FP - DivX Uninstallers - TrojWare.Win32.BHO.~ME@19496380

The DivX uninstallers are being flagged as TrojWare.Win32.BHO.~ME@19496380
This FP problem was corrected back in May but is back with the update to 3.10…530 (database 1538)

Six files (same as in May) are flagged.

C:\Program Files\DivX\DivXConverterUninstall.exe
C:\Program Files\DivX\DivXBundleUninstall.exe
C:\Program Files\DivX\DivXDSFiltersUninstall.exe
C:\Program Files\DivX\DivXCodecUninstall.exe
C:\Program Files\DivX\DivXPlayerUninstall.exe
C:\Program Files\DivX\DivXWebPlayerUninstall.exe

I uploaded these files to the Comodo Malware Analysis site (setting the False Positive radio button)

Hi,Jim__
We are going to have a look at it and will get back to you after investigation.
Thanks
Shaogang.He

Hi,Jim__
We found this FP has been fixed,although if you can found this detection,pls zip the file and attach it to your post.
Thanks
Shaogang.He

Scanned again after updating signature DB to 1541. False positives as listed below:

TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXCodecUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXBundleUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXConverterUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXDSFiltersUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXPlayerUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXWebPlayerUninstall.exe

ZIP file containing this files attached.

Jim

[attachment deleted by admin]

Hi Jim__,

The submitted FP will be fixed in next updates.

Regards,
-Chandra Mohan

Hi Jim__,

Reported FP has been fixed in DB 1542 of CIS 3.10

Regards,
-Chandra mohan

Verified these FP are corrected using DB version 1542.
Thanks.
Jim

Hi just got a warning for this file: TrojWare.Win32.BHO.~ME@19496380 is it dangerous?
(Yesterday I removed the DivX from my notepad, is it just the uninstall-file?)

Hi no clue,

Please check it in the lastest virus signature database.

Regards,
hailong.■■■■

Clean scan of the DIVX folder using virus DB version 1738. Verified no scanner exclusions other than the defaults.

FYI…

My Comodo version… 3.10.102363.531
Virus signature database version… 1987
Vista Home Premium SP2 32bit

Up-to-date…
DivX Player 7.2.0
DivX Codec 6.8.5
DivX Converter 7.1.0
H.264 Decoder 1.1.0

Comodo detects…

C:\Program Files\DivX\DivXBundleUninstall.exe,
…DivXCodecUninstall.exe,
…DivXConverterUninstall.exe,
…DivXPlayerUninstall.exe,
…DivXDSFiltersUninstall.exe,
…DivXWebPlayerUninstall.exe

…as…

TrojWare.Win32.BHO.~ME[at]19496380

…this a.m. 08/16/09

-RpD

Hi RpD,

Please attach the mentioned files for our verification.
If found as false positive, it will be fixed.

-Chandra Mohan

Zipped ‘folder’ of DivX detected files 081609 attached

[attachment deleted by admin]

Hi RpD,

The submitted files are being verified.

-Chandra Mohan

Tested files… Jotti found ‘nothing’ (:NRD)

Hi RpD,

The false positive was fixed.
Please verify with latest DB 1988 of CIS 3.10
If the mentioned file is getting detected again please let us know.

Regards,
-Chandra Mohan

I clicked my CIS to update to 1988.
The ‘About’ database version says 1988.
My CIS still detects the same files as the same trojan.
I stopped CIS and restarted but I have not rebooted.

[Edit: I did reboot… same results]

Hi RpD,

The mentioned FP was fixed. If it is detected again, it is due to bug.
Please attach the screen shot of the detection along with the screen shot that the product version that you are using for our verification in order to resolve this issue.

-Chandra Mohan

Re: Comodo 3.10.102363.351, virus sig db 1989, detection of DivX

Attached… screenshots of Comodo’s detection of DivX, Comodo’s ‘About’ versions, DivX versions.

[attachment deleted by admin]

[attachment deleted by admin]

Hi RpD,

We are going to have a look at it and will get back to you after investigation.

Regards,
hailong.■■■■