False positive - Windows System Files

Kruis · October 14, 2011, 6:43pm

http://b1110.hizliresim.com/11/10/14/12806.bmp

Camas Suspicious+

http://www.virustotal.com/file-scan/report.html?id=2d9cec3fe3a3f460e5d6a77a1a39129809ca88854336763ac8c4810ac8a9ac84-1318617055

http://camas.comodo.com/cgi-bin/submit?file=2d9cec3fe3a3f460e5d6a77a1a39129809ca88854336763ac8c4810ac8a9ac84

https://valkyrie.comodo.com/Result.html?sha1=8170fb75dcef1319fd26cea0c8e671a75c78581a&&query=0&&filename=netsetup.exe

Download : netsetup.rar dosyasını indir - download

FlorinG · October 14, 2011, 7:12pm

Hello Kruis,

Thank you for your submission. We’ll check it and get back to you soon.

Best regards,
FlorinG

khanyash · October 14, 2011, 7:46pm

Are those critical windows system files? Coz I remeber well, once I have asked if CAV will detect critical windows system files as malware & one of the Devs have replied that CAV is optimized in a way that it will not detect critical windows system files as malware.

Thanxx
Naren

Chunli · October 14, 2011, 11:01pm

Hi,Kruis

This is to inform you that false-positive with
SHA1: <8170fb75dcef1319fd26cea0c8e671a75c78581a>
has been fixed.
You can update to AV database Version <10450> of Comodo Internet Security Version<5.5.195786.1383> and confirm it.

Regards
Chunli.chen
Comodo AntiVirus Lab

Kruis · October 15, 2011, 6:10pm

Thank you Friends :-TU

warhippy · October 30, 2011, 11:07pm

I just don’t understand why anyone, especially anti-virus program companies, would automatically trust a file just because it’s a windows file. Back in 1999 or 2000, it was discovered by some programmers, who were looking at windows source code, that windows contains two back doors, intentionally left in by Microsoft. One led back to Microsoft, the second led back to the National Security Agency. A back door is put into a program in development so that when the program encounters a glitch when debugging, the code can be fixed and reset so that the program can be restarted with all the variables reset to the default settings. They are removed when the program has been debugged. The DLL file that contains these back doors (Advapi32.dll) is a required file that windows needs to run. It’s in every copy of windows from windows 98SE forward. What that means is that whenever your computer is turned on, Microsoft, or the NSA can enter your computer, look or change any file, and leave again, without you even knowing they were there. I found this out by accident. I was wondering why windows sometimes took 2 or 3 minutes to shut down. I had a little program called “PEEK”, which translated files into simpler language that a normal person could understand. I ran it on the dll file Advapi32.DLL. Not far in I saw the command, “Abort Shutdown”. I hard copied the results and still keep them (over 100 pages) . I won’t go into details but basically what the program did was, copy system files and system status to somewhere else on the drive, change all permissions, giving it access to all files, then it went into straight machine language for speed, so alot of the readout was just '0’s and '1’s, near the end of the program, it switched back to C++ and it commanded the system to delete all relevant files, restore all permissions and system status files, delete all records of system changes, continue shutdown, end. So, in one minutes time, your computer can be entered, inspected, change if desired, and exited, and all you’ll see is your computer took a little longer than normal to shut down. And then you automatically trust windows files because they made the operating system that controls your computer. Well, maybe YOU do…