Hi
I had a possible false-positive using BOClean. I proceeded as advised on https://forums.comodo.com/comodo_boclean_antimalware_faq/false_positiveswhere_to_send_resolved-t8630.0.html;msg62481#msg62481, sending an email to malwaresubmit at avlab.comodo.com on 05 Dec, but still haven’t got an answer. Could anybody here in the forum help me sort the problem out then? Details follow:
[b]
BOClean 4.25 with up-to-date signatures on a fresh, clean, updated Windows XP Home SP2, has been reporting a malware in an instalation file of a CDendro5.3 CooRecorder program. The instalation file in question is available at the authors homepage [1] (the exe file download will automatically pop-up; it’s a free trial version).
When installing this software, BOClean reports as follows:
12/04/2007 09:48:06: RSK-BHO.BV VARIANT STOPPED BY BOCLEAN! Trojan horse was found in memory. D:\INSTALKI\DENDROCHRONO\CDENDRO+COORECORDERTRIAL_INSTALL.EXE contained the trojan. Active trojan horse WAS shut down. System safe.
However, program’s author says his antivirus software (F-Secure, Panda) doesn’t report anything suspicious. I have tried with ClamAV too and it also doesn’t see anything bad.
Could you please verify whether it is a possible false positive and if it’s safe to install the program in spite of BOClean claims?
[1]http://www.cybis.se/forfun/dendro/download/cdendrotrial.php
[/b]
