FP or Great detection(confused)

CIS heuristics has detected two files and i’m confused, cause they are in the windows directory.PC is scanned with panda internet security 2010, threatfire, MBAM, q-squared anti-malware and they didn’t detect anything.The files look a bit suspicious to me too, not just to CIS.:)) Well, the results from VT:

MBR.exe-Heur.suspicious[at]74069237
http://www.virustotal.com/analisis/42855149b90c059b62ebc4027188361860fb6ffd9e4a2aa074c665181a2b9326-1258136347

and

NIRCMD.exe-Application.Win32.Nircmd.[at]16774100
http://www.virustotal.com/analisis/eccf9f7bb602e25cf9383be7856318c1fa679c0c4a354966b0ed723da17e8d24-1258136422

As You know, eSafe and Sophos are the greatest programs for detection and disinfection.When i see comodo along them, that makes me feel good.:))

Hi bequick,

This file is a false-positive and a fix will be present within next updates.

This is not a false-positive and detection name is explained here: https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/cis_malware_naming_rules_for_potentially_dangerous_applicationsriskware-t38506.0.html

Thanks for reporting this, we will get back to you after a fix is present for the mentioned FP.

Regards,
Ionel

Thanks.:))

MBR.exe-Heur.suspicious[at]74069237 http://www.virustotal.com/analisis/42855149b90c059b62ebc4027188361860fb6ffd9e4a2aa074c665181a2b9326-1258136347
Hi,bequick This false-positive has been fixed. Please check in virus signature database 2947 Thanks Shaogang

Confirmed.So, what exactly is MBR.exe?

Hi Bequick. I checked out MBR.EXE and its a rootkit according to Prevx and others.

Regards
Dave1234.

How it’s safe then? ???

Bequick, can you get me MRB.exe, PM it over.

Thanks.

Thanks

I uploaded it to CIMA:
http://camas.comodo.com/cgi-bin/submit?file=42855149b90c059b62ebc4027188361860fb6ffd9e4a2aa074c665181a2b9326

And Anubis:
http://anubis.iseclab.org/?action=result&task_id=1cbc1002b2fad3b94813a64d1e22fa830&format=html

Will get this looked at again.

Hi,

File mbr.exe reported on this topic is a third party application designed to verify mbr boot sector of a harddisk for few known mbr-malware. It can be found and downloaded from:


http://www.gmer.net/

SHA1: e51e0b26d3a8fb28e0e4dcf78b6e4df2da879ff4
MD5: c5ec72a20b4c98db5314e6c46765b148
Size: 77,312 bytes

I checked out MBR.EXE and its a rootkit according to Prevx and others.

“MBR.exe” as filename is known to be associated with malware, but it’s not the case here and from what you can see on mentioned website, the file has different characteristics from the one reported here:


The following file size has been seen:

* 577,536 bytes
* 155,648 bytes
* 1,724,419 bytes
* 100,864 bytes
* 66,048 bytes

You can find more info on application’s website.

Regards,
Ionel