I have a DELL system – about 5 years old – and CIS AV has just started detecting TrojWare.Win32.TrojanDownloader.Dadobra.~BI[ at ]1923027 in several official DELL support downloads.
Can anyone confirm that for this file :
- CIS - AV consistently reports a trojan, and
- it’s a false positive (DELL isn’t delivering infected updates) ?
AV db: 781 is the version
Second, when CIS interrupts the above Firefox download, it allows the option “quaratine”, “remove”, “ignore”. When I choose “Remove”, Firefox locks up – I guess persistently trying to download something that CIS is persistently trying to delete.
Seems like such a common situation for an AV removal function should lock up another app like Firefox.
It must a false positive considering that it is digital signed.
[attachment deleted by admin]
We are looking into this issue. If its a FP, it will be fixed in the next update. But it does look like you might have missed a digit in the "TrojWare.Win32.TrojanDownloader.Dadobra.~BI[ at ]123027 " id part.
Thanks for having a look. I’m fairly certain it’s a false positive. I’ve fixed the number above … which reminds me to request a right-click “Copy name to clipboard” or similar function somewhere in the alert dialog or in the AV event viewer. It’s a bit of a hassle to copy that virus id out, which leads to … er … typos.
Otherwise, I’m finding CIS really heads & shoulders above the suite of AV/FW I’ve been cobbling together for the past year or so. Thanks for the great suite.