Heur.Suspicious[at]101832676 in C:\System Volume-\Fifoed\A0053221.exe

LJ-Cis · June 9, 2010, 10:11pm

I found the virus Heur.Suspicious[at]101832676 in the location C:\System Volume Information_restore{B89D71E8-6BD3-4F6D-9681-220524ED3235}\Fifoed\A0053221.exe
Is this an false positive virus? While checking the Antivirus logs for another topic I found this virus from 9 april 2010 until now in the Antivirus logs.
I am using at this moment COMODO Internet Security Productversion 3.14.130099.587 and Versie Virusdatabase 5044.

Thanks,
LJ-Cis

Guoqiang · June 9, 2010, 11:16pm

Hi LJ-Cis,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
Guoqiang.

haja · June 10, 2010, 10:00am

Hi LJ-Cis,

Reported FP has been fixed in DB 5049 of CIS 4.1.149672.916. Please update and confirm it.

Regards,
Haja

Victor_Popescu · July 19, 2013, 4:50pm

Hi… I just got this on a full scan… connected my old pc a few days ago, did some windows updates for it… one of the updates was the monthly MRT tool… today I’ve turned on the pc again and was notified by windows that there is a new update, but the update was the same MRT tool which I’ve already updated the other day. I’ve restore my pc to an earlier date, installed the updates again… but surprise, the update for the MRT tool notice again… so I’ve did a full scan and found this Fifoed in system volume info on my D partition (my os is installed on C)… was an A0016044.exe BUT…

… the difference is that my CIS v5.12.256249.2599 (vdb 16613) does not say heur. suspicious… it says Malware[at]#relps5bbotno.

I’ve quarantined it, tried to submit it to Comodo but it sais it was already submited (normal I guess)… then deleted it, restarted my system and did a full scan again which found it in C /system volume info/ RP100/ A “some numbers” dot exe this time but didn’t said Fifoed… again it was already submited, deleted it, restarted my system but is there again… something is generating it.

So what’s up ?!.. is this malware ?!.. is my system infected ?!.. Kinda suspicious to me that in 2010 CIS v3 (vdb 5044) said heur.suspicious and now my CIS v5 sais it’s malware and in the Risk category sais it’s High…
What I’ve noticed is that the update prompt is gone… don’t know if it has to do with me quarantine that file…

e_xistense · July 19, 2013, 5:07pm

Hi Victor,

We’ll check it and remove detection if necessary.

Regards,
Ionel

srinivasang · July 20, 2013, 12:11pm

Hi Victor Popescu,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <16620> of Comodo Internet Security Version <6.2.282872.2847> and confirm it.

Regards,
Srinivasan.G

Victor_Popescu · July 21, 2013, 11:50am

Confirmed.