PC De-Crapifier Worm

hello i just downloaded PC De-Crapifier 1.91 from majorgeeks

and when i try to open in 4.26 BOClean pops up and says it has stopped it from running and asks me to delete it


i was just wondering if this is a false positve, because i use to run the older versions and never got this before


As far as I know it’s a false positive. I don’t know a great deal about De-Crapifier but I suggest running a full malware scan to check your system for any installed malware. BoClean is definately not Malware.


i love comodo and was just curious. CFP, CAVS, CBOCLEAN and CMG. Comodo is all i use besides Spywareblaster, Spywareguard and Spybot

Could you upload that file to Virus Total www.virustotal.com and let us know what it comes back with?

The worm is also detected in JKDefragGUI.exe and here is the report from VirusTotal.com

File JkDefragGUI.exe received on 05.01.2008 13:18:11 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 3/31 (9.68%)
Loading server information…
Your file is queued in position: 1.
Estimated start time is between 36 and 52 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.

Antivirus Version Last Update Result
AhnLab-V3 2008.5.1.0 2008.05.01 -
AntiVir 2008.04.30 -
Authentium 4.93.8 2008.04.30 -
Avast 4.8.1169.0 2008.04.30 -
AVG 2008.04.30 -
BitDefender 7.2 2008.05.01 -
CAT-QuickHeal 9.50 2008.04.30 -
ClamAV 0.92.1 2008.05.01 -
DrWeb 2008.04.30 -
eSafe 2008.04.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5750 2008.05.01 -
Ewido 4.0 2008.05.01 -
F-Prot 2008.05.01 -
F-Secure 6.70.13260.0 2008.05.01 -
Fortinet 2008.05.01 -
Ikarus T3.1.1.26 2008.05.01 -
Kaspersky 2008.05.01 -
McAfee 5285 2008.04.30 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3068 2008.05.01 archive damaged
Norman 5.80.02 2008.04.30 -
Panda 2008.04.30 -
Prevx1 V2 2008.05.01 -
Rising 2008.04.30 -
Sophos 4.29.0 2008.05.01 -
Sunbelt 3.0.1097.0 2008.05.01 -
Symantec 10 2008.05.01 -
TheHacker 2008.04.30 -
VBA32 2008.05.01 -
VirusBuster 4.3.26:9 2008.04.30 -
Webwasher-Gateway 6.6.2 2008.04.30 BlockReason.0
Additional information
File size: 3726575 bytes
MD5…: c17d637e1290bc8941271deba37f5edb
SHA1…: 8bdd8fb5dd795c33f81d1a34f26731df66a33b5f
SHA256: 13bf55771d30f8e57a597334c05d927f96692fda1e375fa1f9252df39da4cfff
SHA512: c790009573dc1109c21932f6159696734dcc0311b886d504ed256fb86d070b48
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4e4b80
timedatestamp…: 0x47493eaa (Sun Nov 25 09:21:46 2007)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xad000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xae000 0x37000 0x36e00 7.92 75e4d955f458ee57a02f170de0782978
.rsrc 0xe5000 0x51000 0x50600 6.75 5f0642a7aef1f1285c74f5701376cfed

( 13 imports )

KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.dll: RegCloseKey
COMCTL32.dll: ImageList_Remove
comdlg32.dll: GetSaveFileNameW
GDI32.dll: LineTo
MPR.dll: WNetUseConnectionW
ole32.dll: CoInitialize
OLEAUT32.dll: -
SHELL32.dll: DragFinish
USER32.dll: GetDC
VERSION.dll: VerQueryValueW
WINMM.dll: timeGetTime
WSOCK32.dll: -

( 0 exports )
packers: UPX
packers: PE_Patch.UPX, UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX

It seems like it might be a false positive, only a few of the others are recognizing it as anything. Perhaps it has malware like tendencies?

If you can zip the file and submit it to malwaresubmit [at] comodo.com with the subject

“Possible False Positive” or something similar to that with a link to this thread so that he/she may look back at it that should get the ball rolling on figuring this out for good.


The latest update has solved it now.