CIS says most of my documents are viruses

I just did a system scan, and CIS has identified most of my personal documents as unclassified malware. The documents all contain something called “theme1.xml” This has never happened before. These documents are essential to me, and I can’t delete them.

What’s going on, and what should I do?

I tested a few of the suspect files at Of 42 tests, only CIS found “unclassified malware.” It looks like these are all false positives. There were 42 of them, all concerning theme1.xml. This looks like a major CIS glitch. I’ll report the false positives.

Thank you bobov!

What do you have heuristics set at? Anything above low is going to generate a lot of false positives.

I’ve had same problem with finding theme1.xml and other so-called unclassified malware. I remember CIS updating earlier today and I ran a scan (which I don’t do that often, because I have it to scan on access)…left it alone for the afternoon. It was froze up on some cab file in windows/system32/ but had found 36 problems. Most of them had this theme1.xml but some had npie.dll or something from some addon from ff. IDKWTFIGO but…

I think the definition library or heuristics engine was messed up when it updated. I’m not sure because when I started to research these so-called “viruses”, I luckily found this thread so I know where to start looking.

Now I know I have to update/reinstall/get-rid-of CIS. I will post back if I find anything else, because I still need to check to make sure that my Spybot S&D isn’t messing with it too.


Medium, but that’s what I always use and I never had that many unclassified malware reports.

Here’s the list of files I got reported as unclassified malware:

  • every .docx file
  • themedata.thmx
  • theme*.xml (* = any character)

Are those all false positives?

Can you please report some of these as false positives:

and let us know the results. If you already have then what did Comodo say in their email response?