MFC45.dll Continuous Detect

Hi,

For the last few years I keep getting MFC45.dll detected as a risk on the weekly scan. I have submitted this as a false alert a number of times throughout this period (including last week, and some in the weeks before). I also see on this forum that this file at some point has been listed as a false positive and “fixed in the latest Comodo update” (some time ago).

What is happening on this? Does the file change between weeks that if does not fit the FD criteria from one week to the next?

Is there another manual route to submit other than the “Submit as a False Positive” on the risk report?

Thanks

Buzzpipaluk

Hi buzzpipaluk,

You can also submit the detected file as false-positive by using Comodo Antivirus Database | Submit Files for Malware Analysis.

Thanks and Regards,
Haja

I too have observed these things with Comodo AV. The same FP’s after few days return back. And the reply here is as usual submit the detected file. How many times the same file should we submit???

Thanxx
Naren

Hi,

File submitted.

Naren, Lets see what the result of the submission is, and see if we do get rid of it permanently?

Tks

Hi buzzpipaluk,
This FP has been fixed.Please check in virus signature database 8801
Thanks and Regards,
Lin mengze

not fixed - virus database 8803

Hi papa33600,

Please submit the detected file as false-positive at Comodo Antivirus Database | Submit Files for Malware Analysis and We will check this.

Regards,
Haja

The file I submitted on May 22 was checked in 8822 and found to be a risk, so howcome do you say it was fixed in 8803. I presume the numbers go up and not down or in some other format?

Explain Please?

Rgs

Buzzpipaluk

Hi buzzpipaluk,

Is the file part of an application which is being constantly updated? Can you please provide full path to respective file and also it’s SHA1 hash?

Thanks,
Ionel

Ionel,

Path is C:\WINDOWS\system32\mfc45.dll

I am not sure what application this relates to, I assume part of the windows install from what I can make out searching online. I assume as you say it must continuously change from what I can see on other AV App forums who also have repeating false reports on this file.

I am not sure how to find or generate the SHA1 hash.

Rgs

Buzzpipaluk

Hi,buzzpipaluk

We got your mail.
Thank you for reporting this.
We’ll check it and get back to you soon by maiil.

Best regards
Chunli.chen

To generate a Hash code you can use Hashtab.

Hi,

Requested SHA1 Hashcode is 752426F7246DC5AB4913B0C7C082C6AAE64E7C70

Rgs

Buzzpipaluk

Hi,buzzpipaluk

752426f7246dc5ab4913b0c7c082c6aae64e7c70
We can not found that sample in our server.
Did you upload it to here?
Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year.

Regards
Chunli.chen

Ok, sounds like it has changed again between when I uploaded it on 22 May and today. I will upload again and also give the hash at the same time.

FYI, File uploaded.

Also results from VirusTotal on same file show:
File name: mfc45.dll
SHA1 : b618880c68d53b7e0e96cf1ec3ad99fac014a413
Submission date: 2011-05-26 21:56:24 (UTC)
Result: 7/ 42 (16.7%)
Commtouch 5.3.2.6 2011.05.26 W32/LdPinch.N.gen!Eldorado
Comodo 8849 2011.05.26 Heur.Corrupt.PE
F-Prot 4.6.2.117 2011.05.26 W32/LdPinch.N.gen!Eldorado
McAfee 5.400.0.1158 2011.05.26 Corrupt-AG!9B1D36F1CBF4
Rising 23.59.02.05 2011.05.25 Suspicious
Sophos 4.65.0 2011.05.26 Mal/Basine-C
TheHacker 6.7.0.1.209 2011.05.26 W32/Behav-Heuristic-CorruptFile-EP

Hi,buzzpipaluk

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Chunli.chen

Hi buzzpipaluk,

Reported FP has been fixed.You can confirm this with DB 8857.

Regards,
Vaishnavi.V.K

Hello,

This False Positive has been fixed. You can check with Virus Signature Database version 8860 and confirm it.

Best regards,
FlorinG

Hi,

Unfortunately in DB Ver: 8871 it is reported again as Heur.Corrupt.PE@-1 run today. Looks like the file is continuously changing. How do you deal with this?

Rgs

Buzzpipaluk