Ikarus antivirus detected Boclean 4.24 Trojan-Spy.Win32.Agent.CA


on Virus Total site (http://www.virustotal.com/) check of Boclean 4.24, for Ikarus (http://www.ikarus.at) is:

File size: 345328 bytes
MD5: 8be01cabfcd77aad4c5efb93b9cf697b
SHA1: e0388b206ea2567f11b5f6a1f85914700d7f9b80

Ikarus T3.1.1.8 2007.07.31 Trojan-Spy.Win32.Agent.CA

Maybe someone of Comodo staff wonts advise Ikarus about false positive …

Hi yeiazel,

I just uploaded BOC424.exe myself, and I got the same result. I also uploaded cpf.exe, cmdagent.exe, cmg.exe and cmgs32.exe. And got this from cmdagent.exe:


File size: 361040 bytes
MD5: 2edb74e72feeb39c8906e4c8c54d91a5
SHA1: 96a8c190d7c1f5131d8a2579f3f2b985b11a9674

Ikarus T3.1.1.8 2007.07.31 not-a-virus:AdWare.Win32.DigitalNames.l

I’m getting worried about this company, detecting both BOClean and CPF as virus and adware, when they’re both secuirty products. With ‘worried’, I mean that the people that uses Ikarus AV, will think CPF and BOCLEAN is virus, and that’s no good advertising for Comodo. Hopefully this will be fixed soon.


I decided to run BOC423.exe, here are results;

Antivirus Version Last Update Result
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 2007.07.31 -
Authentium 4.93.8 2007.07.31 -
Avast 4.7.1029.0 2007.07.31 -
AVG 2007.07.31 -
BitDefender 7.2 2007.07.31 -
CAT-QuickHeal 9.00 2007.07.31 -
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 -
eSafe 2007.07.31 -
eTrust-Vet 31.1.5019 2007.07.31 -
Ewido 4.0 2007.07.31 -
FileAdvisor 1 2007.07.31 -
Fortinet 2007.07.31 -
F-Prot 2007.07.30 -
F-Secure 6.70.13030.0 2007.07.31 -
Ikarus T3.1.1.8 2007.07.31 Trojan-Spy.Win32.Agent.CA (:AGY)
Kaspersky 2007.07.31 -
McAfee 5087 2007.07.31 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2430 2007.07.31 -
Norman 5.80.02 2007.07.31 -
Panda 2007.07.31 -
Rising 2007.07.31 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.07.31 -
TheHacker 2007.07.31 -
VBA32 2007.07.30 -
VirusBuster 4.3.26:9 2007.07.31 -
Webwasher-Gateway 6.0.1 2007.07.31 -

hmmmmmm Spyware-Trojan;
A spyware Trojan is a seemingly legitimate computer program designed to disrupt and damage computer activity by sending information from a computer to a third party without the user’s permission or knowledge.

My trust is in comodo 100%…

Would it not be beyond the realms of possibility that some other AV companies would put an ‘accidental’ false positive in their definitions to deter people from using their competitors’ products.

Or am I being too cynical in my old age? (:WIN)


Well, that could be possible, but is very immature. Also, does this company, Ikarus, have any firewall (I don’t understand much from website)?
Else, shouldn’t they detect CAVS instead of CPF?


Well business is business, and I wouldn’t put such tricks past any company these days.
Of course they would have to remove them in a day or two when it was reported to them, but in the mean time how much damage could be done by the bad image it presented to those genuinely trying to find a free product?

Let’s hope I am wrong, but if Comodo products ever get the good publicity they deserve and become the top Firewall, AV/AS, etc., then there are going to be a lot of AV companies really peed off!


Slightly Off topic but, i decided to scan a-squared free and spywarwe dr, both came back with problems …we got one of two things;

  1. either both of my spyware software is infected

2.maybe mikes post is nearer the truth??

Ill leave it for u all to decide.

Thanks to u all
Novie ;D

To be honest, I think Mike’s right about this. If it identify BOClean, CPF, A-squared and Spyware Doctor, they possible really are detecting all other security softwares as malware… 4 security products sounds too much for me to be a false positive.


Hi all

I promise i am not on purpose trying to hijack this post but here i hope will b my last post on this subject.I scanned spywaredr.exe on virustotal and virusscan here are my results;

1.virusscan… Panda Antivirus
Found nothing

2.virustotal…Panda 2007.07.31 Suspicious file

now i don’t know if both virus scanners use the same version, but they both report that virus signatures r up to date?
How is this, i am getting confused now?

Can anyone answere this?

yours Novie :■■■■

Well, I know they’re not 100% accurate. But if one company detects secuirty softwares I get worried.
But it worries me more if Panda detects it on one site, but not on another.
I think you should contact virustotal.com and viruscan.jotti.org about this… Really strange…