i found a file that antivir detects it as clean while comodo detects it as virus.so i sent the file to antivir as suspicious file and sent it to comodo as false positive.however,their replies to me remains oppersite.which one shoud we trust?both are famous brands.
here is the reply from antivir:
Gentile signora, Egregio signore,
La ringraziamo per la sua mail inviata al laboratorio antivirus di Avira.
N. ordine: INC00724218.
Abbiamo ricevuto i seguenti dati di archivio:
ID File Nome file Dimensione (byte): Risultato
26111032 ghjginfected.zip 9.23 MB OK
Di seguito viene riportato un elenco dei file e dei risultati che erano contenuti nei file di archivio:
ID File Nome file Dimensione (byte): Risultato
26111033 HELP.CHM 1.22 MB CLEAN
26111034 readme.txt 501 Byte CLEAN
26111035 XMSDSK########.exe 25.5 KB DAMAGED FILE (UNKNOWN)
26111036 ####GHOST######.iso 8.51 MB CLEAN
I risultati esatti per ogni file si trovano nella seguente sezione:
Nome file Risultato HELP.CHM CLEAN
Il file ‘HELP.CHM’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
Nome file Risultato readme.txt CLEAN
Il file ‘readme.txt’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
Nome file Risultato XMSDSK########.exe DAMAGED FILE (UNKNOWN)
Il file ‘XMSDSK########.exe’ è stato classificato come ‘DAMAGED FILE (UNKNOWN)’. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Nome file Risultato ####GHOST######.iso CLEAN
Il file ‘####GHOST######.iso’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
In alternativa i risultati dell’analisi possono essere consultati dal seguente link:
http://analysis.avira.com/samples/details.php?uniqueid=K2D8vpBsvfWr9wKxAZTv8nFAzpsv30kz&incidentid=724218
Zusätzlich finden Sie eine Übersicht aller Einsendungen hier:
http://analysis.avira.com/samples/details.php?uniqueid=K2D8vpBsvfWr9wKxAZTv8nFAzpsv30kz
In caso di altre segnalazioni future le consigliamo di utilizzare da subito il modulo di upload dei file. In questo modo il risultato, se già noto, viene mostrato in tempo reale anche nel modulo. Inoltre i messaggi relativi a file infetti che confermano il sospetto di un falso allarme possono essere trasmessi solo tramite questo modulo. http://analysis.avira.com/samples/index.php?lang=de
Nota: Per domande specifiche rivolgersi a support@avira.com
Cordiali saluti
Avira Virenlabor
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germania
Telefono: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.de
Amministratore: Tjark Auerbach
Sede dell’azienda: Tettnang
Registro delle imprese: Pretura di Ulm HRB 630992
and here is the reply from comodo:
Hi,
This is to inform you that the submitted file <1KG_20101010_CD.rar>
(SHA1: <7858e58ae4897cb371c72e876f7b5936788df1d5> ) is not a false positive. The file is detected because it’s contain a malware application “XMSDSK.exe”.
Thanks.
Kind Regards,
Erik M.
Comodo AntiVirus Lab
Hi fgsfhsfgh,
“XMSDSK.exe” is not “DAMAGED”, it can be executed. The file was found to be a patcher. Generally Patchers, loaders, trainers, keygens won’t be seen as goodware. If you plan to use this file further, you can add it to exclusion list.
You can also see VirusTotal report
Kind Regards,
Erik M.
by the way,i have also started the same thread at antivir.here is the link: http://forum.avira.com/wbb/index.php?page=Thread&postID=1077318#post1077318
Edit by EricJH: fixed the url; it can now be clicked on
but if the file is really a virus,i should not use it anymore.but why u say i can still use it?
click on the link to that file you posted in the other forum. Looks like Avira backtracked and said it is malware, so they were wrong at first but now they see it as malware.