In May when I updated my Comodo firewall and got the Comodo Internet Security with Anti-Virus included, the initial scan just after installing, showed some positive results with no option to quarantine. Unfortunately, I selected the option of deleting two files. Then after the scan was completed, I reconnected to the internet and updated the CIS database. Then re-scanned in the normal CIS operating mode (as opposed to just-installed auto scan), and got more positive results. This time there was option of quarantine, which I did. I searched the Comodo forums and saw same results for six of the positives:
https://forums.comodo.com/empty-t39805.0.html for DivX
These are the 8 files that CIS showed as positive in my scan with the supposed virus and the location:
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXCodecUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXBundleUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXConverterUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXDSFiltersUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXPlayerUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXWebPlayerUninstall.exe
TrojWare.Win32.TrojanDropper.Agent.~AABQA@5148117 C:\Program Files\HPQ\Default Settings\Cpqset.exe
Heur.Suspicious@19625907 C:\Program Files\Oberon Media\Chainz\chainz.exe
In the previous May 20 DivX Comodo forum posting, the end result was these were False Positives, and the new databases would fix that. In that posting, the DB was 1177, with final posting with DB 1219, with no FP’s.
At that time, I did a CIS Quarantine Submission, and have resubmitted several times, including today, with no changes when I update CIS. If these were FPs, then good functionality of CIS would be to remove them from quarantine and restore them automatically. Last month after first getting these results, I submitted all these 8 suspect files to VirusTotal, and only Comodo showed positive.
My CIS has been updated many times since then, currently with DB 1309.
Today I restored all 8 files from quarantine, and retested only those specific folders using CIS. 7 of the files showed same positive results, only “Cpqset.exe” did not show up in CIS scan.
I resubmitted all 8 files to VirusTotal. All the DivX files showed negative results of 0/40 or 0/39, including Comodo.
The “chainz.exe” file had 2 positive results 2/40 (but not by Comodo!):
**CAT-QuickHeal 10.00 2009.06.10 (Suspicious) - DNAScan
**McAfee-GW-Edition 6.7.6 2009.06.10 Virus.Win32.FileInfector.gen!92 (suspicious)
On VirusTotal “Cpqset.exe” showed 1/40 with Comodo giving positive:
Comodo 1309 2009.06.11 TrojWare.Win32.TrojanDropper.Agent.~AABQA
If the DivX were FP’s as in the original forum posting, why are they still showing up positive in my scans?
Suggestion for CIS installation initial scan, provide option of quarantine instead of only delete or ignore.
I know this is a long posting, but I wanted to be detailed to show all the info!