False postive Nemobar.exe

McARIS · February 22, 2011, 5:32pm

Hello! Help to decide this problem.

[attachment deleted by admin]

FlorinG · February 22, 2011, 5:36pm

Hello McARIS,

Please submit the file here as a False Positive so we can check it.

Best regards,
FlorinG

McARIS · February 23, 2011, 8:44am

Comodo Instant Malware Analysis
Malware Analysis Report
File Info
Name Value
Size 531181
MD5 37383bcb7f2119e140d006393a25a05c
SHA1 db697b8d7d05e5503285a7c0e0e630e9de438601
SHA256 b0df301bf192e2125b59fd93ebcd4b23418b02ec4de82a25b55d7213d2798f41
Process Active
• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
Name Last Write Time Creation Time Last Access Time Attr
C:\Documents and Settings\User\Local Settings\Temp\is-0AVJ0.tmp 2009.01.12

15:12:45.625 2009.01.12 15:12:45.578 2009.01.12 15:12:45.625 0x10
C:\Documents and Settings\User\Local Settings\Temp\is-8IV5E.tmp 2009.01.12

15:12:47.640 2009.01.12 15:12:47.640 2009.01.12 15:12:47.640 0x10
C:\Documents and Settings\User\Local Settings\Temp\is-8IV5E.tmp_isetup

2009.01.12 15:12:47.671 2009.01.12 15:12:47.640 2009.01.12 15:12:47.671

0x10
• Directories Changed
• Directories Deleted
• Files Created
Name Size Last Write Time Creation Time Last Access Time

Attr
C:\Documents and Settings\User\Local Settings\Temp\is-0AVJ0.tmp\is-

762FN.tmp 660992 2009.01.12 15:12:46.218 2009.01.12 15:12:45.625

2009.01.12 15:12:45.625 0x20
C:\Documents and Settings\User\Local Settings\Temp\is-8IV5E.tmp_isetup

_shfoldr.dll 23312 2009.01.12 15:12:47.687 2009.01.12 15:12:47.671

2009.01.12 15:12:47.671 0x20
• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
• Drivers Loaded
• Drivers Unloaded
• Processes Created
PId Process Name Image Name
0x298 is-762FN.tmp C:\DOCUME~1\User\LOCALS~1\Temp\is-0AVJ0.tmp\is-

762FN.tmp
• Processes Terminated
• Threads Created
PId Process Name TId Start Start Mem Win32 Start

Win32 Start Mem
0x298 is-762FN.tmp 0x378 0x7c810867 MEM_IMAGE 0x48b420

MEM_IMAGE
0x2ac lsass.exe 0x374 0x7c810856 MEM_IMAGE 0x77e76bf0

MEM_IMAGE
0x348 svchost.exe 0xf8 0x7c810856 MEM_IMAGE 0x7c910760

MEM_IMAGE
0x3f4 svchost.exe 0x684 0x7c810856 MEM_IMAGE 0x77e76bf0

MEM_IMAGE
• Modules Loaded
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
Auto Analysis Verdict
Undetected

Virustotal is a service that analyzes suspicious files and URLs and

facilitates the quick detection of viruses, worms, trojans, and all kinds

of malware detected by antivirus engines. More information…

File already submitted: The file sent has already been analysed by

VirusTotal in the past. This is same basic info regarding the sample itself

and its last analysis:

MD5: 37383bcb7f2119e140d006393a25a05c
Date first seen: 2009-03-03 18:49:26 (UTC)
Date last seen: 2010-09-17 17:37:34 (UTC)
Detection ratio: 0/43

FlorinG · February 23, 2011, 5:25pm

Hello McARIS,

This False Positive has been fixed. You can check with Virus Signature Database version 7785 and confirm it.

Best regards,
FlorinG

McARIS · February 25, 2011, 9:47am

Fine.Thanks.Everything was much easier than I thought. :-TU