Heur.Suspicious@160404599

johnb1987 · January 27, 2011, 11:26am

Yesterday 2 files have the virus/malware (Heur.Suspicious@160404599) in the following files:

D:\MiniNT\system32\virtdisk.exe
D:\System Volume Information_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP708\A0065286.exe

Are those false positives?

Product version: Comodo Internet Security Premium (5.3.1767571236)
Virus signature database version: 7511

Valentinchen · January 27, 2011, 11:46am

Hey and warm welcome to comodo forums John!

here is some info that migh be relevant to your problem http://www.online-armor.com/oasis2/file/softthinks/virtdisk/virtdisk_dll/2642277. Try to upload it on virustotal.com

Regards,
Valentin N

Chiron494 · January 27, 2011, 10:38pm

Looks like a false positive. Probably.

Please upload the file virtdisk.exe here as a false positive. They will analyze it and send you an email with the results.

As for the detection in System Volume Information, that’s probably just the same file that is saved in a restore point. If you submit the file from system32 to be analyzed both will be taken care of.

As an added bonus they’ll be able to tell you for sure if it is malicious or not. Let me know if you have any more questions.

Thanks.

Citizen_K · January 29, 2011, 7:15pm

Moved.

e_xistense · January 31, 2011, 1:41pm

Hi johnb1987,

The false-positive has been fixed with DB 7552.

Thanks and regards,
Ionel