FP for old (February 12th 2015) digitally signed Oracle Virtual Box found in C:\Windows\Installer\67dcd.msi|product.cab|file_VBoxDD2GC.gc
Product: Oracle VM VirtualBox 4.3.22 (67dcd.msi)
Product site (showing file contained in installer) Binaries_overview – Oracle VM VirtualBox
Signed SHA1 by:
CN = VeriSign Class 3 Code Signing 2010 CA
OU = VeriSign Trust Network
O = VeriSign, Inc.
C = US
Digital Check SHA1 by:
CN = Symantec Time Stamping Services CA - G2
O = Symantec Corporation
C = US
Comodo Version 10.0.1.6258
Heuristics set to High
File was NOT picked up by Comodo Version 8 previous scan (same settings)
Action taken: Its old and never use it, deleted.
Thank you for reporting this.
We’ll check it.
We checked this version of VirtualBox with latest antivirus database and have not found this file being detected.
Please submit the detected file to us via email at falsepositive[at]avlab.comodo.com
I reported it as FP with the program, the file seems to be gone now while I added it to ignore once list it was most likely deleted when I uninstalled Virtual Box.
Are you sure you tested it against the old Oracle VM VirtualBox 4.3.22 (67dcd.msi) not the latest VirtualBox 5.1.26 platform packages.
The files it caught as Unknown where the 2 following:
VBoxDD2GC.gc Virtual devices guest context (GC) code for devices where we make use of 3rd party LGPL sources.
VBoxDDGC.gc Virtual devices guest context (GC) code.
Noticed the other one at the very end of the scan. Didn’t show up during the scan while it did say 2 files detected.
Edit: Also please note that this was not picked up by Comodo v8 (since install of the VirtualBox file in 2015) the ESET offline scanner and MBAM either. Only by comodo v10.
If the file was not received I no longer have it in my possession, it was most likely removed by the normal VirtualBox uninstaller which I ran during the scan since I didn’t need the program anymore anyway.
If not, any suggestions on what to do next if the file was malicious (which I highly doubt)?
File was “VirtualBox 4.3.22 (released Feb 12th 2015)”, and scanned by last 10 version of Comodo Antivirus.
VirtualBox was downloaded from official website
Please, Check it again.
The main installation file wasn’t the issue, that comes up clean for me as well.
What was the issue was the file created (either by automatic updates, repair file, windows update or whatever created it) in the C:\Windows\Installer\ dir named “67dcd.msi”.
The container was signed SHA-1/RSA by Oracle and Verisign and verified by Symantec Time Stamp.
The files flagged in the container where 2 components that should be inside of the installation (the ones I added in the Code box which are listed on the binaries list of Virtual Box, where I downloaded Virtual Box back in 2015 as well).
Like I said, I added submitted the files through CIS, I don’t know if they reached you since I deinstalled the program during scan but I think they should have since they got added to quarantine (however, they where not restored to their original directory after “ignoring once” at the end of the scan).
I’m running a new full scan right now, with heuristics on high again (it does not detect the files with heuristics on low or medium).
If in fact the files where deleted and, worst case scenario, they where malicious (which I still think is unlikely), after running a full scan and finding nothing suspicious I can consider the computer clean again right?
Or should I run something else other then Comodo and MBAM just to be sure?