COMODO Internet Security BETA 3.8.61948.459 AV False Positives Reports [CLOSED]

http://www.asio4all.com/

Detected as Heur.Packed.Unknown when unfolded and scanned with HEURISTIC: HIGH… (and scan files up to 40 MB).

Also some of spybot S&D files get mistaken for a bad piece of poop when scanned with HEUR high, see that an other guy noted this before!

Anyway, not too bad. O0 O0

Heuristics level: High
CIS DB: 2

Opera 10 Beta - www.opera.com
CIS heuristics detects opera cache sometimes as virus…

Heur.PEBomb  H:\Users\USERNAME\AppData\Local\Opera\Opera 10 Preview\profile\cache4\opr019OD

V7chy

[attachment deleted by admin]

Level at low. I think these are mostly leftovers from an old WordPefect Office installation

DB 2

LHeur.Packed.Unknown C:\WINDOWS\system32\dclnet35.bpl
Size 47616
MD5 59234ba07e03f2fa07902b152e0d22d7
SHA1 f0fb18f38918cef5f7fc31973d1068270c09a846
SHA256 99f869b042e9f6e383a086e371ef17a702f28fffb2edc20279d76cfcab4af3f8
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious

Heur.Packed.Unknown C:\WINDOWS\system32\ibevnt50.bpl
Size 36864
MD5 9ebf068e0fb64809a8fbc7ba7357d88e
SHA1 830b0da8bd5004a54ed4a93c583b3cdf2cbdc855
SHA256 2d3180a3d09dac4802b771b24ef3be24dc98ca7a7cba3cc583690eabd9912419
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious

Heur.Packed.Unknown C:\WINDOWS\system32\inet50.bpl
Size 65024
MD5 7a7f513e74861762eb6a2d94def33442
SHA1 54d45b3389f4d32b5dd1d5eb1481f1c535561095
SHA256 cda8c5582629a82d1dc3b90d77463a374fa4c22f783332d7f84e7f95c19964e4
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious

Heur.Packed.Unknown C:\WINDOWS\system32\inetdb50.bpl
Size 46592
MD5 ef2f6711bf72e33302857a2e8c2c2c67
SHA1 5366a034dd1973faf961560b3ec3f0be0e632a07
SHA256 fcfd30f86f84d46e694e7cd876b5389a5ca30226f31962a363ac7fab82b33b88
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious

Heur.Pck.MEW C:\WINDOWS\system32\Nmfast35.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\nmfast50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\qrpt50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\tee50.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\teedb50.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\teeqr50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\teeui50.bpl

Heur.Packed.Unknown C:\WINDOWS\system32\Tsr102_r.dpl
Size 18480
MD5 8abe7522db03781f1e0147d89a7e6393
SHA1 f82cd2e257d63d85375c68f2239d41bece7ea7b7
SHA256 cedce3e539e8250e7b961a8a9f9de53f37d03b03e80a6f8e1b141b16d8ed916e
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious

Heur.Pck.MEW C:\WINDOWS\system32\Vcl35.bpl
Heur.Pck.MEW C:\WINDOWS\system32\vclbde50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\vcldb50.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\vcldbx50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\vclib50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\vclie50.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\vcljpg50.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\Vclsmp35.bpl
Heur.Packed.Unknown C:\WINDOWS\system32\vclsmp50.bpl
Heur.Pck.MEW C:\WINDOWS\system32\Vclx35.bpl

Same experience.
It’s detected when the heuristic level set to high or med.
It was not detected when the heuristic level set to low.
Best Regards.

K-Lite Codec Pack\filters\MonkeySource.ax
The heuristic detects it when it was set to High or Medium.
It was not when set to low.
Best REgards.

Avira Premium AV - Download Avira Antivirus Pro for Windows & Mac

C:\Documents and Settings\Josh\Local Settings\Temp\jTdenPxL.exe.part Heur.PEBomb
C:\Documents and Settings\Josh\Desktop\antivir_workstation_winu_en_hp.exe.part Heur.PEBomb

Database: 2

heuristics level low detection : 3 files of spyware doctor with antivirus

Mmm Plus

http://hace-software.com/mmm-plus.shtml

c:\windows\system32\Mmm.dll

Heur.Packed.Unknown

heuristic level set to low

CIMA link: http://camas.comodo.com/cgi-bin/submit?file=df5dcb297a8c383b8efc78879f5360183f39a9d6476f9757a9bd0e3bb9149479

c:windows\system32\MmmTray.exe

Heur.Packed.Unknown

heuristic level set to low

CIMA link:

http://camas.comodo.com/cgi-bin/submit?file=75f12d844fdb600b8888fb3ea6a0a802899cf17a98e7d200b32a4f5c5a735e16

Application: AVS Media Player
Website: http://www.avs4you.com/AVS-Media-Player.aspx (select download)
Heuristics: Low
Alert: See screenshot

:slight_smile:

[attachment deleted by admin]

Level Medium

Heur.Packed.Unknown C:\hp\bin\AddDevicePath.exe
File Info
Name Value
Size 173568
MD5 e7e415d76bf2585efa7fecc6f90dc8c5
SHA1 c3aa824902efee5effea320cb69b68d93cb4db68
SHA256 1d8c03f9c8ada8a150f41e7cb53f3740336deb3b7f8b5573ad05c9a29d66ca4e
Process Exited
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x344 svchost.exe 0x170 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE
• Modules Loaded
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

