COMODO Internet Security BETA 3.8.61948.459 AV False Positives [CLOSED]

Please post only COMODO Internet Security 3.8.61948.459 BETA false positives reports here.

Please include the following information;

1) Application name and download URL (if known)
2) Currently selected heuristic level
3) Reported infection
4) Details of a CIMA/Virustotal link for comparison (if submitted)
5) Database Version (Example, DB: 5) - Make sure it’s updated and the latest. This BETA does not use the released virus database only FP’s get fixed in this beta DB updates.

False positives for the current release version of CIS (V3.5.5X) should be reported at

https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/

Cheers,
Josh

  1. Avira Premium Antivirus - Download Avira Antivirus Pro for Windows & Mac
  2. High
  3. C:\Documents and Settings\Josh\Local Settings\Temp\jTdenPxL.exe.part Heur.PEBomb
    C:\Documents and Settings\Josh\Desktop\antivir_workstation_winu_en_hp.exe.part Heur.PEBomb
  4. n/a
  5. DB: 5

Cheers,
Josh

  1. Application name and download URL (if known) - mIRC.exe - http://www.mirc.com
  2. Currently selected heuristic level - Off
  3. Reported infection - UnclassifiedMalware at 4240878
  4. Details of a CIMA/Virustotal link for comparison (if submitted) - See Below
  5. Database Version (Example, DB: 5) - Make sure it’s updated and the latest. This BETA does not use the released virus database only FP’s get fixed in this beta DB updates. - DB 7

CIMA:

• File Info
Name Value
Size 1017856
MD5 6b619ba3350ee80089602a5061408400
SHA1 1f17c43cbdac37eb6ce68cad7e87293268cbdae7
SHA256 ff569adba39695801064cc1350c07999f6ac04f1720bb131e2c8da4ef8512084
Process Exited
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
• Modules Loaded
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

VirusTotal: Results Link

  1. Universal Extractor 1.6 (IsXunpack.exe) - http://legroom.net/scripts/download.php?file=uniextract16
  2. Low
  3. Heur.Pck.AHTeam
  4. /
  5. DB 5
  1. Y.A.S.U. 1.5.8111 - Disc Tools. Download imaging software from DAEMON Tools
  2. Medium Heuristic Setting
  3. Heur.Packed.Unknown
  4. http://www.virustotal.com/analisis/20e9e875ce9da45ae5037598803be016
  5. DB Version 5

Still Here Level Low DB 5

https://forums.comodo.com/beta_corner_cis/comodo_internet_security_beta_3861948459_av_false_positives_reports_closed-t33536.0.html;msg244088#msg244088

FP
Windows Vista, SP1, Enterprise, x32

c:\windows\security\database\tmp.edb - Medium - High - Heur.PEBomb - DB7.

If you need the source file please PM me for it.

Packer unknown
Windows Vista, SP1, Enterprise, x32

c:\program files\radmin viewer3\WinLpcDl.dll - Medium - High - Heur.Packed.Unknown - DB7.

source download:
http://www.radmin.com/products/radmin/rviewer.php

Heur Suspicious
Windows Vista, SP1, Enterpsie, x32

c:\program files\spybot - search & destroy\GWFULHYW.scr
c:\program files\spybot - search & destroy\HWUVYYTFVG.src
c:\program files\spybot - search & destroy\LFLYOM.src
c:\program files\spybot - search & destroy\SDUpdate.exe
c:\program files\spybot - search & destroy\SpybotSD.exe
c:\program files\spybot - search & destroy\TeaTimer.exe
c:\program files\spybot - search & destroy\XINIIFM.scr

All - High - Heur.Suspicious - DB7

source download:

Packer unknown - UPX 0.80 - 1.24 DLL → Markus & Laszlo
Windows Vista, SP1, Enterprise, x32

c:\program files\irfanview\plugins\awd.dll - Medium - High - Heur.Packed.Unknown - DB7

source download:
http://irfanview.tuwien.ac.at/plugins/irfanview_plugins_422_setup.exe

FP
Windows Vista, SP1, Enterprise, x32

c:\program files\ida free\vcl60.bpl
c:\program files\ida free\vclx60.bpl

All - Low - Medium - High - Heur.pck.MEW - DB7

source download:

Packer Unknown - Borland Delphi 6.0 - 7.0
Windows Vista, SP1, Enterprise, x32

c:\program files\feedemon\fduninstall.exe - Medium - High - Heur.Packed.Unknown - DB7

source version 2.8.0.9 RC2:

Well a4apanel.exe from ASIO4ALL.
DB version: 7 found with Heuristic on high or medium.

Found clean on virustotal.
http://www.virustotal.com/sv/analisis/fe71e843ea0e4607638ffe6e95f6e594

file attached.

(hopefully)

[attachment deleted by admin]

Packer Unknown - PECompact 2.x → Jeremy Collake
Windows Vista, SP1, Enterprise, x32

c:\data\tools\rootkitunhooker\rku36949494.exe - Medium - High - Heur.Packed.Unknown - DB7

source:
http://forum.sysinternals.com/uploads/20071210_182632_rku37300509.rar

Packer Unknown - UPX 0.80 - 1.24 DLL → Markus & Laszlo
Windows Vista, SP1, Enterprise, x32

c:\data\tools\peid\plugins\zdrx.dll
c:\data\tools\peid\plugins\imprec.dll

All - Medium - High - Heur.Packed.Unknown - DB7

source:
http://peid.has.it/

Packer Unknown - UPX 0.80 - 1.24 DLL → Markus & Laszlo
Windows Vista, SP1, Enterprise, x32

c:\data\tools\aida32\aidaplugin_monitordiag.dll
c:\data\tools\aida32\aida_directx.dll
c:\data\tools\aida32\aida_icons.dll
c:\data\tools\aida32\aida_xpicons.dll

All - Medium - High - Heur.Packed.Unknown - DB7

source:

Unclassified malware
Windows Vista, SP1, Enterprise, x32

thoosje-vista-tweaker2.0.exe - Low - Medium - High - Unclassified Malware[at]4221588 - DB7

source:
http://www.thoosje.com/Windows-Vista-Tweaker.html

Unclassified malware
Windows Vista, SP1, Enterprise, x32

specialfoldersview.exe - Low - Medium - High - Unclassified.Malware@4241020 - DB7

source:

Unclassified malware
Windows Vista, SP1, Enterprise, x32

mailpv.exe - low - medium - high - unclassified.malware@4240968 - DB7

source:

Unclassified malware
Windows Vista, SP1, Enterprise, x32

netpass.exe - low - medium - high - unclassified.malware@4229334 - DB7

source: