Possible FP for GIMP 2.8.2?

After searching through other postings on the forum, I found another user had experienced a very similar problem to the one I am currently having after installing GIMP on their system.

I installed GIMP, the very widely used open source image manipulation program, and after running a full system scan CIS returned 5 results under the threat name Heur.Corrupt.PE@4294967295. All results were associated with the folder c:\Program Files\GIMP 2\32\lib\gimp\2.0\python. All files associated with the folder ended with *.pyd.debug. I have not quarantined any of the files at this time.

Due to the success and great reputation that GIMP has maintained over the years, I find it hard to believe that downloading the program directly from gimp.org has infected my machine. Is there any possibility that the results of my full system scan are a false positive?

~GIMP 2.8.2
~Installed on Windows 7 Pro 64-bit

Thanks in advance for any help or advice! I truly appreciate it! : )

When you encounter a False Positive (=FP) or a suspicious file please follow 1 of these 3 ways so it can be resolved as quickly as possible.

Kind Regards.
Erik M.

Heur.Corrupt.PE@4294967295 is a very dangerous virus that will destroy your computer.It is affecting alot of computers in Europe.I contacted it.Comodo will recognise it and block it.But it tries to reconnect every day.There should be a way to block it completely.because eventually it will sneak onto your system the first chance it gets.Especially if there’s a program like Adobe that requires you to temporarily disable Comodo.It takes a 1000th of a second to take over your computer.I got this virus while an Avid tech took over my computer to install Avid Media Composer,and in a split second $2,500.00 of equipment was destroyed.

[at] actorstuntman

Please do not ever post anything when & if you have no idea about the topic/issue
Read again the reply by meidan - Comodo staff
That is most likely (99.(999)%) an FP
… millions of people around the World (including me) are using GIMP

… in addition you must know that the malware name basically do not provide any info whatsoever about the particular infection , especially the generic one like “Heur.Corrupt.PE[at]4294967295”


Who do you think you’re talking too.So I’m not a geek.Big deal.Get a life.I act and do stunts in movies and television.If you geeks are so ■■■■ smart how come you didn’t have advice how to get rd of it smartass.

Please don’t immediately shoot from the hip.

We do need some additional information from you. What file is being detected as infected with Heur.Corrupt.PE[at]4294967295? The Gimp or another file? Where did you download the file from?

The detection Heur.Corrupt.PE[at]4294967295 is one made by heuristics and may be a false positive.

Installing an update for Adobe does not require to disable CIS. What makes you think that disabling is needed?

fixed typos

Hi actorstuntman,

In the same way that you prepare for a stunt (examine the physical layout and equipment, calculate angles, calcualte speeds, make sure safety measures are in place, etc.), background information is critical to treating any possible incidence of malware.

Can you please provide the following info;

  1. Your operaing system
  2. 32 bit or 64 bit
  3. Is your operating system fully patched?
  4. Currently installed security software and version
  5. Is your security software fully up to date?
  6. What was the file that triggered the alert?
  7. Have you submitted this to an online analysis service
    Virustotal - www virustotal.com
    Comodo Valkyrie - http://v.comodo.com/
    Jotti - Jotti's malware scan
  8. If so, what were the results?
If you geeks are so ■■■■ smart how come you didn't have advice how to get rd of it smartass.

I’m certain that the above information will assist in arriving at a solution this problem.

Ewen :slight_smile: