May be i’ll sleep tonight:
It states clearly:
There is no known infection that only affects the HOSTS file! :P0l
At Comodo staff. Could you take a look at this again. Hosts file entries now gets detected as Trojanware.Win32.Qhost~14S9[at]11624354.
CIS V. 6.3.302093.2976 , AV database Version <17441> not detected <hosts.zip> SHA1: 8869ac43f8638c02d49ab2e313e18ae205264cbf and inside file
SHA1:b0942880daf992acc532c932c5e87e35ab4c3bc4 *HOSTS
SHA1:1f077ca4605dd4376763577ad7c37f131b7f771b *License.txt
SHA1:7fc50e905fc7c24cf35f10750eb80dcbfb0593ea *mvps.bat
SHA1:d1b6bdeebee968dfb36ebf6bd0fbdddfd00dc863 *PrivacyPolicy.txt
SHA1:6098439371f22d67f757dd072709f8a82fe9eb97 *readme.txt
I will been added Safe Sig.
Please guys, it’s not the host. zip file that you have to test, you have to undergo the whole process into updating your new host file! Mine still detects the same malware with CIS V. 6.3.302093.2976 , AV database Version <17441>. Detection positive! And with CIS V. 6.3.302093.2976 , AV database Version <17442>. Detection positive, again, threats 13935!
As stated before, that’s way impossible to get ONLY the hosts file infected!Couldn’t you please fix this… Thx!!!
I get the same fp as gdiloren did when I ran a scan. I also use the mvps site to update my hosts file. MVPS has posted a note about the change from 127.0.0.1 to 0.0.0.0 in their Dec 6th hosts file:
[i]"This update contains a change in the prefix in the HOSTS entries to “0.0.0.0” instead of the usual “127.0.0.1”.This was done to resolve a slowdown issue with the new Win8.1/IE11 and the HOSTS file.
I’m not sure what Microsoft changed in the new version, although I suspect it has something to do with the new “TCP loopback interface” in Win8.1 … this change in the prefix should not affect users.
If this proves to be a permanent fix … I will update the website to reflect the changes."[/i]
So, anyway, knowing that this is definitely a fp and while we wait for the Comodo team to present a more permanent fix to the antivirus db, to temporarily get around this fp, I just added the path of hosts file and the filename itself to the excluded paths tab and reran the scan. Result=no more fp.
Be aware you have not cleaned then erased your host file. For me the exclusion of the host file or even putting it in the trusted file still gives a positive detection result. DATABASE: 17445. I can’t get rid of it! But as you said we all know it’s FP good old COMODO…! Thanks for feedback!
Still no news, more than 2 days, Comodo hasn’t issued a fix.
Not worried but annoyed by the very long time to solve this FP (???) I restored the previous version of the Host file. Problem fixed… >:-D
Hi gdiloren,
This is to inform you that false-positive has been fixed (about HOSTS file have “0.0.0.0”).
You can update to AV database Version <17470> of Comodo Internet Security Version<6.3.302093.2976> and confirm it.
Best regards
Qiuhui.■■■■
Hi,
Thank you for reporting this.
We’ll check it and get back to you soon.
Kind Regards,
Erik M.
Hi,spywar
This is to inform you that false-positive has been fixed.
You can update to AV database Version <17763> of Comodo Internet Security Version<6.3.302093.2976> and confirm it.
Best regards
Chunli.chen
not a FP, Adwares
https://forums.comodo.com/av-false-positivenegative-detection-reporting/adware-pup-t102108.0.html
Hi Suxter ,
Thank you for reporting this.
We’ll check it
Kind Regards,
Srinivasan.G
Hi,spywar
Thank you for your submission.
We’ll check there.
Best regards
Chunli.chen
Hi Siketa,
This is to inform you that false-positive has been fixed.
You can update to AV database Version <17892> of Comodo Internet Security Version<6.3.302093.2976> and confirm it.
Best regards
Qiuhui.■■■■
miniupdater.exe from SuperBird browser.
On VirusTotal Comodo says it’s safe (there’s a warning only from VBA32), but I got a pop-up from CIS AV on my home PC.
When CIS found it, I reported it as a FP by uploading it to Comodo
Hi Jon79,
Thank you for reporting this.
We’ll check it and get back to you soon.
Regards,
Yuvaraj M