New FP with CIS 3.10 - sm56unst.exe

puddingpants · July 5, 2009, 5:05am

Hi all. Just upgraded from CIS 3.9.95478.509 to 3.10.102194.530, and found what is probably a false positive. Path on my machine:

C:\drv\Modem0\sm56unst.exe

File desc: “Motorola SM56 Uninstall Utility”
File size: 258,048 bytes
File mod date: Monday, June 06, 2005, 10:40:44 PM

Detected by CIS 3.10 AV as: “TrojWare.Win32.Inject.~AA@25568513”
Virus Signature Database Version: 1544

CIS 3.9’s AV never complained about this file, and it’s apparently been there quite awhile. I ran this file through virscan.org, and it came back clean from ALL the scanning engines, including Comodo AV 3.9 (the most recent version virscan.org has, apparently).

Given all this, I’m almost completely sure it’s an FP. Can someone at Comodo have a look? I’m going to “quarantine” the file in the meantime, since a modem uninstall program is unlikely to be something I, or Windows, will need in the immediate future.

Thanks guys!

puddingpants · July 5, 2009, 5:10am

More info: My copy of Windows Defender has never complained about this file, either.

Also, I’ve submitted the file to Comodo (using CIS’ Submit feature).

Hope that helps. Thanks.

system · July 5, 2009, 5:54am

puddingpants post:1:

Hi all. Just upgraded from CIS 3.9.95478.509 to 3.10.102194.530, and found what is probably a false positive. Path on my machine:

C:\drv\Modem0\sm56unst.exe

File desc: “Motorola SM56 Uninstall Utility”
File size: 258,048 bytes
File mod date: Monday, June 06, 2005, 10:40:44 PM

Detected by CIS 3.10 AV as: “TrojWare.Win32.Inject.~AA[at]25568513”
Virus Signature Database Version: 1544

CIS 3.9’s AV never complained about this file, and it’s apparently been there quite awhile. I ran this file through virscan.org, and it came back clean from ALL the scanning engines, including Comodo AV 3.9 (the most recent version virscan.org has, apparently).

Given all this, I’m almost completely sure it’s an FP. Can someone at Comodo have a look? I’m going to “quarantine” the file in the meantime, since a modem uninstall program is unlikely to be something I, or Windows, will need in the immediate future.

Thanks guys!

Hi puddingpants，

We are going to have a look at it and will get back to you after investigation.

Regards,
hailong.■■■■

system · July 5, 2009, 7:14am

Hi puddingpants，

This FP has been fixed.Please check in virus signature database 1545.

Regards,
hailong.■■■■

puddingpants · July 5, 2009, 5:36pm

Fix confirmed. Thanks!

Melih · July 5, 2009, 6:25pm

FP reported at 11:05:42 PM
Fix provided by 01:14:45 AM

around 2 hours and 9 minutes…

welldone guys! Keep improving the speed pls…

Melih