://castlecops.com/modules/Forums/images/smiles/eclipsee_gold_cup.gif

Cheers,

Thanks Kevin.
As always BOClean is already updated here.

You ALREADY HAVE the latest update.Nothing to download.Quitting (:WIN)

I have a question however.
You mentioned a license number/lifetime serial number for the current paid users of BOClean when Vista 4.23 comes out.
Where and how will we be able to get this download and license?

STILL working on the code for all that … unfortunately, making sure we don’t slip ANY gears in getting from hither to yon, making sure the nasties are dealt with as the highest priority has gotten in the way of getting code done, as it’s always been with BOClean … the folks at COMODO are getting VERY well trained and so far I’m impressed with how QUICKLY they’re coming up to speed and that will free up time for me to get to all this. But right now, still coding when I can. Since BOClean never had any of this “licencing stuff” before, it’s been a bit of work. Some other minor changes have been required as has been the case with any new BOClean - problems seen before get fixed too. :slight_smile:

EXISTING customers will be directed to a special page I’m guessing, and you’ll need to download the new 4.23 from that link. Then you’ll need to UNinstall the existing BOClean after shutting it down once you’ve GOT the download. When you go to install the 4.23 BOClean, you’ll receive a popup that will ask you for your email address. Go ahead and fill THAT in. Underneath that, you’ll see a checkbox if you WANT to receive any other information from COMODO. Folks will notice that it is NOT checked by default in accordance with OUR and COMODO’s privacy policies. You’ll need to CHECK it to “opt in” if you want to.

When the installation finishes and BOClean does its “first update” then it will automatically send in the registration to COMODO silently in the background as you grab your first update to bring you current in BOClean. In a short while, you’ll receive an email from COMODO that will look like this:


Subject: ORDER #xxxxxxxxxx - CONFIRMATION
From: “Comodo Security Services” support@comodo.com
To: (you)
Date: Sat, 07 Apr 2007 10:30:20 +0000

Your order has been received!

Dear (you),

Thank you for placing your order. Your Order Number is xxxxxxxxxx. Please quote this Order Number in all correspondence. You have applied for:
Product Value
Comodo BO Clean $0.00
Total Value $0.00

Kind Regards,

Comodo Security Services

Support Email: support@comodo.com
Support Telephone: +1.206.203.6361
Support Website: http://support.comodo.com

Comodo CA Limited - US Office
525 Washington Blvd.
Jersey City, NJ 07310-1600

Comodo CA Limited - European Office
26 Office Village,
Exchange Quay, Trafford Road,
Salford, Manchester M5 3EQ,
United Kingdom

Comodo is a leading global provider of trust and assurance services for the Internet - Creating Trust Online™. Executed through a range of Business Infrastructure Solutions differentiated by security and total cost of ownership. Comodo’s web hosting automation and infrastructure solutions offer enterprise class digital e-commerce products and services. Leveraging from a broad range of security-centric solutions allows customers’ telecommunications networks to become more intelligent, reliable and secure. Maintaining an intense focus on customers who derive strategic value from their business infrastructures has paved the way for a diverse yet perfectly synergistic portfolio of security focused solutions and services. Comodo is the main driving force behind Establishing Trust™ initiatives for e-Business, curbing Phishing attacks and creating an Identity Assurance and Brand Protection framework.

Expertise with the life cycle management of Digital Certificates and creation of issuance tools enables Comodo to provide infinitely scaleable security deployment to individuals and enterprises alike. Comodo is the world’s second largest and fastest growing High Assurance Certification Authority.

Join the online fax revolution! Send your faxes online with TrustFax!

Trustix Operating System - The launch platform for Zero Touch Linux™ applications.

And you’re all done! We want to make this as painless as any other dealings with us BOClean folks, nice, easy, “zero touch” as possible. But it’ll all be taken care of conveniently and quickly.

I’m sure it’ll be exactly the same for our “NEW customers” as well …

Now need to beg everyone’s indulgence … have a LOT of work to do, but need me some sleep first. For the next week or so, will be WAY too busy to hit any forums but once all of this is done and my folks are up to speed, will finally have time to come out and play again. In the meantime, folks should ALSO know that the BOClean assets and the attenion of some INCREDIBLY talented malware and virus analysts are now all under one roof, and that means that COMODO Antivirus is also well on its way to some serious improvements as well … and it’s PARTICULARLY nice to be able to combine BOClean and CAV into something you’ll never have to worry about getting along nicely! :slight_smile:

Thanks Kevin!!
Support of BOClean is great as always, I really appreciate that!!

Thanks, J! Once again, my personal apologies that anyone NEEDED support in the first place. :frowning:

An EMPTY support mailbox is a HAPPY one! Heh.

Very informative, Kevin, as always: thanks. :slight_smile:

SLEEP, SLEEP… your getting up to your bad habits again, quick more black coffee and buckets full of NoDoze for the man. ;D

Lol :slight_smile: Yeah we can’t wait any longer :wink:

Greetz, Red.