AV False Positives -- and Firefox crash

I have a DELL system – about 5 years old – and CIS AV has just started detecting TrojWare.Win32.TrojanDownloader.Dadobra.~BI[ at ]1923027 in several official DELL support downloads.

Can anyone confirm that for this file :


  1. CIS - AV consistently reports a trojan, and
  2. it’s a false positive (DELL isn’t delivering infected updates) ?

AV db: 781 is the version

Second, when CIS interrupts the above Firefox download, it allows the option “quaratine”, “remove”, “ignore”. When I choose “Remove”, Firefox locks up – I guess persistently trying to download something that CIS is persistently trying to delete.

Seems like such a common situation for an AV removal function should lock up another app like Firefox.

It must a false positive considering that it is digital signed.

[attachment deleted by admin]

Hi GiacomoGo,

We are looking into this issue. If its a FP, it will be fixed in the next update. But it does look like you might have missed a digit in the "TrojWare.Win32.TrojanDownloader.Dadobra.~BI[ at ]123027 " id part.


Thanks for having a look. I’m fairly certain it’s a false positive. I’ve fixed the number above … which reminds me to request a right-click “Copy name to clipboard” or similar function somewhere in the alert dialog or in the AV event viewer. It’s a bit of a hassle to copy that virus id out, which leads to … er … typos.

Otherwise, I’m finding CIS really heads & shoulders above the suite of AV/FW I’ve been cobbling together for the past year or so. Thanks for the great suite.