FP Oracle VM VirtualBox 4.3.22 (67dcd.msi)

FP for old (February 12th 2015) digitally signed Oracle Virtual Box found in C:\Windows\Installer\67dcd.msi|product.cab|file_VBoxDD2GC.gc

Product: Oracle VM VirtualBox 4.3.22 (67dcd.msi)
Product site (showing file contained in installer) Binaries_overview – Oracle VM VirtualBox


MD5: 75A3DEB2D554AC887D82BF6A0997EABC
SHA-1: 4E186576DFCBC692DD379DA0C53B6121BACAFBB4

Signed SHA1 by:
CN = VeriSign Class 3 Code Signing 2010 CA
OU = Terms of use at https://www.verisign.com/rpa (c)10
OU = VeriSign Trust Network
O = VeriSign, Inc.
C = US

Digital Check SHA1 by:
CN = Symantec Time Stamping Services CA - G2
O = Symantec Corporation
C = US

Comodo Version
Virusdatabase 27529
Heuristics set to High

File was NOT picked up by Comodo Version 8 previous scan (same settings)

Action taken: Its old and never use it, deleted.


Thank you for reporting this.
We’ll check it.

Kind Regards,
Erik M.


We checked this version of VirtualBox with latest antivirus database and have not found this file being detected.
Please submit the detected file to us via email at falsepositive[at]avlab.comodo.com

Thank you!

Kindest Regards,
Erik M.

I reported it as FP with the program, the file seems to be gone now while I added it to ignore once list it was most likely deleted when I uninstalled Virtual Box.

Are you sure you tested it against the old Oracle VM VirtualBox 4.3.22 (67dcd.msi) not the latest VirtualBox 5.1.26 platform packages.

The files it caught as Unknown where the 2 following:

VBoxDD2GC.gc 	Virtual devices guest context (GC) code for devices where we make use of 3rd party LGPL sources. 

VBoxDDGC.gc 	Virtual devices guest context (GC) code. 

Noticed the other one at the very end of the scan. Didn’t show up during the scan while it did say 2 files detected.

Edit: Also please note that this was not picked up by Comodo v8 (since install of the VirtualBox file in 2015) the ESET offline scanner and MBAM either. Only by comodo v10.

If the file was not received I no longer have it in my possession, it was most likely removed by the normal VirtualBox uninstaller which I ran during the scan since I didn’t need the program anymore anyway.
If not, any suggestions on what to do next if the file was malicious (which I highly doubt)?


File was “VirtualBox 4.3.22 (released Feb 12th 2015)”, and scanned by last 10 version of Comodo Antivirus.
VirtualBox was downloaded from official website
Please, Check it again.

Kind Regards,
Erik M.

The main installation file wasn’t the issue, that comes up clean for me as well.
What was the issue was the file created (either by automatic updates, repair file, windows update or whatever created it) in the C:\Windows\Installer\ dir named “67dcd.msi”.

The container was signed SHA-1/RSA by Oracle and Verisign and verified by Symantec Time Stamp.

The files flagged in the container where 2 components that should be inside of the installation (the ones I added in the Code box which are listed on the binaries list of Virtual Box, where I downloaded Virtual Box back in 2015 as well).

Like I said, I added submitted the files through CIS, I don’t know if they reached you since I deinstalled the program during scan but I think they should have since they got added to quarantine (however, they where not restored to their original directory after “ignoring once” at the end of the scan).

I’m running a new full scan right now, with heuristics on high again (it does not detect the files with heuristics on low or medium).

If in fact the files where deleted and, worst case scenario, they where malicious (which I still think is unlikely), after running a full scan and finding nothing suspicious I can consider the computer clean again right?
Or should I run something else other then Comodo and MBAM just to be sure?