You can email them to: bocleansubmissions at comodo.com .
You may want to specify in the subject line "False Positive?" for clarity's sake.
As usual, zip and password protect with "infected" including that information in the body
I remember this file… I think I had a problem with BitDefender or A-Squared detecting it and both were removed… It’s something with Blizzard protection or something… I’ll send it to Comodo right away… And here’s Virustotal results.
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 18.104.22.168 05.20.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 22.214.171.1247 05.20.2007 no virus found
BitDefender 7.2 05.20.2007 no virus found CAT-QuickHeal 9.00 05.18.2007 Adware.CmdLine (Not a Virus)
ClamAV devel-20070416 05.20.2007 no virus found
DrWeb 4.33 05.20.2007 no virus found eSafe 126.96.36.199 05.20.2007 Spyware.CmdLineExt
eTrust-Vet 30.7.3644 05.19.2007 no virus found
Ewido 4.0 05.20.2007 no virus found
FileAdvisor 1 05.20.2007 No threat detected Fortinet 188.8.131.52 05.20.2007 PossibleThreat
F-Prot 184.108.40.206 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.20.2007 no virus found
Ikarus T220.127.116.11 05.20.2007 no virus found
Kaspersky 18.104.22.168 05.20.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.20.2007 no virus found
NOD32v2 2278 05.20.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 22.214.171.124 05.20.2007 no virus found
Prevx1 V2 05.20.2007 no virus found
Sophos 4.17.0 05.20.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.20.2007 no virus found
TheHacker 126.96.36.199 05.18.2007 no virus found
VBA32 3.12.0 05.20.2007 no virus found
VirusBuster 4.3.7:9 05.20.2007 no virus found
Webwasher-Gateway 6.0.1 05.20.2007 no virus found
Boclean gave me this alert but i think its a false positive
I have deleted the file anyway, going to install program again, this is from driver cleaner.
05/21/2007 15:24:40: DLDR-BANLOAD.AW MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\PROGRAMAS\DRIVERCLEANERDOTNET\DRIVERCHECKDOTNET.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
I’m sure someone is working on this problem, but just to add my 2 cents worth…I had 3 FP’s today, the first was the AEC.SYS after a reboot…I opted to delete this one, then I rebooted and up popped DMIO.SYS which I deleted…I rebooted again and another one WANARP.SYS popped up…I did not delete this one. After checking this forum and seeing others having the same issue, I replaced the deleted files from my Service Pack Files, but on the next reboot, DMIO.SYS came up again. I ignored this one also and am waiting for a fix. I did send the WANARP.SYS to VirusTotal, and it was clean, also checked with my Prevx scanner, Avast and my rootkit scanners and nothing found.
It almost seems that if I deleted a file, another was chosen, and I can’t help but wonder how long that would have continued.
Should I do anything more than report this here in the forums?
Looks like we have an update that needs looking into, hang tight I’ve emailed support about it.
Anytime there is a question on a file you can email them to: bocleansubmissions at comodo.com .
You may want to specify in the subject line “False Positive?” for clarity’s sake.
As usual, zip and password protect with “infected” including that information in the body.
05/21/2007 17:57:56: C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
Trojan horse was found in above file
DLDR-GAMES.D MALWARE STOPPED by BOCLEAN!
Logged in user: Owner
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.
This is a false positive. Windows file protection should restore this file on reboot, so you have no need to worry of it being deleted. If BOClean alerts you again click no on the option for this detection.