Any chance this is a false positive?

title the program/file that is detected:
\Program Files\Aeriagames\LastChaosUSA\Bin\Shaders.dll
detected : Virus.Win32.Virut.CE@86480074
CIS database #: 10752
detected: 11/11/2011

It is hard to see how only my patch would have been infected. Comodo detected it as soon as the patch ran and I quarantined it immediately. Others seem to be reporting that a virus, possibly only based on heuristics, was reported by unspecified other AV software, but there are at least some other reports of viruses associated with this game’s latest patch.

I tried submitting it from the quarantine list and it was displayed as “already submitted” with a green check by it. I don’t know if this means it was automatically submited by comodo from my PC or other comodo users have also already submitted it …

Hi zeelis,

Please submit the detected file as False Positive using the following link: Comodo Antivirus Database | Submit Files for Malware Analysis

Thanks & Regards,

Is letting it out of quarantine the only way to do this?

You can temporarily disable the AV, then release it from quarantine, remember that Defense+ will still protect you. Then you can upload it as a false positive. Once that is done you can turn your AV back on and quarantine it until the analysis is complete.

Done. I needed to select ignore once 3 times but it is back in quarantine after submission.

Unsure if it would help, I still I also took the measure, while the actual file was in quarantine, of creating a dummy file with the same name and set up custom rules under defense+ for it … I set CIS to block all the available accesses by it. I wasn’t sure which would be safer on the other tab: activate all protections or leave them inactive? I made them all active in case it was something else interacting with the file that might be a risk. I then deleted the dummy file and unquarantined the actual file with the new rule already in place for the brief period it was out of quarantine. I assumed these were things that comodo might otherwise not guard against. I tried to make sure I did everything I could have during the unavoidable additional brief exposure so any clarification of this would be appreciated.


This is to inform you that false-positive has been fixed.
You can update to AV database Version <10763> of Comodo Internet Security and confirm it.


Kind Regards,
Erik M.

Updated the signature to 10765 and confirmed CIS no longer reports the file.

Thank you for the quick response.