[FIXED] jDownloader, Bit Che, iPhoneRingToneMaker [FP]

CIS version: 3.9.95478.509
DB version: 1285
Heuristics: High

C:\Program Files (x86)\JDownloader\tools\Windows\kikin\KikinInstaller_1_11_4_jdownloader.exe

Malware name: Heur.Suspicious[at]20160879
Filename: KikinInstaller_1_11_4_jdownloader.exe
Description: jDownload toolbar?
Scan results: KikinInstaller_1_11_4_jdownloader.exe VirusTotal
Homepage: http://jdownloader.org/

C:\Users\Username\AppData\Roaming\Convivea\Bit_Che\scripts\special.exe C:\Users\Username\AppData\Roaming\Convivea\Bit_Che\scripts\x.dll

Malware name: Heur.Pck.FSG & Heur.Packed.Unknown
Filename: special.exe, x.dll
Description: Bit Che is tool that allows you to quickly search many popular bit torrent sites for files.
Scan results: special.exe VirusTotal, x.dll VirusTotal
Homepage: http://convivea.com/

C:\Program Files (x86)\iPhoneRingToneMaker\bassmix.dll C:\Program Files (x86)\iPhoneRingToneMaker\semutil.exe C:\Program Files (x86)\iPhoneRingToneMaker\semutilun.exe

Malware name: Heur.Packed.Unknown
Filename: bassmix.dll, semutil.exe, semutilun.exe
Description: iPhone ringtone maker…
Scan results: bassmix.dll VirusTotal, semutil.exe VirusTotal, semutilun.exe VirusTotal
Homepage: http://www.efksoft.com/products/iphoneringtonemaker/index.htm

V7chy

Hi,V7chy
We are going to have a look at it and will get back to you after investigation.
Regards
Shaogang.He

Hi,V7chy
This false-positive has been fixed. Please check in virus signature database 1293
Regards
Shaogang.He

Thanks but one FP is still not fixed.

CIS version: 3.9.95478.509
DB version: 1294
Heuristics: High

[b]Malware name:[/b] Heur.Pck.FSG/Heur.Packed.Unknown [b]Filename:[/b] special.exe [b]Scan results:[/b] special.exe [url=http://www.virustotal.com/analisis/df998d1416b80309ae9d77349f1ef1594a99b95d1e9c03f283c65a04ea5a5429-1244470687]VirusTotal[/url]

http://i40.tinypic.com/rcu076.png

http://i39.tinypic.com/14ya42d.png

Thanks
V7chy

I had the same FP in Bit Che v 1.0 build 60 but seems like its fixed in DB ver 1295 (including special.exe).

Thanks COMODO.

CIS just updated DB to 1295 but…

http://i42.tinypic.com/2wrlwsi.png

V7chy

Hi,V7chy
Can you zip the file and attach it to your post.
Thanks
Shaogang.He

I hope this helps

EDIT: Maybe it’s not fixed for me because I haw this bug? Link (bases.cav is ~55MB big)

V7chy

[attachment deleted by admin]

Hi,V7chy
This false-positive has been fixed. Please check in virus signature database 1301
Regards
Shaogang.He

Thanks now its fixed :-TU

V7chy