i dowonloaded a compressed file called 1KG_20101010_CD.zip from the internet,and cis detected it contains a virus.however,after i decompressed the compressed file 1KG_20101010_CD.zip to the folder 1KG_20101010_CD cis found no virus inside it.what’s wroung with it?it really seems strange.
in fact ,i have started this topic a few days ago,but the problem still hasn’t been solved.comodo still detects this compressed file as virus,but also detects it as clean if i decompressed this file.
We had an issue with un-archiving.
Can you please try latest CIS V5.4 and let us know if you still see same issue?
Thanks
-umesh
i have just tested it with cis 5.4 (the latest version),but still met the same problem.
Hi,fgsfhsfgh
Could you pls subbmiter that sample to us.
We will check it.
Thanks
Chunli.chen
ok,i have just submitted it again.
by the way,i have also submitted this file to antivir as a suspicious filewhile i submitted this file to comodo as false positive.here is antivir’s reply:
Gentile signora, Egregio signore,
La ringraziamo per la sua mail inviata al laboratorio antivirus di Avira.
N. ordine: INC00724218.
Abbiamo ricevuto i seguenti dati di archivio:
ID File Nome file Dimensione (byte): Risultato
26111032 ghjginfected.zip 9.23 MB OK
Di seguito viene riportato un elenco dei file e dei risultati che erano contenuti nei file di archivio:
ID File Nome file Dimensione (byte): Risultato
26111033 HELP.CHM 1.22 MB CLEAN
26111034 readme.txt 501 Byte CLEAN
26111035 XMSDSK########.exe 25.5 KB DAMAGED FILE (UNKNOWN)
26111036 ####GHOST######.iso 8.51 MB CLEAN
I risultati esatti per ogni file si trovano nella seguente sezione:
Nome file Risultato HELP.CHM CLEAN
Il file ‘HELP.CHM’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
Nome file Risultato readme.txt CLEAN
Il file ‘readme.txt’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
Nome file Risultato XMSDSK########.exe DAMAGED FILE (UNKNOWN)
Il file ‘XMSDSK########.exe’ è stato classificato come ‘DAMAGED FILE (UNKNOWN)’. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Nome file Risultato ####GHOST######.iso CLEAN
Il file ‘####GHOST######.iso’ è stato classificato come ‘CLEAN’. Our analysts did not discover any malicious content.
In alternativa i risultati dell’analisi possono essere consultati dal seguente link:
http://analysis.avira.com/samples/details.php?uniqueid=K2D8vpBsvfWr9wKxAZTv8nFAzpsv30kz&incidentid=724218
Zusätzlich finden Sie eine Übersicht aller Einsendungen hier:
http://analysis.avira.com/samples/details.php?uniqueid=K2D8vpBsvfWr9wKxAZTv8nFAzpsv30kz
In caso di altre segnalazioni future le consigliamo di utilizzare da subito il modulo di upload dei file. In questo modo il risultato, se già noto, viene mostrato in tempo reale anche nel modulo. Inoltre i messaggi relativi a file infetti che confermano il sospetto di un falso allarme possono essere trasmessi solo tramite questo modulo. http://analysis.avira.com/samples/index.php?lang=de
Nota: Per domande specifiche rivolgersi a support@avira.com
Cordiali saluti
Avira Virenlabor
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germania
Telefono: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.de
Amministratore: Tjark Auerbach
Sede dell’azienda: Tettnang
Registro delle imprese: Pretura di Ulm HRB 630992
should we trust antivir or comodo?both are famous brands.
another thing very interesting is i am using the latest virus definition with the latest version of cis,but can not detect this file if i decompressed it.however,i uploaded the decompressed file to virustotal.com,the comodo engine there do can detect this file as virus.
Did let Virus Total rescan the file? If you didn’t then you got an old report in which the virus would be reported.
well,i have choosed to generate a new report.
by the way,i use windowsxp 32bit.