met something strange

i dowonloaded a compressed file called from the internet,and cis detected it contains a virus.however,after i decompressed the compressed file to the folder 1KG_20101010_CD cis found no virus inside it.what’s wroung with it?it really seems strange.

in fact ,i have started this topic a few days ago,but the problem still hasn’t been solved.comodo still detects this compressed file as virus,but also detects it as clean if i decompressed this file.

We had an issue with un-archiving.

Can you please try latest CIS V5.4 and let us know if you still see same issue?


i have just tested it with cis 5.4 (the latest version),but still met the same problem.


Could you pls subbmiter that sample to us.
We will check it.


ok,i have just submitted it again.

by the way,i have also submitted this file to antivir as a suspicious filewhile i submitted this file to comodo as false is antivir’s reply:
Gentile signora, Egregio signore,

La ringraziamo per la sua mail inviata al laboratorio antivirus di Avira.
N. ordine: INC00724218.

Abbiamo ricevuto i seguenti dati di archivio:

ID File Nome file Dimensione (byte): Risultato
26111032 9.23 MB OK

Di seguito viene riportato un elenco dei file e dei risultati che erano contenuti nei file di archivio:
ID File Nome file Dimensione (byte): Risultato
26111033 HELP.CHM 1.22 MB CLEAN
26111034 readme.txt 501 Byte CLEAN
26111035 XMSDSK########.exe 25.5 KB DAMAGED FILE (UNKNOWN)
26111036 ####GHOST######.iso 8.51 MB CLEAN

I risultati esatti per ogni file si trovano nella seguente sezione:
Nome file Risultato HELP.CHM CLEAN

Il file ‘HELP.CHM’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
Nome file Risultato readme.txt CLEAN

Il file ‘readme.txt’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
Nome file Risultato XMSDSK########.exe DAMAGED FILE (UNKNOWN)

Il file ‘XMSDSK########.exe’ è stato classificato come ‘DAMAGED FILE (UNKNOWN)’. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Nome file Risultato ####GHOST######.iso CLEAN

Il file ‘####GHOST######.iso’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.

In alternativa i risultati dell’analisi possono essere consultati dal seguente link:

Zusätzlich finden Sie eine Übersicht aller Einsendungen hier:

In caso di altre segnalazioni future le consigliamo di utilizzare da subito il modulo di upload dei file. In questo modo il risultato, se già noto, viene mostrato in tempo reale anche nel modulo. Inoltre i messaggi relativi a file infetti che confermano il sospetto di un falso allarme possono essere trasmessi solo tramite questo modulo.

Nota: Per domande specifiche rivolgersi a

Cordiali saluti
Avira Virenlabor

Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germania
Telefono: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10

Amministratore: Tjark Auerbach
Sede dell’azienda: Tettnang
Registro delle imprese: Pretura di Ulm HRB 630992

should we trust antivir or comodo?both are famous brands.

another thing very interesting is i am using the latest virus definition with the latest version of cis,but can not detect this file if i decompressed it.however,i uploaded the decompressed file to,the comodo engine there do can detect this file as virus.

Did let Virus Total rescan the file? If you didn’t then you got an old report in which the virus would be reported.

well,i have choosed to generate a new report.

by the way,i use windowsxp 32bit.