Ikarus antivirus detected Boclean 4.24 Trojan-Spy.Win32.Agent.CA

system · July 31, 2007, 1:46pm

Hi,

on Virus Total site (http://www.virustotal.com/) check of Boclean 4.24, for Ikarus (http://www.ikarus.at) is:

BOC424.EXE
File size: 345328 bytes
MD5: 8be01cabfcd77aad4c5efb93b9cf697b
SHA1: e0388b206ea2567f11b5f6a1f85914700d7f9b80

Ikarus T3.1.1.8 2007.07.31 Trojan-Spy.Win32.Agent.CA

Maybe someone of Comodo staff wonts advise Ikarus about false positive …

Ragwing · July 31, 2007, 3:42pm

Hi yeiazel,

I just uploaded BOC424.exe myself, and I got the same result. I also uploaded cpf.exe, cmdagent.exe, cmg.exe and cmgs32.exe. And got this from cmdagent.exe:

cmdagent.exe

File size: 361040 bytes
MD5: 2edb74e72feeb39c8906e4c8c54d91a5
SHA1: 96a8c190d7c1f5131d8a2579f3f2b985b11a9674

Ikarus T3.1.1.8 2007.07.31 not-a-virus:AdWare.Win32.DigitalNames.l

I’m getting worried about this company, detecting both BOClean and CPF as virus and adware, when they’re both secuirty products. With ‘worried’, I mean that the people that uses Ikarus AV, will think CPF and BOCLEAN is virus, and that’s no good advertising for Comodo. Hopefully this will be fixed soon.

Ragwing

Novieiam · July 31, 2007, 6:56pm

I decided to run BOC423.exe, here are results;

Antivirus Version Last Update Result
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 7.4.0.54 2007.07.31 -
Authentium 4.93.8 2007.07.31 -
Avast 4.7.1029.0 2007.07.31 -
AVG 7.5.0.476 2007.07.31 -
BitDefender 7.2 2007.07.31 -
CAT-QuickHeal 9.00 2007.07.31 -
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5019 2007.07.31 -
Ewido 4.0 2007.07.31 -
FileAdvisor 1 2007.07.31 -
Fortinet 2.91.0.0 2007.07.31 -
F-Prot 4.3.2.48 2007.07.30 -
F-Secure 6.70.13030.0 2007.07.31 -
Ikarus T3.1.1.8 2007.07.31 Trojan-Spy.Win32.Agent.CA (:AGY)
Kaspersky 4.0.2.24 2007.07.31 -
McAfee 5087 2007.07.31 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2430 2007.07.31 -
Norman 5.80.02 2007.07.31 -
Panda 9.0.0.4 2007.07.31 -
Rising 19.34.12.00 2007.07.31 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.07.31 -
TheHacker 6.1.7.159 2007.07.31 -
VBA32 3.12.2.2 2007.07.30 -
VirusBuster 4.3.26:9 2007.07.31 -
Webwasher-Gateway 6.0.1 2007.07.31 -

hmmmmmm Spyware-Trojan;
A spyware Trojan is a seemingly legitimate computer program designed to disrupt and damage computer activity by sending information from a computer to a third party without the user’s permission or knowledge.

My trust is in comodo 100%…

MikeG · July 31, 2007, 8:27pm

Would it not be beyond the realms of possibility that some other AV companies would put an ‘accidental’ false positive in their definitions to deter people from using their competitors’ products.

Or am I being too cynical in my old age? (:WIN)

Mike.

Ragwing · July 31, 2007, 8:29pm

Well, that could be possible, but is very immature. Also, does this company, Ikarus, have any firewall (I don’t understand much from website)?
Else, shouldn’t they detect CAVS instead of CPF?

Ragwing

MikeG · July 31, 2007, 8:41pm

Well business is business, and I wouldn’t put such tricks past any company these days.
Of course they would have to remove them in a day or two when it was reported to them, but in the mean time how much damage could be done by the bad image it presented to those genuinely trying to find a free product?

Let’s hope I am wrong, but if Comodo products ever get the good publicity they deserve and become the top Firewall, AV/AS, etc., then there are going to be a lot of AV companies really peed off!

Mike.

Novieiam · July 31, 2007, 9:03pm

Slightly Off topic but, i decided to scan a-squared free and spywarwe dr, both came back with problems …we got one of two things;

either both of my spyware software is infected

2.maybe mikes post is nearer the truth??

Ill leave it for u all to decide.

Thanks to u all
Novie ;D

Ragwing · July 31, 2007, 9:21pm

To be honest, I think Mike’s right about this. If it identify BOClean, CPF, A-squared and Spyware Doctor, they possible really are detecting all other security softwares as malware… 4 security products sounds too much for me to be a false positive.

Ragwing

Novieiam · July 31, 2007, 9:38pm

Hi all

I promise i am not on purpose trying to hijack this post but here i hope will b my last post on this subject.I scanned spywaredr.exe on virustotal and virusscan here are my results;

1.virusscan… Panda Antivirus
Found nothing

2.virustotal…Panda 9.0.0.4 2007.07.31 Suspicious file

now i don’t know if both virus scanners use the same version, but they both report that virus signatures r up to date?
How is this, i am getting confused now?

Can anyone answere this?

yours Novie :■■■■

Ragwing · July 31, 2007, 9:47pm

Well, I know they’re not 100% accurate. But if one company detects secuirty softwares I get worried.
But it worries me more if Panda detects it on one site, but not on another.
I think you should contact virustotal.com and viruscan.jotti.org about this… Really strange…

Ragwing