heur malware

mittal · October 10, 2010, 11:15am

comodo detected that i have malware like heur. i read somewhere here that heur malware is false postive by comodo.

is that true?

wat i do now. i got heur malware.check screen shot.

i deleted it when comodo asked me. will this create any error in pc?

[attachment deleted by admin]

MetalShaun · October 10, 2010, 11:58am

A Heur. detection means a detection by the heuristic calculations of the AV. This is an extra way of detecting malware but in CIS can be prone to false positives. To check whether it is a false positive upload it to both Virus Total and CIMA.

http://camas.comodo.com/

Cheers
Shaun

Edit: since it is a temp file I wouldn’t worry too much about it either way.

mittal · October 10, 2010, 12:30pm

will it make any problem in pc bcoz i deleted when comodo asked.

why comodo detects false postive malware. in real it is not malware.

Chiron494 · October 10, 2010, 2:26pm

Heuristic definitions are an attempt to identify malware that nobody has yet seen.

In the case of Heuristic.Dual.Extensions these are files that have a name like example.exe.jpg to fool the user into running them. They can also be legitimate files that are temp files that will later be renamed for their purpose.

For the future you should probably only quarantine the files and not delete them. Also, if you’re not sure that a file identified as malicious actually is you can report it as a false positive here. They will analyze it and send you an email letting you know if it is actually dangerous or not.

Thanks.

mittal · October 12, 2010, 9:04am

i scan my pc and i got heur malware.

i moved it in quarantine. how can i upload that file to check in virus total? it is in quarantine so how to upload in virus total.

[attachment deleted by admin]

Chiron494 · October 12, 2010, 3:00pm

You have to remove it from quarantine in order to upload it. Of course if you want you can make it a blocked file using CIS so it can’t do anything anyway, but you can upload it.

mittal · October 13, 2010, 7:15am

i uploaded in virus total and it looks like it is not virus.

click http://www.virustotal.com/file-scan/report.html?id=3bad3f9361f7cbb63ea96afd97aff8568461d23226c6dbe43025d5e2283a658e-1286953933

wat i do now.

languy99 · October 13, 2010, 7:33am

actually that does not look like a false positive to me, especially seeing as sophos and dr.web report it as malware and they almost never have them. I would keep it in quarantine and if everything is running good in a few days I would delete it.

mittal · October 13, 2010, 8:56am

i moved it in quaratine.

i will delete it after 1 month if my pc works good.

wat to do if my pc not work good bcoz 1 file is in quarantine.that file having virus so it not possible to move file again in old folder.

jay2007tech · October 13, 2010, 6:42pm

wat to do if my pc not work good bcoz 1 file is in quarantine.that file having virus so it not possible to move file again in old folder

WORST case senerio, you can always put it back to the way it was :(