Jim1
July 4, 2009, 1:24am
#1
The DivX uninstallers are being flagged as TrojWare.Win32.BHO.~ME@19496380
This FP problem was corrected back in May but is back with the update to 3.10…530 (database 1538)
Six files (same as in May) are flagged.
C:\Program Files\DivX\DivXConverterUninstall.exe
C:\Program Files\DivX\DivXBundleUninstall.exe
C:\Program Files\DivX\DivXDSFiltersUninstall.exe
C:\Program Files\DivX\DivXCodecUninstall.exe
C:\Program Files\DivX\DivXPlayerUninstall.exe
C:\Program Files\DivX\DivXWebPlayerUninstall.exe
I uploaded these files to the Comodo Malware Analysis site (setting the False Positive radio button)
system
July 4, 2009, 1:36am
#2
The DivX uninstallers are being flagged as TrojWare.Win32.BHO.~ME[at]19496380
This FP problem was corrected back in May but is back with the update to 3.10…530 (database 1538)
Six files (same as in May) are flagged.
C:\Program Files\DivX\DivXConverterUninstall.exe
C:\Program Files\DivX\DivXBundleUninstall.exe
C:\Program Files\DivX\DivXDSFiltersUninstall.exe
C:\Program Files\DivX\DivXCodecUninstall.exe
C:\Program Files\DivX\DivXPlayerUninstall.exe
C:\Program Files\DivX\DivXWebPlayerUninstall.exe
I uploaded these files to the Comodo Malware Analysis site (setting the False Positive radio button)
Hi,Jim__
We are going to have a look at it and will get back to you after investigation.
Thanks
Shaogang.He
system
July 4, 2009, 2:34am
#3
The DivX uninstallers are being flagged as TrojWare.Win32.BHO.~ME[at]19496380
This FP problem was corrected back in May but is back with the update to 3.10…530 (database 1538)
Six files (same as in May) are flagged.
C:\Program Files\DivX\DivXConverterUninstall.exe
C:\Program Files\DivX\DivXBundleUninstall.exe
C:\Program Files\DivX\DivXDSFiltersUninstall.exe
C:\Program Files\DivX\DivXCodecUninstall.exe
C:\Program Files\DivX\DivXPlayerUninstall.exe
C:\Program Files\DivX\DivXWebPlayerUninstall.exe
I uploaded these files to the Comodo Malware Analysis site (setting the False Positive radio button)
Hi,Jim__
We found this FP has been fixed,although if you can found this detection,pls zip the file and attach it to your post.
Thanks
Shaogang.He
Jim1
July 4, 2009, 3:11pm
#4
Scanned again after updating signature DB to 1541. False positives as listed below:
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXCodecUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXBundleUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXConverterUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXDSFiltersUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXPlayerUninstall.exe
TrojWare.Win32.BHO.~ME@19496380 C:\Program Files\DivX\DivXWebPlayerUninstall.exe
ZIP file containing this files attached.
Jim
[attachment deleted by admin]
gmohan
July 4, 2009, 4:00pm
#5
Hi Jim__,
Scanned again after updating signature DB to 1541. False positives as listed below:
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXCodecUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXBundleUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXConverterUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXDSFiltersUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXPlayerUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXWebPlayerUninstall.exe
ZIP file containing this files attached.
Jim
The submitted FP will be fixed in next updates.
Regards,
-Chandra Mohan
gmohan
July 4, 2009, 6:27pm
#6
Hi Jim__,
Scanned again after updating signature DB to 1541. False positives as listed below:
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXCodecUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXBundleUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXConverterUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXDSFiltersUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXPlayerUninstall.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Program Files\DivX\DivXWebPlayerUninstall.exe
ZIP file containing this files attached.
Jim
Reported FP has been fixed in DB 1542 of CIS 3.10
Regards,
-Chandra mohan
Jim1
July 4, 2009, 6:28pm
#7
Verified these FP are corrected using DB version 1542.
Thanks.
Jim
Hi just got a warning for this file: TrojWare.Win32.BHO.~ME@19496380 is it dangerous?
(Yesterday I removed the DivX from my notepad, is it just the uninstall-file?)
system
July 23, 2009, 1:35am
#9
Hi no clue,
Please check it in the lastest virus signature database.
Regards,
hailong.■■■■
Jim1
July 23, 2009, 3:26am
#10
Clean scan of the DIVX folder using virus DB version 1738. Verified no scanner exclusions other than the defaults.
