mIRC False Positive

BTJustice · October 12, 2008, 12:07am

CAVS3 RC1 keeps thinking mIRC is a virus…

TrojWare.HTML.Exploit.VML.E@787605

[attachment deleted by admin]

system · October 12, 2008, 12:30am

Does that happen when you launch the program?

Josh

BTJustice · October 12, 2008, 8:25am

Yes and also during installation.

Kyle142 · October 12, 2008, 8:44am

Hello. please send the file into comodo
https://forums.comodo.com/empty-t27062.0.html

For now, If you are sure it’s safe - Ignore the EXE or put the folder into exclusion list,

Hope this helps

BTJustice · October 12, 2008, 9:17am

Done.

When I try to overwrite the mirc.exe file, Windows keeps saying I don’t have the proper permissions to access it now. I am using Windows XP Pro and I am using an administrative account. Has COMODO locked the file down?

EDIT: Yup it was COMODO. After adding the directory to the exclusion list, I was able to delete it and put it back on. I really don’t like COMODO having more power over my files than I do with an administrative account.

Kyle142 · October 12, 2008, 2:52pm

Hehe, Comodo is very powerfull Which is generally a good thing!
Comodo thought it to be suspecious, locked it down. Did what it was meant to do.
How ever this was a false positive lol, Hopefully it will be fixed soon! Sorry about the trouble.

Kyle

BTJustice · October 12, 2008, 10:02pm

No problem. Thanks for the help.

system · October 14, 2008, 7:59am

Usually the word “suspicious” is heuristics in theory, Which is not in CIS yet. So you can expect more powerful tech to come…

Josh

Baskar · October 14, 2008, 8:34am

Hi BTJustice,

The detection is not FP. Mirc is detected only as a “potentially dangerous” application. I am unsure as to why it is detected by a different name, We will look into that.

Regards,
Baskar.

system · October 14, 2008, 8:35am

It’s good you guys detect this stuff too.

Josh

BTJustice · October 14, 2008, 9:50am

Baskar: To politely disagree, CAVS3 detects mirc.exe as a virus as seen in the screenshot in the OP. Since mirc.exe is a legitimate program and has been around for years, this is a FP unless mirc.exe is indeed infected with something which it is not.

The flip side of the coin is that all applications can be potentially dangerous.

system · October 14, 2008, 10:55am

His looking into it.

Josh

Baskar · October 14, 2008, 4:31pm

We will definitely look into the issue of the file getting detected under a different name. But why mirc is detected has reasons. We have had malware in the past installing mirc in the user’s pcs without their consent to connect to IRC via backdoors. There is no disagreement with the fact the MIRC itself is a legitimate application. But its potential malicious usage and such incidents in the past creates a situation where we have to inform the users about the presence of such applications.

You can always put the file on the exclusion list.

Regards.
Baskar.

darkmax · October 15, 2008, 2:51pm

Strange… I’ve just ionstalled mIRC onto my computer with CIS watching… nothing’s wrong. It did not ntoify me that it is a virus.

BTJustice · October 15, 2008, 3:49pm

I use the 6.21 version of mIRC.