Clean or Not?

helpmeplease1 · January 20, 2010, 11:33pm

this program called madmacs.exe available here:
edit (edit i’ve take out the url in case it is against the rules)

this software works as a mac spoofer and when scanned i get:
Packed.Win32.Klone.~KC[at]93479017

the author of this software seems straight forward and insists this is a false positive.

the question is… is it? ???

i appreciate your wonderful products and for taking your time to help me

thank you

helpmeplease1 · January 20, 2010, 11:42pm

here is a copy of the infected file:

http://rapidshare.com/files/338506565/MadMACs.exe.html

AyeAyeCaptain · January 20, 2010, 11:54pm

I think there is a rule, which is live links to malware/trojans/virus etc, is a big No-No regardless, but I could be wrong.

Bad_Frogger · January 20, 2010, 11:58pm

It looks like a heuristic FP, going off on the packer.

Try and scan the file with heuristics on the default Low setting.
It scanned clean for me.

They will pick up the sample and fix the FP anyways.
Should you worry about this one? No.

I downed from the site, latest ver.

For future reference AyeAyeCaptain is correct about not posting direct links to suspect malware.
See this post on what to do.
https://forums.comodo.com/false-positivenegative-reporting-is-this-a-malware-that-cis-hasnot-detected/how-to-report-false-positives-please-read-this-before-submitting-t44473.0.html

system · January 21, 2010, 1:49am

Hi helpmeplease1,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
hailong.■■■■

haja · January 21, 2010, 6:44am

Hi helpmeplease1,

This FP has been fixed in DB 3654 of CIS 3.13.126709.581. Please update and confirm.

Regards,
Haja

b4d_b0y · January 28, 2010, 1:48am

I still got the same alert… Packed.Win32.Klone.~KC[at]93479017 is a virus

can you pls clarify this?

system · January 28, 2010, 2:22am

Hi b4d^_^b0y,

If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.

Thanks and Regards,
hailong.■■■■

b4d_b0y · January 28, 2010, 2:56am

done… i’ve also uploaded another files. Can you please verify both files for me.

thank you.

system · January 28, 2010, 3:30am

Hi

This one:
Malware Name: Packed.Win32.Klone.
7f3c35d85c96ff903844feaf1aed010a34119c40 4 webinterface <Emaill addy removed - Baskar> winvnc_SCII_RC23(2).exe
is detected as “application” by CIS 3.13.126709.581 DB 3732.The reported file is termed as a potentially unsafe application. If you really want to continue use this file, You can add the file to the exclusion list.

The other one:
Malware Name: Packed.Win32.Klone.~KC[at]93479017
f036b675f75a1dd08d529f4285e126d76eccfbe1 4 webinterface <Emaill addy removed - Baskar> Compiler.exe
is not detected by CIS 3.13.126709.581 DB 3732.

Thanks and Regards,
hailong.■■■■