CIS detected Antivir 9 as a HEUR.PEBomb

kronos · March 17, 2009, 6:56pm

I tried to download AntiVir 9 Free from download.com and CIS (Heur on HIGH) detected it as a HEUR.PEBomb.

Here a screenshot:

http://www.postimage.org/aV1SJC4S.jpg

Thanks guys,
Regards

alaertsxan · March 17, 2009, 6:59pm

Is this just me or can’t I access Avira’s websites ?

Xan

kronos · March 17, 2009, 7:03pm

I’ve just tried and I visited them without problem… :-\

alaertsxan · March 17, 2009, 7:07pm

Well, I just noticed that I can’t go on facebook either anymore

EDIT : it’s working again now…

I just wonder why Download.com has exclusive download access to it …

Xan

kronos · March 17, 2009, 7:15pm

maybe Avira servers are busy ??? the new version went out today :-\

Thanks for your works guys, you’re great
:comodorocks:

umesh · March 17, 2009, 7:27pm

I tried to download AntiVir 9 Free from download.com and CIS (Heur on HIGH) detected it as a HEUR.PEBomb.
Here a screenshot:

Thanks guys,
Regard

We are going to have it fixed in next update.

Thanks
-umesh

kronos · March 17, 2009, 7:30pm

:-TU :■■■■

umesh · March 17, 2009, 9:14pm

Hi Guys,
we have downloaded setup from:

MD5: d3307b747c98da0081d15b113362007f
SHA1: 8ebb50e667e8f615c57d0f65c555f9bdefae1ffa

But don’t see it being detected by CIS!

Can you please confirm hash value of setup being detected?

Thanks
-umesh

kronos · March 17, 2009, 9:22pm

Hi

It doesn’t detected it anymore…but I don’t know why :-\

The setup is the same:
CRC32: 6B574BD5
MD5: D3307B747C98DA0081D15B113362007F
SHA-1: 8EBB50E667E8F615C57D0F65C555F9BDEFAE1FFA

Downloaded from the same site (download.com), as you can see in the screen of the 1st post…

Now when I scan the setup or try to download it, CIS doesn’t notify me anymore

umesh · March 17, 2009, 9:34pm

Hi kronos,
There is one remote possibility that last time when you got alert, downloaded setup file was incomplete and somehow heuristic caused that false-alert.

It can not be the same file. Is it possible to confirm that you had download completed before you got alert?

Thanks
-umesh

kronos · March 17, 2009, 10:10pm

As you can see in the screen, I’ve got the alert when I started downloading AntiVir, so the file was not completed…

Your opinion is the most probable (;D): the downloading was not completed and heuristic caused FP…but not on the completed setup…

Thanks

_Xrim.com · March 19, 2009, 5:16am

heur.pebomb is coming from the Download.com site. I didn’t even try to download Antivir 9, just read the review at Download.com and CIS snatched it up.

halfcack · March 24, 2009, 8:29pm

I was downloading Comodo Memory from the Comodo Site, and just before the download was finished CIS flashed a heur time bomb warning, has three PEBomb instances quarantined and is fending off attacks from somewhere.

I checked and I have database 1083

Any help would be appreciated.

Thank you.