Heur.Suspicious@24612687

40apple40 · July 2, 2009, 2:45pm

7/2/2009 12:45:35 PM Quarantine C:\DELL\drivers\R200273\nvudisp.exe Heur.Suspicious@24612687 Success
7/2/2009 12:45:35 PM Quarantine C:\NVIDIA\DisplayDriver\186.03\International\Display\nvudisp.exe Heur.Suspicious@25072531 Success
7/2/2009 12:45:35 PM Quarantine C:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\NVIDIA GeForce 8400M GS\nvudisp.exe Heur.Suspicious@24612687 Success
7/2/2009 12:45:35 PM Quarantine C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_07eee4e8\nvudisp.exe Heur.Suspicious@24612687 Success
7/2/2009 12:45:35 PM Quarantine C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_2b1a1f3a\nvudisp.exe Heur.Suspicious@25072531 Success
7/2/2009 12:45:35 PM Quarantine C:\Windows\System32\nvudisp.exe Heur.Suspicious@25072531 Success
7/2/2009 12:45:35 PM Quarantine C:\Windows\System32\nvuninst.exe Heur.Suspicious@25406302 Success
End of The Report

40apple40 · July 2, 2009, 2:52pm

forgot to say database no. is 1538.

thanks.

e_xistense · July 2, 2009, 2:59pm

Hi,

We will check the submission and if confirmed as false positive, a fix will be added.

Thanks,
Ionel

40apple40 · July 8, 2009, 9:16am

hi,

how do i know if these are FPs & can be fixed or if they’re genuine threats?

will a reply be posted here informing me if they’re genuine or not?

thanks,

apple

e_xistense · July 8, 2009, 11:35am

Hi,

The submitted files were indeed false positives and they were fixed.

Please update to DB 1578 of Comodo Internet Security 3.10.102363.531 and check.

Thanks,
Ionel

40apple40 · July 12, 2009, 6:40am

all checked ok now.

thanks.

no_clue · July 23, 2009, 12:35am

Are those FPs or are they dangerous?

TrojWare.Win32.VB.aqt@6123427
TrojWare.Win32.BHO.~ME@19496380
Heur.Suspicious@19685141

I already tried to remove them, but they show again (locations in quarantine):

C:\System Volume Information_restore{7E119608-222E-4E65-BAD4-07D23F472E47}\RP85\A0024907.inf
C:\System Volume Information_restore{7E119608-222E-4E65-BAD4-07D23F472E47}\RP85\A0024908.exe
C:\System Volume Information_restore{7E119608-222E-4E65-BAD4-07D23F472E47}\RP85\A0024909.exe

(Attached a psc-exam report)

[attachment deleted by admin]

system · July 23, 2009, 1:31am

Hi no clue，

We are going to have a look at it and will get back to you after investigation.

Regards,
hailong.wang

Vaishnavik · July 23, 2009, 5:27am

Hi no clue,

Reported detection TrojWare.Win32.VB.aqt[at]6123427 is not a false detection and TrojWare.Win32.BHO.~ME[at]19496380
Heur.Suspicious[at]19685141 are FPs.They are fixed in DB 1739.
Kindly update and confirm.

Regards,
Vaishnavi.V.K

Lorus · September 14, 2009, 9:05pm

9/14/2009 9:14:50 PM Detect C:\Program Files\Synaptics\SynTP\InstNT.exe Heur.Suspicious@23660275 Success
9/14/2009 9:16:23 PM Ignore C:\Program Files\Synaptics\SynTP\InstNT.exe Heur.Suspicious@23660275 Success
9/14/2009 9:27:42 PM Detect C:\Program Files\Synaptics\SynTP\InstNT.exe Heur.Suspicious@23660275 Success
9/14/2009 9:27:50 PM Ignore C:\Program Files\Synaptics\SynTP\InstNT.exe Heur.Suspicious@23660275 Success
9/14/2009 10:53:05 PM Detect C:\WINDOWS\system32\DRVSTORE\synpd_66FDE1AD0992B0C75E52D40F7A7C2DA69D7957D5\InstNT.exe Heur.Suspicious@23660275

system · September 15, 2009, 1:38am

Hi Lorus,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
hailong.wang

system · September 16, 2009, 2:20am

Hi Lorus,

This FP has been fixed.Please check in virus signature database 2330.

Thanks and Regards,
hailong.wang