JoWa
January 16, 2009, 8:24am
1
Please post only COMODO Internet Security 3.5.61373.458 BETA false positives reports here.
Please include the following information;
Application name and download URL (if known)
Currently selected heuristic level
Reported infection
Details of a CIMA link for comparison (if submitted)
False positives for the current release version of CIS (V3.5.5X) shold be reported at
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/
Regards,
Ewen (panic) & Josh (3xist)
COMODO Internet Security 3.5.61373.458 BETA, Database Version: 301, Heuristics: Medium
COMODO Internet Security Logs
Table : Antivirus Logs
Date Created : 2009-01-16 09:12:07
Log Scope : Today
Records count : 4
Date/Time Action Location Malware Name Status
2009-01-16 08:43:28 Detect C:\Program\Delade filer\Adobe\Plug-Ins\CS4\File Formats\Camera Raw.8bi Heur.Pck.Armadillo Success
2009-01-16 08:43:49 Detect C:\Program\Diino\bass.dll Heur.Packed.Unknown Success
2009-01-16 08:48:16 Ignore C:\Program\Delade filer\Adobe\Plug-Ins\CS4\File Formats\Camera Raw.8bi Heur.Pck.Armadillo Success
2009-01-16 08:48:17 Ignore C:\Program\Diino\bass.dll Heur.Packed.Unknown Success
End of The Report
Adobe Camera RAW: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4220
Diino: http://download.diino.com/4.2/Diino_4.2_Setup.exe
JoWa
January 16, 2009, 10:35am
2
COMODO Internet Security 3.5.61373.458 BETA, Database Version: 301, Heuristics: Medium
Heur.PEBomb[ at ]0 in WindowsXP-KB951748-x86-SVE.exe and WindowsXP-KB958687-x86-SVE.exe, both downloaded from Microsoft Download Center.
Kyle142
January 16, 2009, 12:40pm
3
Auslogics disk defrag,
HEUR - HIGH.
DB - 301
Heur.Pck.MEW
panic
January 16, 2009, 12:41pm
4
Application name and download URL (if known)
Ability Mail/LDAP Server - www.code-crafters.com
Currently selected heuristic level
Medium - Real time scanning
Reported infection
Application.Win32.FraudTool.MacroVirus.~A@2937430
Details of a CIMA link for comparison (if submitted)
http://camas.comodo.com/cgi-bin/submit?file=5dfc8acd43f4b1154f194a9da6b47057fabab20992d8c15de627c0ddd7f2dee1
system
January 16, 2009, 12:46pm
5
Application name and download URL (if known)
Unlocker Download Unlocker 1.9.2 for Windows - Filehippo.com
Currently selected heuristic level
High - Real Time Scanning, Manual Scanning.
Reported Infection
Heur.Packed.Unknown[ at ]0 (Detects eBayShortcuts.exe when installing)
Details of a CIMA link for comparison (if submitted)
n/a
Cheers,
Josh
panic
January 16, 2009, 1:01pm
6
Application name and download URL
Riva FLV Player - www.rivavx.com
Currently selected heuristic level
Medium - Real time scanning
Reported infection
Heur.Pck.Armadillo[ at ]0
Details of a CIMA and VirusTotal link for comparison
CIMA
http://camas.comodo.com/cgi-bin/submit?file=eea06e3700924c6332c00a3087a2d9c0a06871d9a4b6eff4c721c2e682526342
Rated as suspicious
VIRUSTOTAL
http://www.virustotal.com/analisis/b1707285fb978da68e3f1a9151538c9c
1/37 (SecureWeb-Gateway) rated as suspicious
panic
January 16, 2009, 1:07pm
8
Application name and download URL
DVDFab V5 - www.dvdfab.com
Currently selected heuristic level
Medium - Real time scanning
Reported infection
Heur.Pck.ASProtect[ at ]0
Details of a CIMA and VirusTotal link for comparison
CIMA
http://camas.comodo.com/cgi-bin/submit?file=25f1b7c24d9bc49f079318807455f238035201232b75bb91dfed62b5bb57916e
Not rated as suspicious
VIRUSTOTAL
http://www.virustotal.com/analisis/f20cd218a4340c9aacca34e9e6cfbea0
2/37 (VBA32 and Sunbelt) rated as suspicious
Comodo Easy VPN- crdp.dll
HEUR - HIGH
DB - 301
Heur.Pck.Armadilo[ at ]0
Nice work comodo, Hehe
EDIT: I’ll have to point out some things because another member told me they don’t get the same result. The on demand scan did not ppick this up, when a member on VPN messaged me a realtime pop-up appeared.
