Norton key scan as hidden file

Hi guys,

today i’m scanning my pc with CCE when for the first time it indicates me this key


like an hidden key with high risk.

I have to say that:

  1. Pc is formatted from two days and scans of Norton, MalwareBytes e TDSS killer are clean
  2. Also the previous scans of CCE were clean…
  3. if i erase the key norton update doesn’t work

I think it’s a false positive but i’m not sure…

What do you think?

Thank you in advance


More info

  • the heuristic scan is set on high (on medimu the scan doesn’t find this key as dangerous)
  • there are another sure false positive (i have scan the file on virustotal and only comodo indicates a threat) on foxitupdater

If erasing the key makes Norton Update not work then that proves to me it belongs to Norton and is legit. It is a false positive.

If only Comodo shows foxitupdater as malicious you can safely assume it is a false positive. If you can positively identify foxitupdater as belonging to Foxit Reader you can safely assume it is a false positive. In case the file is digitally signed by the publisher of Foxit you can check its signature. If the signature is OK then it is untouched.

i’m sure that they are false positive…i have reported them to comodo…

I have done a try…i have done some recoveries of the whole system (with an image i have done with acronis true image of the clean system) and:

  • sometimes when comodo scans the system find this key as dangerous
  • sometimes comodo doesn’t find the key dangerous (2 times)

strange thing

However they are false positive surely

If you have something of Norton running in the background that could explain the discrepancies. If a rootkit scanner scans by comparing a raw look up and regular look up using the Windows API it may see a discrepancy when that key was accessed, created or deleted in between the two look ups.