Backdoor.Win32.Poison

Hi to all.
I’d installed COMODO Internet Security Premium Free in my desktop PC a time ago. I think it’s great and was very surprised of the low memory RAM consumption.
But since a week ago and when trying to open programs, specially portable ones created by me with VMware Thinstall, I get the message that the .exe files are infected with the Backdoor. If I ignore it (no modification of file, no quarantine, no delete it) and I go to the folder containing that file → right click → analyze witn COMODO, it doesn’t detect anything.
For checking all my PC I’d analized it with other tools (Dr WEB Cure It, AVZ Virus Tool, Malaware Malabytes) and everything is OK. No viruses detected. I’d read in other forums how to remove Backdoor, but can’t find something really usefull.
I don’t really know if these are false alerts, but when ignoring detections and running some programs, they don’t work fine. Some parts of program works and other not. And sometimes they close while running or directly crashes my PC.
All your help will be very appreciated.
I’m going to format and reinstall my PC, but I’m afraid the problem appears again. First want to be sure that files are not infected, specially in my hard disk partition where I keep all my documents and files. And don’t want to backup files to my portable harddisk until I’m sure they are not infected.

NOTE: Sorry for my english, Hope you understand it.

Best Regards
Gustavo Meeuwes

try submitting the files to www.virustotal.com and see how many engine detect your files, if it’s only comodo then they are a FP. Then you can submit them here Comodo Antivirus Database | Submit Files for Malware Analysis

Hi Languy. Thanks for your reply.
I checked files in virustotal.com and other av engines also detects virus. If you want I can enclose report file
But why files are not recognized as infected when I right click on them → analize with COMODO. Also a complete scan of my PC doen’t detect virus. Some files instead of ignoring them when alert windows appears I choose add to my safety files. Could these be the problem? How can I “unlock” them again so COMODO detects them?
What AV engine do you recommend to run an online scan or is not usefull?
Best Regards
Gustavo Meeuwes

Can you please provide me a link to VT showing the results.

It must be becasue you added them to AV exclusions. Go to AV tab at the top, av settings, exclusion tab.

I always like to use something like hitman pro to scan with, just don’t activate it, because you will only get it free for 30 days. I use it for a system checker.

Hi gustavomeeuwes,

If you can find the FP or Suspicious file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.

Thanks and Regards,
LiuFuxin

Here is the link:
http://www.virustotal.com/file-scan/report.html?id=e09c0b42c92d458df848c353acde2b99e02de4e4ac0457bb5ad403448cc95397-1281482894#

I also attached file with virustotal print report in .pdf

I will try hittman pro and later tell you.

Thanks for your support.
Best regards
Gustavo Meeuwes

[attachment deleted by admin]

Hi again.
I ran Hitman Pro 3.5 and nothing was detected.
I don’t know what to do, since making a backup can’t be safe.

Best Regards
Gustavo Meeuwes

put the file in a zip folder and submit them to comodo as a FP and you will get a response back form them.

Hi gustavomeeuwes,

I have recve ur file.
I try ur method again.If u onlyclick Ignore → once,then u go to the folder containing that file → right click → scan witn COMODO,it can detect malware.
You can update to AV database Version <5708> of Comodo Internet Security Version<4.1.150349.920> and confirm it.

Thanks,
Liufuxin