[FIXED] FP - Unknown Malware (Dirty)[at]12730284

Weird detection, probably FP.

WinRAR_Smile_d_48x48.1_00.theme.rar - WinRAR Smile theme version 1.00 © by Volter’s Icons ( WinRAR archiver, a powerful tool to process RAR and ZIP files )

Two BMP files inside the theme package are detected as malware:

Unknown Malware (Dirty)[at]12730284 Z:\WinRAR_Smile_d_48x48.1_00.theme.rar:SortDown.bmp Unknown Malware (Dirty)[at]12730276 Z:\WinRAR_Smile_d_48x48.1_00.theme.rar:SortUp.bmp

https://www.virustotal.com/analisis/c13b5a52d1aa1fddf0a262c1d8e26c40

http://camas.comodo.com/cgi-bin/submit?file=80e40e1acfe699fdb00c91b1b8b3404f867e6b14a6d9a33f27b817916856ac6f

As a side note, there is a problem with event log and restoring quarantined files. When I chose to ignore the above file, then it has been added to Exclusion list, but this action has not been noted in AV Event Log. When I tried to restore this file from quarantine, cause it probably is a FP then I got an error message saying that it can’t be done( see screenshot). Also when I removed quarantined file, then there was no Malware Name in AV Even Log coresponding to removed file.

Note: ‘System nie może odnaleźć określonej ścieżki.’ means ‘System cannot find specified path.’

[attachment deleted by admin]

Hi fOrTy_7,

Unknown Malware (Dirty)[at]12730284 Z:\WinRAR_Smile_d_48x48.1_00.theme.rar:SortDown.bmp Unknown Malware (Dirty)[at]12730276 Z:\WinRAR_Smile_d_48x48.1_00.theme.rar:SortUp.bmp

We are going to have a look at the above quote and will get back to you after investigation.

Regards,
Sriram.P

Hi fOrTy_7,

The submitted false positive has been fixed in v1099, Please update your database and confirm.

Regards,
Sriram.P

Yes, the FP has been fixed in database v1099. (:CLP)

Thanks.