Heur.suspicius@25280606 and others

I keep getting hits for Heur.suspicious@randomNumbers.

Here’s the hits I got from my log. All hits were marked as “removed successfully” when I hit remove, but I’m beginning to think these are false positives becuase they keep coming back and are often on programs I know are clean. For example, the Echoes.exe game I downloaded from this site, which was clean before now: http://www.binaryzoo.com/games/echoes/index.htm. I get the hit for both the rar and the zip version of the game, but I know for a fact it was clean before.

C:\Downloaded Games\echoes\echoes.exe - Heur.Suspicious@25280606

The other hits are always something like this:

C:\System Volume Information_restore{2EEE5DC6-AA6B-422B-BAA6-2935BB8D807D}\RP86\A0015615.exe - Heur.Suspicious@25280606

No matter how many hits I remove from System Volume Information_restore{whatevers}, I get another hit about an hour or so later.

Please tell me if these are false positives or if they are something I can remove. It’s becoming really irritating to keep having to respond to these hits, and is preventing me from using the computer for the games I like to play because the antivirus keeps stealing focus from the games.

Thanks in advance,


Just add the file to your ‘own safe’ file when the next alert prompts or do a scan and choose ‘ignore’.

Submit the file via 'submit a suspicious file after renaming it like echoes_just a game_not_a_virus.exe … in fact this one is already submitted :wink:

Here is the permanent VT link to File echoes.exe received on 2009.09.14 17:01:47 (UTC)

Ok, thanks! That helps the Echos problem. :slight_smile:

I don’t know what to do about the System Restore problem though. It will be a new hit(because of a new system restore point dump) each time the computer updates or windows does an automatic system restore. Because it’s always a “new” file, I can’t tell comodo to ignore it like with Echos.exe.

I know there is probably a way to tell comodo to skip out on that directory, but since it is the System Restore directory, it’s probably better if I don’t go that route. It would be nice if comodo somehow could check for these false positives and ignore them on it’s own, for both my sake and the poor people who are going to have to waste time with all the false positives this windows system restore is making. :stuck_out_tongue:

Yeah, I’ll just quarentine them and submit them all then. Hopefully someone at comodo can figure out how to get it to stop all these false positives on the system restore directories. :slight_smile:

Here is a link with usefull tricks concerning Windows System Restore

Or read How to gain access to the System Volume Information folder from the Microsoft Knowledge base.