We’re getting a false positive report by Comodo for a component of our software Topicscape Pro.
VirusTotal.com shows this:
Comodo 6655 2010.11.09 Heur.Packed.Unknown
The component in question is called “jittmp0.dll”.
This is actually a file that is generated by the JIT compiler when a library is first invoked and compiled from Java bytecode to object form. If I delete the jittemp directory, it is regenerated and the same warning appears.
I see from searches on line that jittmp0.dll has been used to deliver malware, though the sizes of the infected versions are different to ours. Is it just the name that triggers the warning?
You can download Topicscape Pro from here (no need to enter email address)
You need to install it and run it, or the jittmp0.dll will not be generated. Even then, it may be numbered jittmp1.dll or something else, because how the jit dlls are generated depends what action is taken first after running.
It would be quicker for you to contact me and I can send a zipped, encrypted copy of the component causing the problem.
I tried to follow the “3rd way - over e-mail” for sending the sample, addressed to
falsepositive[at]avlab.comodo.com but received a bounce message:
Sorry, no mailbox here by that name. (#5.1.1)
so it looks as if the forwarding for falsepositive[at]avlab.comodo.com needs to be updated.
Will you investigate please and adjust your signatures? Thank you. Please let us know if you need any more information.
Thank you and regards,
G&A Management Consultants Limited
Developing for 3D-Scape Limited: http://www.topicscape.com