I’ve looked and I’m sure I’ve overlooked but where do we send the files that are being alerted on that we suspect are FPs?
[edit] sorry, misread the post, please see ~cats~ reply below. [/edit]
Hi Jbob,
You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line “False Positive?” for clarity’s sake.
As usual, zip and password protect with “infected” including that information in the body.
Edited for new submissions address.
Ok thanks Cat, that’s what I was looking for.
In this case the alert was on the file npad.exe in my system32 folder. The alert occured on bootup this morning. No alerts before and this file has been on my computers for a while now. This file is called by a startup command and has something to do with Notepad. If I’m not mistaken it has to do with NotePad2. This file is loaded as part of a RyanVM install of WinXP and was created by dgelwin. I trust his sources. It is part of one of the extra Cab installers that is designed to load NotePad2 during the windows install. It is called from HKCU…/run. The description shows Notepad Shortcut Replacement.
I am almost 100% this file is ok however I think it uses UPX so might be part of the issue. I sent the file to both Jotti and Virustotal. Jotti found nothing but did say UPX packers detected. Virustotal has three vendors, eSafe, Panda and Prevx1 show a result of suspicious Trojan/Worm, Suspicious file and Win32.Malware.gen. I presume that is just an alert on the UPX packer used.
The BOC alert was:(of which this is still BOC version 4.22.002)
MSNSC Malware Stopped by BOCLEAN along with the file name and the usual gui info.
What is strange about this alert is even though I told it to NOT delete the file each time I clicked on the file it alerted me again. I had thought that with BOC once you told it to not delete the file it ignored the detection until a restart?
Jbob,
I’m going to assume this was a FP and it was resolved…?
I’ll lock it and mark as resolved unless I hear back otherwise.
Thanks!