EXE classified as malware/virus but NOT

We have a problem regarding a specific EXE file which is being detected as Malware, and is not. Thing is that when I try to execute the program from our client computers, that have comodo CIS installed, I receive a message from CIS that the file is waiting for Administration Approval. In the CESM manager, I get the message from the client computer, but I cannot make any action. It only reports as detected, the file is blocked from execution, and cannot do anything else. How can I inclued this as a safe file? Or can I run it? Comodo as already blocked the file and I can’t run the program!! HELP!

Hello bsgg,

Please submit the file here so we can check it. Thank you!

Best regards,

Hi, thanks for the prompt reply. I’ve already sent the file, it’s called GFW.EXE.

Since we are a lawyers office and this is the invoice program, we need it urgently…

Thank you in advanced…

Hello bsgg,

We check the file you have sent and found it to be infected. We recommend you to remove the file using Comodo Internet Security .

Best regards,

hello FlorinG,

That is impossilble because i’ve sent you the file directly from our IT supplier, this is a Billing software that works in MS-Dos (very old) and we need it urgently! It is not a virus! Since it works yet with MS-DOS subsystem it must have some kind of code that is similiar to a virus.

I can send you the whole program if you want. Please help me with this matter, I’ve just purchased a 14 PC licence for our office and cannot install because of this.

scan these files on www.virustotal.com

and give us report.


hello again,

I’ve sent a new copy for of the file from our IT supplier and submitted to www.virustotal.com as well as the link t submit files to comodo.

Results are:

Antivirus Version Last Update Result
AhnLab-V3 2010.10.12.02 2010.10.12 -
AntiVir 2010.10.12 -
Antiy-AVL 2010.10.12 -
Authentium 2010.10.12 -
Avast 4.8.1351.0 2010.10.12 -
Avast5 5.0.594.0 2010.10.12 -
AVG 2010.10.12 -
BitDefender 7.2 2010.10.12 -
CAT-QuickHeal 11.00 2010.10.12 -
ClamAV 2010.10.12 -
Comodo 6366 2010.10.12 TrojWare.Win32.Spy.Banker.Gen
DrWeb 2010.10.12 -
eSafe 2010.10.12 -
eTrust-Vet 36.1.7907 2010.10.12 -
F-Prot 2010.10.11 -
F-Secure 9.0.15370.0 2010.10.12 -
Fortinet 2010.10.12 -
GData 21 2010.10.12 -
Ikarus T3. 2010.10.12 -
Jiangmin 13.0.900 2010.10.12 -
K7AntiVirus 9.65.2733 2010.10.12 -
McAfee 5.400.0.1158 2010.10.12 -
McAfee-GW-Edition 2010.1C 2010.10.12 -
Microsoft 1.6201 2010.10.12 -
NOD32 5525 2010.10.12 -
Norman 6.06.07 2010.10.12 -
nProtect 2010-10-12.01 2010.10.12 -
Panda 2010.10.12 -
PCTools 2010.10.12 -
Prevx 3.0 2010.10.12 -
Rising 2010.10.12 -
Sophos 4.58.0 2010.10.12 -
Sunbelt 7044 2010.10.12 -
SUPERAntiSpyware 2010.10.12 -
Symantec 20101.2.0.161 2010.10.12 -
TheHacker 2010.10.12 -
TrendMicro 2010.10.12 -
TrendMicro-HouseCall 2010.10.12 -
VBA32 2010.10.12 -
ViRobot 2010.9.25.4060 2010.10.12 -
VirusBuster 2010.10.12 -

But i’ve scanned the previous file and it was detected virus in almost all scanners. This last file doesn’t.


Hi bsgg ,

This FP has been fixed.Please check in virus signature database 6372.

Thanks and Regards,

Thanks guys for the prompt support!

hi guys…

again i have problems with this file… i’ve received an e-mail that the file as been included in 6372 database, but had new infection (there was a copy of the file in the server) and now the clean file (I’ve submited again to comodo) isn’t running, depite the fact that it is cleaned since i checked it at virustotal.com.

can you help me with this please? it’s rather strange since the file is the same that I submited 3 days ago same MD5 and HASH

Hello bsgg,

Thank you for your submission. We’ll check this and if found to be a False Positive a fix will be available soon.

Best regards,

Hello bsgg,

This False Positive has been fixed. You can check and confirm with Virus Signature Database version 6390.

Best regards,

is it normal that even thought the programs runs, comodo shows a popup mentioning that there was detected malware?

thanks for the support!

can you show me the pop up, post a screen shot please.