False Positives Fixed with latest update! [Resolved]

Thanks folks…I manually updated Boclean, rebooted and no FP’s this time!!!
Will keep an eye on things, but I guess you got it!
Mele

Before I went to work I updated and rebooted, and I got no False Positives either :slight_smile:

Greetz, Red.

Well my log shows otherwise:


05/21/2007 20:31:49: C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
Trojan horse was found in above file
DLDR-GAMES.D MALWARE STOPPED by BOCLEAN!
Logged in user: James
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.


05/22/2007 09:20:16: C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
Trojan horse was found in above file
DLDR-GAMES.D MALWARE STOPPED by BOCLEAN!
Logged in user: James
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.

However the file is still in place in my Drivers folder.

My FP went away also…I updated and have rebooted twice , and all seems to be fine now!

(:CLP)

I seem to be in the clear. Manually updated the new patch, rebooted and all is well.
Pat

Yes mine has gone also now, I guess the second one came before mine updated this morning.

It’s interesting that the file was not removed from my system, so I did not need Tony Klein’s download.

I uploaded it to virustotal which found nothing.

Happy to report that all is wonderful here too. Waited until everything seem resolved before I reinstalled it.

Many thanks!!!

Has the false positive been corrected with BoClean 4.22.002 version? I booted computer at 5pm BOC updated to update of 5/22/07 at 09:39. Tried manual update also and it stays the same…

05/22/2007 17:02:37: C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
Trojan horse was found in above file
DLDR-GAMES.D MALWARE STOPPED by BOCLEAN!
Logged in user: Mel
Active trojan horse was shut down. System now safe.
Above file copied to evidence location for examination
Trojan horse was removed, registry cleaned.

Planet, the updates are the same for both versions. If your version works like most the corrected update didn’t download immediately at boot up but some minutes later. Since the alert probably occured during boot CBOC hadn’t had time to grab the update yet and thus you got the Malware alert.
The 09:39 update you have is the latest as of now.

Maybe Comodo BOClean should have its status changed to BETA until Kevin can personally test every new release. I don’t trust the people he has delegated this task too. I will uninstall BOClean until the next major release.

PS: The Firewall is great.

I don’t think it is a matter of trust. When you acquire a company you know it takes time to integrate it in your own company, and you can expect all kind of problems with it. Maybe they should have given them selves a little bit more time :slight_smile:

Greetz, Red.

Jbob,
I believe you hit the nail on the head. Thanks. (:CLP)

I guess you’re right. I’ll give them another try with version 4.24.

Glad to hear that :slight_smile: Maybe you should read this :

BOClean 4.24 will have the following changes:
  1. Automatic backup AND RESTORE of boclean databases - BEFORE BOClean grabs a new database, it will save the earlier one to BOC424.OLD and then go grab a fresh database. If somehow the download is corrupted, it will be automatically replaced with the earlier good one. BOClean will close on a corrupted database, but you can restart BOClean again with the old one.

  2. ROLLBACK button added to the BOClean configuration screen - if you run config, it’ll be there in the lower right … click it and it will restore the previous update and lock out any updates until there is a new BOClean update that is different from the one replaced.

  3. BOClean EXCLUDER now accepts *.SYS and *.OCX files to the excluder and will ignore those YOU drag and drop there - same protections against unauthorized external modifications remains.

  4. Lack of focus (not “on top”) was caused by use of MFC components in the COMODO licensing stuff what was added to the 4.22 ■■■ 4.23 version as a result of incompatibilities between MICROSOFT C versus the Borland C in which BOClean was written. All of that has been converted to Borland C with external COMODO licensing DLL which is now compatible with ALL versions from Windows form Win95 to Vista.

  5. BOClean defaults now changed to NOT replace HOSTS file or cleanup winsock stack UNLESS selected in the BOClean configuration screen.

  6. Permissions issues which caused anomolies in XP and Vista now solved.

From here :

https://forums.comodo.com/index.php/topic,7712.msg66344.html#msg66344

Greetz, Red.

Thanks for the boost of confidence there, Red … but it would REALLY be much better if people read the ENTIRE https://forums.comodo.com/index.php/topic,7712.msg66344.html#msg66344 message since what happened with that FP was a whole lot more than just a whoopsie … there were serious technical issues with our folks overseas who do FABULOUS YEOMAN work although there’s new folks being trained daily and that’s where the problem originated. Our folks in India though knew RIGHT AWAY upon testing that there was a problem, but were unable to fix it. Problems over there with electrical power are so serious that once any work is completed, there was a need to get it out before the lights went out again in order to “keep the promise” and yes, extraordinary circumstances in this particular case although NONE of us are attempting to derive some sort of excuse for what happened.

As a result, BEFORE there is an update now, the core data is now being circulated in a number of locations across the planet so that if there ever is such a serious FP as this last one was, action can now be taken elsewhere at “Nancy and Kevin speed” no matter which COMODO center needs to deal with it. And whilst I’d been extremely concerned about the technical issues at our malware center with unreliable electricity, it HAS been dealt with finally because of the degree of the problem. So while many see this unfortunate event as a really bad downside, I’m personally encouraged because this situation FORCED the arguments I’ve made to become real and respected. For those who have taken this event poorly, all I can say is that a BUNCH of people now have religion! :slight_smile:

Kevin: Thank you for the explanation. It’s much appreciated. It goes a very long way toward restoring my confidence in CBOC… (:CLP)

I’ll mark this resolved, lock it and attempt to move it out of this area.