CBO against QIP

Hi all
Before I installed CBO QIP 8020 did not cause suspicions. Today I received report CBO:
04/30/2007 14:25:35: D:\PROGRA~1\QIP\PLUGINS\DOCKING.DLL
Trojan horse was found in above file
QIPBAR MALWARE STOPPED by BOCLEAN!
Logged in user: *****
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.
I installed ICQ 5.1. No suspicions! But this coarse program personally to me is suspicious even more, than QIP.
Regards
Teddy

Teddy,

Tnx for the PM:

Hello I would to receive on the only one question – Why Comodo BOClean detected QIP8020 as false positive? The report has send some days ago. Link for QIP 8020 is download3k.com/Install-QIP-2005.html. Check up plz compatibility of programs. Regards Teddy

While it is possible that QIP is a false-positive, it is also possible that there is a reason CBO has identified it as a trojan.
Have you done an internet search to find information about this file (or looked at sites like CastleCops, Wilders, et cetera?
Have you submitted it to any sites like VirusTotal or Jotti, for analysis?
Have you performed any other antivirus or malware scans, with software on your computer or over the internet?

LM

A quick search turns up many sites for downloading the program “QIP8020”.
Where specifically did you get your copy?

I guess it came from download3k.com

Link for QIP 8020 is download3k.com/Install-QIP-2005.html.

Checked it on Virustotal;

Complete scanning result of “qip8020.exe”, received in VirusTotal at 05.10.2007, 02:15:11 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.09.2007 no virus found
AntiVir 7.4.0.15 05.09.2007 no virus found
Authentium 4.93.8 05.08.2007 no virus found
Avast 4.7.997.0 05.09.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 no virus found
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 05.09.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3622 05.09.2007 no virus found
Ewido 4.0 05.09.2007 no virus found
FileAdvisor 1 05.10.2007 no virus found
Fortinet 2.85.0.0 05.09.2007 no virus found
F-Prot 4.3.2.48 05.09.2007 no virus found
F-Secure 6.70.13030.0 05.10.2007 no virus found
Ikarus T3.1.1.7 05.09.2007 no virus found
Kaspersky 4.0.2.24 05.10.2007 no virus found
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.09.2007 no virus found
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 no virus found
Prevx1 V2 05.10.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.09.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 no virus found

Aditional Information
File size: 2001135 bytes
MD5: 71e50af777dbfc4b813003751ce74f36
SHA1: ebc0e0b217c202da82dd50a5b4b634edb380c223
packers: BINARYRES, BINARYRES

BTW there is a handy “Virustotal Uploader”, could save some time if you use Virustotal a lot.

http://www.virustotal.com/images/vtuploader.png

See; http://blog.hispasec.com/virustotal/23