FP in uTorrent client update temp file.

FP in uTorrent client update temp file.

I got the warning when i tried to do a clientupdate from the menu.

…utt142.tmp.exe and utt143.tmp.exe. Tried to update two times.

Product site: http://www.utorrent.com/
Name: Heur.Dual.Extensions
Database version: 1837

Thanks.

/ linux

Hi,

Dual extensions are usually used by malware to disguise as genuine files. There is generic detection where if file has more than one extension, it will be given verdict as Heur.Dual.Extensions.
There can be very few odd cases where genuine files may also have double extensions.
In such situations, if user knows they are false-positive, he can add to exclusion list and also inform to us by submitting files via:

CIS does not have inbuilt interface to submit false-positive. So we request you to please use above mentioned web interface to submit false-positive to us, additionally you can also report those files here.

-Chandra Mohan

Okey, they are submitted now.

Have this been fixed yet or something? Because in database 1838 now it doesnt find anything.

When i scan the folder there is no warning but when i try to update the program again and it creates a new temporary update file the warning shows. If i ignore it i can update the client without and problems if i quarantine it, the update fails.

Cant add thoose temp files to a .rar, it says: Access denied or something like that.

Hi linux,

When CIS detects a file as being threat, it denies the access to it. In order to retrieve them, you must temporarily disable the Antivirus, add them to a password protected archive and after you can re-enable the Antivirus. Make sure the archive you create is password protected, other way CIS will scan also inside the archive.

After following these steps, please submit the files to us so we can investigate them.

Thanks and regards,
Ionel

I used the submit site to submit a .rar with the files, was that okey or should i e-mail a .rar file?

Hi linux,
I am sorry about that We currently do not receive your file,
please Try to submit non-compressed file to our website: http://internetsecurity.comodo.com/submit.php
so we can investigate them.
Regards,
shaogang.he

I talked with Vaishnavik in pm and he told me to e-mail the password protected archive with the files to malwaresubmit[ at ]avlab.comodo.com and thats what i did yesterday.

Is it thoose files i e-mailed in a .rar that doesnt work or?

Hi linux,

We received the files that you have submitted via malwaresubmit[ at ]avlab.comodo.com.Thanks for submission.We will get back to you shortly.

Regards,
Vaishnavi.V.K

Hi linux,

Reported FPs are fixed in DB 1909.Please update and confirm.

Regards,

Vaishnavi.V.K

I have database 1917 now and theres nothing found when i scan the Temp folder with the files in.

But i think i can only see when theres a new update for the client and it creates a new temp file that Comodo doesnt recognize, if it works like that.

Theese i mentioned in this thread seems to be fixed now. Thanks.

/ linux