backdoor.win32.ircbot quarantine failed

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Hi. I am running Windows 7 RC, with Comodo Internet Security. Today it detected ‘Backdoor.WIN32.IRCBot.~OAB@22652972’ in file ‘C:\Windows\System32\wermgr.exe’. I selected the quarantine option, Comodo required a reboot to do it… upon reboot, a message came that the quarantine failed.

I have scanned the file and folder with Comodo, Windows Defender, and submitted the file to jotti.org for online scanning - all scans show it is clean. Yet… the quarantine failed… I am not sure if I am infected or now, and what to do next?

Thanks for any help!

-Confused

2

Welcome. :slight_smile:

This looks like a false positive. ‘wermgr.exe’ located in ‘system32’ is part of Windows Problem Reporting.

Let the analysists look into this. :wink:

3

Hi, erikman

Please follow the steps described in the following link so we can check the file:

https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/webinterface_for_malware_and_falsepositive_submissions-t41462.0.html

Thanks,
Ionel

4

OK - Done.
Thanks!