RpD
August 16, 2009, 8:34am
#11
FYI…
My Comodo version… 3.10.102363.531
Virus signature database version… 1987
Vista Home Premium SP2 32bit
Up-to-date…
DivX Player 7.2.0
DivX Codec 6.8.5
DivX Converter 7.1.0
H.264 Decoder 1.1.0
Comodo detects…
C:\Program Files\DivX\DivXBundleUninstall.exe,
…DivXCodecUninstall.exe,
…DivXConverterUninstall.exe,
…DivXPlayerUninstall.exe,
…DivXDSFiltersUninstall.exe,
…DivXWebPlayerUninstall.exe
…as…
TrojWare.Win32.BHO.~ME[at]19496380
…this a.m. 08/16/09
-RpD
gmohan
August 16, 2009, 9:42am
#12
Hi RpD,
FYI…
My Comodo version… 3.10.102363.531
Virus signature database version… 1987
Vista Home Premium SP2 32bit
Up-to-date…
DivX Player 7.2.0
DivX Codec 6.8.5
DivX Converter 7.1.0
H.264 Decoder 1.1.0
Comodo detects…
C:\Program Files\DivX\DivXBundleUninstall.exe,
…DivXCodecUninstall.exe,
…DivXConverterUninstall.exe,
…DivXPlayerUninstall.exe,
…DivXDSFilersUninstall.exe,
…DivXWebPlayerUninstall.exe
…as…
TrojWare.Win32.BHO.~ME[at]19496380
…this a.m. 08/16/09
-RpD
Please attach the mentioned files for our verification.
If found as false positive, it will be fixed.
-Chandra Mohan
RpD
August 16, 2009, 10:14am
#13
Zipped ‘folder’ of DivX detected files 081609 attached
[attachment deleted by admin]
gmohan
August 16, 2009, 10:22am
#14
Hi RpD,
The submitted files are being verified.
-Chandra Mohan
RpD
August 16, 2009, 10:29am
#15
Tested files… Jotti found ‘nothing’ (:NRD)
gmohan
August 16, 2009, 10:57am
#16
Hi RpD,
FYI…
My Comodo version… 3.10.102363.531
Virus signature database version… 1987
Vista Home Premium SP2 32bit
Up-to-date…
DivX Player 7.2.0
DivX Codec 6.8.5
DivX Converter 7.1.0
H.264 Decoder 1.1.0
Comodo detects…
C:\Program Files\DivX\DivXBundleUninstall.exe,
…DivXCodecUninstall.exe,
…DivXConverterUninstall.exe,
…DivXPlayerUninstall.exe,
…DivXDSFiltersUninstall.exe,
…DivXWebPlayerUninstall.exe
…as…
TrojWare.Win32.BHO.~ME[at]19496380
…this a.m. 08/16/09
-RpD
The false positive was fixed.
Please verify with latest DB 1988 of CIS 3.10
If the mentioned file is getting detected again please let us know.
Regards,
-Chandra Mohan
RpD
August 16, 2009, 11:16am
#17
I clicked my CIS to update to 1988.
The ‘About’ database version says 1988.
My CIS still detects the same files as the same trojan.
I stopped CIS and restarted but I have not rebooted.
[Edit: I did reboot… same results]
gmohan
August 16, 2009, 1:06pm
#18
Hi RpD,
I clicked my CIS to update to 1988.
The ‘About’ database version says 1988.
My CIS still detects the same files as the same trojan.
I stopped CIS and restarted but I have not rebooted.
[Edit: I did reboot… same results]
The mentioned FP was fixed. If it is detected again, it is due to bug.
Please attach the screen shot of the detection along with the screen shot that the product version that you are using for our verification in order to resolve this issue.
-Chandra Mohan
RpD
August 16, 2009, 1:48pm
#19
Re: Comodo 3.10.102363.351, virus sig db 1989 , detection of DivX
Attached… screenshots of Comodo’s detection of DivX, Comodo’s ‘About’ versions, DivX versions.
[attachment deleted by admin]
[attachment deleted by admin]
system
August 17, 2009, 1:59am
#20
Re: Comodo 3.10.102363.351, virus sig db 1989 , detection of DivX
Attached… screenshots of Comodo’s detection of DivX, Comodo’s ‘About’ versions, DivX versions.
Hi RpD,
We are going to have a look at it and will get back to you after investigation.
Regards,
hailong.■■■■