panic
January 16, 2009, 1:38pm
10
Application name and download URL
MV PC Info - http://www.mvpcinfo.com/
Currently selected heuristic level
Medium - Real time scanning
Reported infection
Heur.PEBomb
Details of a CIMA and VirusTotal link for comparison
CIMA
http://camas.comodo.com/cgi-bin/submit?file=c3fd86cb7fd7dc6c7b958e464feea6411e01d022e99d69f984d83ac23a534bf8
Rated as suspicious
VIRUSTOTAL
http://www.virustotal.com/analisis/f61f17ccf5796fb14a78fbbf29d01d2b
2/36 (SecureWeb-Gateway and CAT QuickHeal) rated as suspicious
Herustics On medium
Detects lots of A Squared Free as Viruses (E.G when installing it, when you start a scan)
Heru.Packed.Unknown[ at ]0
*when Herustics is on low nothing is detected
[attachment deleted by admin]
Application name and download URL (if known)
Tuneup utilities 2009; AVG TuneUp | Clean & Speed Up Your PC | Free Download
Currently selected heuristic level
Medium - Real time scanning
Reported infection
heur.pck.mew
Details of a CIMA link for comparison (if submitted)
n/a
user4
January 16, 2009, 5:38pm
13
Orbit Downloader
OrbitDownloaderSetup.exe
It is reported to be some sort of fraud tool.
Just select any of the download links.
Iobit Advanced System Care:
Download the free computer cleaner optimizer tool to speed up Windows 11/10. One-Stop fix a slow PC, optimize for gaming, clear up memory, space, ram on PC and improve your PC performance now.
Heuristics set low
Several FPs all called Heur.Pck.MEW@0
One example submitted:
http://camas.comodo.com/cgi-bin/submit?file=f6557901f614619580cf592c395484f20e758333e90d6e01faec4e7ff37450d5
Application name and download URL (if known): The hard drive locations where the infection was reported are listed below and the links to pages that contain the download links are listed below.
ScanSoft OmniPage16 - C:\Windows\Installer$PatchCache$\Managed.…\16.0.0\omnipage16.exe
http://www.nuance.com/omnipage/professional/
ScanSoft PDF Create 4 - C:\Program Files\ScanSoft\PDF Create 4\pdfcreate4hook.exe
ScanSoft PaperPort Professional 11 - C:\Program Files\ScanSoft\PaperPort\PPMV.exe
http://www.nuance.com/paperport/
ScanSoft OmniPage 16 - C:\Windows\Installer$PatchCache$\Managed.…\16.0.0\ppmv.exe
Registry FirstAid version 7.0 - C:\Users.…\Downloads\Registry FirstAid\Version 7.0\rfasetup.exe
Registry First Aid - Award Winning Windows Registry Repair
SpywareBlaster - C:\Program Files\SpywareBlaster\sbautoupdate.exe
SpywareBlaster® | Prevent spyware and malware. Free download.
Currently selected heuristic level: Medium for all 3 scanner settings
Reported infection:
Heur.Pck.Armadillo[ at ]0
Heur.Pck.Armadillo[ at ]0
Heur.Pck.Armadillo[ at ]0
Heur.Pck.Armadillo[ at ]0
Application.Win32.FraudTool.MacroVirus.˜A[ at ]2937430
Heur.Pck.Armadillo[ at ]0
Details of a CIMA link for comparison (if submitted): NA
When I had CIS version 3.5.57173.439 installed, a virus scan never detected any of these six executables as viruses. They are all related to valid programs that I have installed, so I am sure they are FPs. I can still run each of these programs, even though I have left these six items quarantined in CIS.
darcjrt
January 16, 2009, 8:29pm
17
c:\windows\system32\tpvmmon.dll
HEUR.PCK.ARMADILLO
http://www.virustotal.com/analisis/dd025cd2f0c172f3439277add058718d
Heuristics set to HIGH
DB Def says 933
Unknown vendor. I Cant move or copy the file!!! I will try in Safe mode and post it!
system
January 16, 2009, 8:48pm
18
4 false positives, 3 by Heuristics even though set to Low.
[attachment deleted by admin]
system
January 16, 2009, 10:16pm
19
Hi Guys, 1st scan with CIS Beta, several FPs, but livable will upload a few questionables to CIMA but for now here’s the tally…
XP Home SP3 32 bit CIS BETA .458 Heuristics set to Medium throughout Antivirus settings, Proactive configuration. BTW initial CIS Beta scan setup = 180,000+ files 55 minutes 1 detection (although I had a slight problem restarting Orca Browser RC2) due to a Heur.pck.as.protect[ at ]0 on setup scan which I’ve fixed since then.
Xman :■■■■
(:KWL)
[attachment deleted by admin]
offchu
January 16, 2009, 10:17pm
20
Application name and download URL
TeraCopy - Products - Code Sector
File
TeraCopy.exe
Currently selected heuristic level
Low
Reported infection
Heur.Pck.Obsidium
Application name and download URL
Hardware sensors monitor - http://www.hmonitor.net/
File
hmonitor.exe
Currently selected heuristic level
Low
Reported infection
Heur.Pck.NsPack