Patch WH 40k and L4D2 FP?

Hello everyone,
i am pretty new and a bit stressed out, because these issues costed me much time and even more nerfes.
I had the FP from yesterday (TrojWare.JS.Download.Agent etc.). Because of this i updated all my stuff on all my PCs/laptops and incresed the Rate/Heuristic or whatever could be done, to be pretty safe.
I runned all the applications i got to be sure, that none of my Desktop nor Laptop is infected, but today i got 3 Messages from my Laptop (which is the more important one, because of my work stuff there).
Now, here are the Events i got:

Heur.Corrupt.PE[at]-1 D:\Spiele\Half Life 2\SteamApps\common\left 4 dead 2\left4dead2\bin\server.dll

Heur.Corrupt.PE[at]-1 D:\Spiele\Warhammer 40k DoW\Patch\SS_DE_1.00_1.20_Patch.exe

In Adition to that i received a Warning from AntiVir telling me this Event:

D:\Tools\Comodo Premium\COMODO\COMODO Internet Security\Quarantine\Temp{AA21CCCB-E2F4-4B15-8544-8BC304F7A453}

TR/Dropper.Gen

The Folder if this location is “empty” 0 Bytes. I didnt open it, because i was afraid of that warning.
I really need your help to sleep well again, and get rid of these. I hope its a FP but i really dont know much about it.
Thanks and i hope for a fast and good solution ;).
Godspeed,
Lokibri.

EDIT: I also got another Virus Warning from Comodo to some games with: Heur.Packed.Unknown[at]-1.
It also Pops up to my AntiVir i use with this message:
C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20110707-110452-4C3D6C06\AVSCAN-00000005.dll

Can it be that i should make the settings so high because Comodo Antivirus and AVira interfere with each other and give me warnings, that the other system is infected? And yes, i had a Search during this event.

Hi Lokibri ,

Please submit the above mentioned files at Comodo Antivirus Database | Submit Files for Malware Analysis, So we can check them.

Regards,
Ponmalar.S

Hi Ponmalar,
i just submitted these files to you know and they should be there in time.

What about the Virus Alert AntiVir gave me for this Comodo Quarantine Folder? Any suggestions or Ideas why this happens? Or why Comodo alerts AntiVir as a Malware/Virus?

Would be nice to know.
Thanks and cya soon ;).

I just got this message from my submit:

Hello,

This is to inform you that the files you have submitted to us are not False Positives. The file are indeed corrupt. If you plan to further use this applications, you can add them to your “Exclusions” list.

Best regards,
Florin Gogoseanu
Comodo Antivirus Lab

So what exactly does that mean?
Does it mean my documents are in danger? Can i use the Games? How can Core Data be corrupted of games i installed in original?

What do i have to do now?

And most important whats up with this AntiVir message that the Comodo Quarantine is Malware even if it is empty?

I really need help right now.

you encountered the main reason for NOT running two antivirus at the same time!

i would suggest to keep avira as antivirus, and to uninstall the antivirus part from comodo. you are NOT double safe while using two antivirus, you are more likely double in danger to get trouble.

disabling a guard is not enough. the driver still remain. uninstall the second antivirus. for future second opinions choose an antivirus without a permanent guard.

after uninstalling the second antivirus, make a search with the one left.

avira makes an “antivirus-on-its-own product”, while comodo sees their own antivirus just as a part of a whole product. thats why i would choose avira as antivirus part of protection, which is enlarged by the security features of the comodo package apart from the antivirus.

for corrupt files in steam games: right click on the game in the list, press “properties”, “local files”, “verify game cache”. this will let steam check if some files need to be replaced. they will get downloaded after the check.

Hello clockwork,
so what i have done so far:

  1. I deleted the 2 corrupted files (i dont need them either on my working laptop)
  2. I uninstalled the whole comodo package and installed it fresh and new with only the firewall. I updated it instantly after the 2 restarts for completting the uninstall and install progress.
  3. Running a complete search with AVira at the moment which takes some time as you can imagine.
  4. Will report the results as soon as they are here.

I did the same things at my desktop without Internetconnection to be safe during the uninstall of the firewall.

Yes your were right, with the double trouble thing. I just panic yesterday when there was the False Positive nearly EVERYWHERE of that JS.Trojan… so i kind of overreacted ;).

Thank you very much for your help, i feel a bit better now and hope the results are negative.

Last question: Is there anything else i should/could do or just wait until the scan is complete and be free of fear again?

Thanks a lot to all of you in this forum. And especially thanks to clockwork for the hint with this Steam files.

Hello Lokibri,

The corruption can occur if a application crashes, if Windows crashes, if the file is infected with a virus, if the actual sectors on the disk become unreadable, if you had power outages, if a download fails to complete, etc. It does not always mean you have to remove that file, and since Steam can replace/repair that file you should not worry.

Best regards,
FlorinG

Hello FlorinG,
i really apreciate you for answering my questions. I did all clockwork said and there is only one question left i am a bit worried about:
What`s up with the AVira report i got?
Can this occur because of the “double trouble” with 2 Antivirus Programs?
Because after i ran another search of AVira on D (where it was found) nothing was reported (unless the folder is empty anyway).
Do i have to worry about that or is it fine? Because this kind of Trojan is a hard one of what i read in the internet.

Thanks to you and your team from Comodo. Would be nice to let me know about my last concerns, otherwise i wish u a great day and u get a big THANKS. :wink:

No Virus found, only 2 hidden Objects which come from SecuRom… i dont like that… must delete it.
A big thanks to you and your team !
If anyone knows about the removal of SecuROM hidden Object i would apreciate, but that doesnt fit here ;).

my guess about the detection of the quarantine folder is this: one antivirus find a suspicious folder which seperates something from the operation system. this folder is the quarantine of the other antivirus. it can not decide if its a friend or an enemy.
when nothing is found by the same antivirus in a later run with only one antivirus installed, it would speak for this guess.

one last thing. i use the highest settings in avira, enabled expert mode to see all settings. so far, never false positives. in general, when a file is marked as “virus”, but it is strange that this could be a virus, upload it to pages which compare results of many antivirus programs about this file. or use an “on demand scanner” antivirus as second opinion, which has no guard (for example good products as free version, there are some. in this case, the limitation is a benefit :smiley: ).