hello i just downloaded PC De-Crapifier 1.91 from majorgeeks
and when i try to open in 4.26 BOClean pops up and says it has stopped it from running and asks me to delete it
it says IWIRM-SOHANAD.SAB
i was just wondering if this is a false positve, because i use to run the older versions and never got this before
As far as I know it’s a false positive. I don’t know a great deal about De-Crapifier but I suggest running a full malware scan to check your system for any installed malware. BoClean is definately not Malware.
i love comodo and was just curious. CFP, CAVS, CBOCLEAN and CMG. Comodo is all i use besides Spywareblaster, Spywareguard and Spybot
Could you upload that file to Virus Total www.virustotal.com and let us know what it comes back with?
The worm is also detected in JKDefragGUI.exe and here is the report from VirusTotal.com
File JkDefragGUI.exe received on 05.01.2008 13:18:11 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 3/31 (9.68%)
Loading server information…
Your file is queued in position: 1.
Estimated start time is between 36 and 52 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Antivirus Version Last Update Result
AhnLab-V3 2008.5.1.0 2008.05.01 -
AntiVir 188.8.131.52 2008.04.30 -
Authentium 4.93.8 2008.04.30 -
Avast 4.8.1169.0 2008.04.30 -
AVG 184.108.40.2066 2008.04.30 -
BitDefender 7.2 2008.05.01 -
CAT-QuickHeal 9.50 2008.04.30 -
ClamAV 0.92.1 2008.05.01 -
DrWeb 4.44.0.09170 2008.04.30 -
eSafe 220.127.116.11 2008.04.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5750 2008.05.01 -
Ewido 4.0 2008.05.01 -
F-Prot 18.104.22.168 2008.05.01 -
F-Secure 6.70.13260.0 2008.05.01 -
Fortinet 22.214.171.124 2008.05.01 -
Ikarus T126.96.36.199 2008.05.01 -
Kaspersky 188.8.131.52 2008.05.01 -
McAfee 5285 2008.04.30 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3068 2008.05.01 archive damaged
Norman 5.80.02 2008.04.30 -
Panda 184.108.40.206 2008.04.30 -
Prevx1 V2 2008.05.01 -
Rising 20.42.22.00 2008.04.30 -
Sophos 4.29.0 2008.05.01 -
Sunbelt 3.0.1097.0 2008.05.01 -
Symantec 10 2008.05.01 -
TheHacker 220.127.116.118 2008.04.30 -
VBA32 18.104.22.168 2008.05.01 -
VirusBuster 4.3.26:9 2008.04.30 -
Webwasher-Gateway 6.6.2 2008.04.30 BlockReason.0
File size: 3726575 bytes
PEInfo: PE Structure information
( base data )
timedatestamp…: 0x47493eaa (Sun Nov 25 09:21:46 2007)
machinetype…: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xad000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xae000 0x37000 0x36e00 7.92 75e4d955f458ee57a02f170de0782978
.rsrc 0xe5000 0x51000 0x50600 6.75 5f0642a7aef1f1285c74f5701376cfed
( 13 imports )
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
( 0 exports )
packers: PE_Patch.UPX, UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
It seems like it might be a false positive, only a few of the others are recognizing it as anything. Perhaps it has malware like tendencies?
If you can zip the file and submit it to malwaresubmit [at] comodo.com with the subject
“Possible False Positive” or something similar to that with a link to this thread so that he/she may look back at it that should get the ball rolling on figuring this out for good.
The latest update has solved it now.