...about ccrpbds6.dll...

Lizard · January 4, 2007, 9:51am

If a sufficiently interested party would go to the trouble of downloading and scanning the ORIGINAL ccrpbds6.dll (from the source, Common Controls Replacement Project - http://ccrp.mvps.org) and scanning it with CAVS, he/she would find that it’s being detected as infected right out of the box. :THNK Now I guess it is possible to have a file already infected at the supplier or one containing a built-in virus (about as likely as the earth getting hit by a meteorite, methinks - there’s an actual chance of that happening too, you know), however, perhaps a check of the CAVS detection rules regarding this file would be welcome, too.
Sincerely,
Lizard

P.S. Actually, while one is at it, the same goes for the last free version of RapidQ basic and it’s libs (RapidQ - Wikipedia, links section at the bottom), which supposedly contain the Backdoor.Win32.Raid.a (rapidq32.lib, rapidqcc.lib) and Backdoor.Win32.SOB.112 (rapidq3.lib); Apparently, CAVS is not the only one having a problem with these files (see http://tech.groups.yahoo.com/group/rapidq/message/27034 for reference and possible causes) but that does not make them infected…

kail · January 4, 2007, 3:08pm

Hi Lizard, welcome to the forums.

It could well be a False Positive. Have you used CAVS to send this DLL to Comodo & asked them? This is the easiest way to ask the CAVS team.

Lizard · January 4, 2007, 6:58pm

Hi, and thanks for your reply.
No, I haven’t sent the file to Comodo, for two reasons. The first is that actually I meant to post this as a reply into a previous topic where people already were complaining about the same file; I’m not sure why it ended up as a new topic. Second, because I just said that the ORIGINAL file on the mentioned site gets detected as well, so I see no need to send my personal copy of it if anyone can test the one at the source, the subject being already in discussion. Frankly, I was hoping to get appropriate (read: someone who can do something about it) attention to the matter via my previous post, and considered that sending the file would be more appropriate if I actually believed that the mentioned files WERE infected. As it is, I’m sure they aren’t, and mention all this instead of just adding them into ignore only in the hope that the rules get changed and some bloke in the future gets spared of freaking out because of them.
regards,
Lizard