Clean or Not?

this program called madmacs.exe available here:
edit (edit i’ve take out the url in case it is against the rules)

this software works as a mac spoofer and when scanned i get:

the author of this software seems straight forward and insists this is a false positive.

the question is… is it? ???

i appreciate your wonderful products and for taking your time to help me

thank you

here is a copy of the infected file:

I think there is a rule, which is live links to malware/trojans/virus etc, is a big No-No regardless, but I could be wrong.

It looks like a heuristic FP, going off on the packer.

Try and scan the file with heuristics on the default Low setting.
It scanned clean for me.

They will pick up the sample and fix the FP anyways.
Should you worry about this one? No.

I downed from the site, latest ver.

For future reference AyeAyeCaptain is correct about not posting direct links to suspect malware.
See this post on what to do.

Hi helpmeplease1,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,

Hi helpmeplease1,

This FP has been fixed in DB 3654 of CIS 3.13.126709.581. Please update and confirm.


I still got the same alert… Packed.Win32.Klone.~KC[at]93479017 is a virus

can you pls clarify this?

Hi b4d^_^b0y,

If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.

Thanks and Regards,

done… i’ve also uploaded another files. Can you please verify both files for me.

thank you.


This one:
Malware Name: Packed.Win32.Klone.
7f3c35d85c96ff903844feaf1aed010a34119c40 4 webinterface <Emaill addy removed - Baskar> winvnc_SCII_RC23(2).exe
is detected as “application” by CIS 3.13.126709.581 DB 3732.The reported file is termed as a potentially unsafe application. If you really want to continue use this file, You can add the file to the exclusion list.

The other one:
Malware Name: Packed.Win32.Klone.~KC[at]93479017
f036b675f75a1dd08d529f4285e126d76eccfbe1 4 webinterface <Emaill addy removed - Baskar> Compiler.exe
is not detected by CIS 3.13.126709.581 DB 3732.

Thanks and Regards,