COMODO Internet Security BETA 3.8.61948.459 AV False Positives Reports [CLOSED]

Please post only COMODO Internet Security 3.8.61948.459 BETA false positives reports here.

Please include the following information;

Application name and download URL (if known)
Currently selected heuristic level
Reported infection
Details of a CIMA link for comparison (if submitted)

False positives for the current release version of CIS (V3.5.5X) should be reported at

https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/

Cheers,
Josh

I got 62 FPs while manual scanning the C:\Program Files\TuneUp Utilities directory. In the C:\Windows\System directory vcl35.bpl and vclx35.bpl respectively (I believe these files are related to Asus Probe).

  1. TuneUp Utilities URL: http://www.tune-up.com
  2. Asus Probe URL: http://www.softpedia.com/reviews/windows/ASUS-PC-Probe-Review-27293.shtml
  3. Heuristics Level set to Low.
  4. Reported Infection Heur.Pck.MEW on all .bpl files.

WinRAR - http://www.rarlab.com/

Heuristics -High

Detects as:

C:\Documents and Settings\Josh\Local Settings\Temp\q6SMgJcf.exe.part Heur.PEBomb
C:\Documents and Settings\Josh\Desktop\wrar380.exe.part Heur.PEBomb

Cheers,
Josh

IZARC http://www.izarc.org/
CIS Beta .459 DB:2
See attached scan results for the only FP detected, heuristics set to medium throughout
Cheers :■■■■
Xman 8)

[attachment deleted by admin]

Edit: Manual Scan HIGH Heur
Edit Edit: Scanned with DB version 2

Unknown Packers:
Rootkit Unhooker
http://forum.sysinternals.com/uploads/20071210_182632_rku37300509.rar

Aida32 (official version no longer available)
Available on Oldversion.com
Old versions of Windows, Mac and Linux Software, Apps & Abandonware Games - Download at OldVersion.com

PEID

Feeddemon Uninstall 2.8.0.9 RC2

IDA Pro Free 4.9

IrfanView Plugins 4.22 (awd.dll)
http://www.irfanview.com/main_start_engl.htm

Remote Admin Viewer 3.x (winlpcdl.dll)
http://www.radmin.com/products/radmin/rviewer.php

False Positives:
Spybot Search & Destroy - Heur.Suspicious (advcheck.dll, sdupdate.exe)

TeraCopy 2.0.b4a
http://www.codesector.com/download.php Heur.Pck.Obsidium

Windows Vista SP1, Enterprise x32
c:\windows\security\database\tmp.edb - Heur.PEBomb

TuneUp Utilities 2009 fp’s are resolved for me (database 2), also with Heuristics level set to High.

Hi Guys,
Please make sure base version is 2 before reporting FPs.

As FPs have been fixed in update version 2.

Thanks
-umesh

Can confirm this one with version 2. I had heuristics set to medium.

Heuristics level: High
CIS DB: 2

jDownloader - http://jdownloader.org/
FeedDemon - http://www.newsgator.com/Individuals/FeedDemon/Default.aspx
K-Lite Codec Pack - Download K-Lite Codec Pack
Bit Che - http://www.convivea.com/product.php?id=2

Heur.Packed.Unknown H:\Program Files (x86)\FeedDemon\FDUninstall.exe
Heur.Packed.Unknown H:\Program Files (x86)\jdownloader\jdownloader\tools\windows\p.exe
Heur.Packed.Unknown H:\Program Files (x86)\K-Lite Codec Pack\Filters\bass_tta.dll
Heur.Packed.Unknown H:\Program Files (x86)\K-Lite Codec Pack\Filters\MonkeySource.ax
Heur.Packed.Unknown H:\Users\USER\AppData\Roaming\Convivea\Bit_Che\scripts\special.exe
Heur.Packed.Unknown H:\Users\USER\AppData\Roaming\Convivea\Bit_Che\scripts\x.dll

V7chy

[attachment deleted by admin]

Heuristics level: High
CIS DB: 2

CryptLoad - http://cryptload.info/download/

Heur.Packed.Unknown H:\CryptLoad_1.1.6\CryptLoad_1.1.6\plugins\crypt.dll
ApplicUnsaf.Win32.RemoteAdmin.NetCat[ at ]122335 H:\CryptLoad_1.1.6\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe

V7chy

[attachment deleted by admin]

CIS beta .459
Heuristic level: Low
Glary Utilities: http://www.glaryutilities.com/
Report:

Heur.Pck.MEW C:\Programmi\Glary Utilities\cxLibraryVCLD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\dxBarD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\dxGDIPlusD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\dxNavBarD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\dxThemeD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\GUTrayIconD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\GUControlD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\pngD7.bpl
Heur.Pck.MEW C:\Programmi\Glary Utilities\VirtualTreesD7.bpl

Well, isn’t that a strange one? I have DB 2 and I still get 56 FPs scanning the TuneUp Utilities directory with Heuristics set on Low. I did try it on High and got the same 56 flags, only with slightly different virus descriptions! ???

[attachment deleted by admin]

Weird, do you use the latest version of TuneUp and applied no ummmm “medicine” on it?

[attachment deleted by admin]

I’m using v8.0.1100 downloaded directly from their site with no patches or cracks. Weird, huh?

Using TuneUp Utilities 2009 v8.0.2000.35 here, it’s the latest version released last December.

Heuristics level: High
CIS DB: 2

iPhoneRingToneMaker - http://www.efksoft.com/products/iphoneringtonemaker/index.htm

Heur.Packed.Unknown H:\Program Files (x86)\iPhoneRingToneMaker\bassmix.dll
Heur.Packed.Unknown H:\Program Files (x86)\iPhoneRingToneMaker\bass.dll
Heur.Packed.Unknown H:\Program Files (x86)\iPhoneRingToneMaker\bass_aac.dll
Heur.Packed.Unknown H:\Program Files (x86)\iPhoneRingToneMaker\semutil.exe
Heur.Packed.Unknown H:\Program Files (x86)\iPhoneRingToneMaker\semutilun.exe

V7chy

[attachment deleted by admin]

Bingo! That was it! I updated to v8.0.2000.35 and everything passes with heuristics set on High! Thanks!
:■■■■

Heuristics level: High
CIS DB: 2

Heur.Pck.MEW

Auslogics Registry Defrag: http://www.auslogics.com/en/software/registry-defrag

C:\Program Files\Auslogics\AusLogics Registry Defrag\axforms10.bpl

[attachment deleted by admin]

Heuristics level: Off
CIS DB: 2

Application.Win32.FraudTool.MacroVirus.~A@2937430

Wise Registry Cleaner installer: http://www.wisecleaner.com/index.html

C:\Documents and Settings\Ronnie\My Documents\Downloads\WRC3Setup.exe

[attachment deleted by admin]

Remember to post the latest CIS DB version too for this beta (Currently DB 2).

Cheers,
Josh