Heur.Packed.Unknown C:\hp\bin\OSType.exe
File Info
Name Value
Size 155136
MD5 cf8fbd4eebf6e06e8de59bf5867d1fdc
SHA1 eed99c66c542beaa464bc2f822812a99840d1bce
SHA256 056b57e3fb60a6186fe285dc14f54cf333492c6ec3a1d1fd24f057cfe90e81e7
Process Exited
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
• Modules Loaded
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

Heur.Packed.Unknown C:\hp\bin\PwrMgt.exe
• File Info
Name Value
Size 153600
MD5 f286c74f0f183d8b5595eb1185be481e
SHA1 78fa5cb7ae9e0f7109f55bb324b4f1d6780106bd
SHA256 095a24e422709778b1127afc77a2f6c8c64b31351b69d4d9b9f976522236ce0b
Process Exited
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
Name Type Size Value
LM\System\CurrentControlSet\Control\Class{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\PnpCapabilities REG_DWORD 4 0x20
• Values Changed
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x348 svchost.exe 0xf8 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE
0x3f4 svchost.exe 0x67c 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE
• Modules Loaded
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

Heur.Packed.Unknown C:\hp\bin\USBPwrMGMT.exe

• File Info
Name Value
Size 153088
MD5 173ad600e7aa6055065780deab0ee330
SHA1 816c62412ecc1099b72480f10dc23601cfe8d001
SHA256 5532c5cac374e24a74959b642805d45575bb853b7706bae1da79f7b0d7a94372
Process Active
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
• Directories Changed
• Directories Deleted
• Files Created
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x4 System 0x36c 0xf8dacb32 MEM_FREE 0x0 MEM_FREE
0x4 System 0x370 0xf8dacb32 MEM_FREE 0x0 MEM_FREE
0x344 svchost.exe 0x170 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE
0x404 svchost.exe 0x374 0x7c810856 MEM_IMAGE 0x7509b647 MEM_IMAGE
• Modules Loaded
PId Process Name Base Size Flags Image Name
0x404 svchost.exe 0x71c80000 0x7000 0x800c4006 C:\WINDOWS\System32\NETRAP.dll
0x404 svchost.exe 0x72080000 0x19000 0x800c4004 C:\WINDOWS\System32\xactsrv.dll
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

Heur.Packed.Unknown C:\Program Files\CDBurnerXP\basswma.dll
• File Info
Name Value
Size 14904
MD5 5cccd784b856e47d2890bbe0d83562a5
SHA1 8dbe380b41c18bca2b0a580544cbaa79e4e0eb6c
SHA256 21ac7d7cc36accf0b831361fabc950982f6cc576bb9fa229ef457f52b4c829a6
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

Heur.Packed.Unknown C:\Program Files\Lavalys\EVEREST Home Edition\everest_directx.dll
• File Info
Name Value
Size 46592
MD5 9c5684f9eb522b705cc26448e6136abf
SHA1 d6f21e23f6b11b8ddb140df3f35bbda788710e5b
SHA256 5ae0868d981b2ee87ac4f82cb31cac29b4a92dba06ffaf52243877be307235e8
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious�

Heur.Packed.Unknown D:\DSJ 2.1\gravity.zip:GravityTrainer.exe
Heur.Packed.Unknown D:\DSJ 2.1\GravityTrainer.exe
Heur.Packed.Unknown D:\DSJ 2.1\dsj_quiz.exe

"

/Heur.Packed.Unknown C:\Program Files\AIMP2\bass.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\aimp_lastfm.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\aimp_library.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\bassmidi.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\bass_alac.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\bass_flac.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\bass_ofr.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\PlugIns\bass_tta.dll
Heur.Packed.Unknown C:\Program Files\AIMP2\System\bass_enc.dll

http://aimp.ru/index.php?do=download-player
False positives
Heuristic level:Medium

detects orbit downloader as virus when heuristic set to high
:comodorocks:http://www.orbitdownloader.com/

Database 3 is out for this BETA, Which fixes FP’s. And soon a new Beta (Or RC) is going to be released in a number of hours from this post. So I will go ahead and close this one, and a mod or myself will make another FP Report thread for the next version.

Cheers,
Josh

Hi Guys.

This Thread is now reopened. Looks like CIS Developers are focused on getting a final version out…

So let’s continue to report FP’s, With your DB version, etc here.

Cheers,
Josh

@ Kingsdave
@ Commandor

Please provide where comodo can find these applications that are reported as FP’s.

Does DB 3 mean RC is on the way?

Files everest_icons.dll and everest_xpicons.dll from Everest Ultimate v4.0 (http://www.lavalys.com)

Heuristics on medium

Heur.Packed.Unknown

All below files in C:\hp and sub directories came on the machine. The HP site is here http://www.hp.com/

Heur.Packed.Unknown C:\Program Files\CDBurnerXP\basswma.dll

C:\Program Files\Lavalys\EVEREST Home Edition\everest_directx.dll
http://www.lavalys.com/

New Thread is now opened guys…

https://forums.comodo.com/beta_corner_cis/comodo_internet_security_beta_3861948459_av_false_positives_reports_v2-t33910.0.html

Still same CIS version, Just a version 2 thread. Pls remember to post your DB version also as FP’s are fixed in those updates.

Cheers,
Josh