[RESOLVED] False positive: Worm.Win32.Sdbot.~J[at]2909394

CIS 3.5.57173.439 reports that Worm.Win32.Sdbot.~J[at]2909394 has infected EndItAll 1.zip, HDValet 1.1.zip and InCtrl5.zip, three program installation files that I have archived. I sent all three files to VirusTotal (http://www.virustotal.com/) to be analyzed. CIS is the ONLY antivirus program that finds any of the files to be infected. The 30+ other antivirus programs that VirusTotal uses found all three files to be clean. My conclusion is that CIS is reporting a false positive.

Hello, please read here.
https://forums.comodo.com/empty-t27062.0.html

Okay, I zipped up the three files and sent them to the Comodo AV Lab. If I had been notified that my post had been moved and that someone had replied to it, I would have sent the files yesterday. But I wasn’t notified, even though I asked to be notified. So I had to go searching for my post today, which wasted time. I guess that I won’t be notified if anyone replies to this post either.

You can change notifications in your profile… And the moved topic leads directly to where the post was moved. :slight_smile:

Anyway an AV Analyst will respond to you here when the FP is fixed.

Cheers,
Josh

What took you so long to reply? :wink:

I think my reply was super fast. :wink: (Yes I know you’re being sarcastic) I think! :slight_smile:

Cheers,
Josh

Hi erwaxman,

Thanks for your files.We received the files do analyse and will take neccessary steps.

Thanks and Regards,
Suresh

What was the result of your analysis?

Hi erwaxman,

Sorry for the Delay.It is a FP got fixed in our DB ver ‘937’.
Sorry i forgot to reply you.

Thanks for reporting,
Thanks and Regards,
A.Suresh

Better late than never.

Thanks :slight_smile:

Now that the issue is resolved, this topic will be closed. If you need this topic to be reopened, please PM an active moderator or admin requesting them to do so. This applies only to the original topic starter, all others please start a new topic.

Regards,
Baskar.