Possible false positive called FraudPack.p

Grimmers · April 3, 2011, 3:41pm

Hi. Yesterday I got 2 hits during my scheduled AV scan. I sent the files for analyzing by submitting them to comodo. I used the newest engine and with the latest database at that time. The files was in a archived file too big to submit, so I had to extract them using winrar and them send them in.
Today I got a email back saying nothing found and telling me to scan again and if something found use this forum. So I did

I got 1 hit using comodo internet security premium, build 5.3.181415.1237 and database 8207.
See attached jpg for results

The result was a TrojWare.Win32.FraudPack.P@179389676 found in the file “system_deployment_dll_amd64” which is a part of the archived file “Root:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\netfx_core.mzz”

Yesterday the result was 2 files in the same archived file and the second file was “system.data.datasetextensions.dll_amd64”

Please help me sort this out

[attachment deleted by admin]

meidan · April 3, 2011, 3:46pm

Grimmers post:1:

Hi. Yesterday I got 2 hits during my scheduled AV scan. I sent the files for analyzing by submitting them to comodo. I used the newest engine and with the latest database at that time. The files was in a archived file too big to submit, so I had to extract them using winrar and them send them in.
Today I got a email back saying nothing found and telling me to scan again and if something found use this forum. So I did

I got 1 hit using comodo internet security premium, build 5.3.181415.1237 and database 8207.
See attached jpg for results

The result was a TrojWare.Win32.FraudPack.P[at]179389676 found in the file “system_deployment_dll_amd64” which is a part of the archived file “Root:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\netfx_core.mzz”

Yesterday the result was 2 files in the same archived file and the second file was “system.data.datasetextensions.dll_amd64”

Please help me sort this out

Hello Grimmers,

Thank you for reporting. We’ll check it and get back to you soon.

Kind Regards,
Erik M.

meidan · April 3, 2011, 7:22pm

Grimmers post:1:

Hi. Yesterday I got 2 hits during my scheduled AV scan. I sent the files for analyzing by submitting them to comodo. I used the newest engine and with the latest database at that time. The files was in a archived file too big to submit, so I had to extract them using winrar and them send them in.
Today I got a email back saying nothing found and telling me to scan again and if something found use this forum. So I did

I got 1 hit using comodo internet security premium, build 5.3.181415.1237 and database 8207.
See attached jpg for results

The result was a TrojWare.Win32.FraudPack.P[at]179389676 found in the file “system_deployment_dll_amd64” which is a part of the archived file “Root:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\netfx_core.mzz”

Yesterday the result was 2 files in the same archived file and the second file was “system.data.datasetextensions.dll_amd64”

Please help me sort this out

Hi,

This is to inform you that reported false-positive has been fixed.
You can update to AV database Version <8209> of Comodo Internet Security
Version<5.3.181415.1237> and confirm it.

Thanks.

Kind Regards,
Erik M.
Comodo AntiVirus Lab

Grimmers · April 3, 2011, 8:28pm

Well… Let’s just hope it really was a false positive What should I do to be sure of this?

Citizen_K · April 3, 2011, 8:35pm

Trust the Comodo people.

If you want a second opinion you can follow How To Tell If A File Is Malicious for a more hands on analysis of the file at hand.

ipstone · June 17, 2013, 7:10pm

Hello, I have a similar issue from a dll downloaded online:

(you can click the raw file to download the binary)

Comodo 2013 (as well as 2012) all report this as: TrojWare.Win32.FraudPack.P@179389676

the question is, is this a false positive too? thanks

qiuhui · June 17, 2013, 10:03pm

Hi ipstone,

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Qiuhui.■■■■

Priyadharsini · June 18, 2013, 6:29am

Hi ipstone,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <16451> of Comodo Internet Security Version<6.1.276867.2813> and confirm it.

Regards,
Priyadharsini.G