results from bit defender online scan??

Hello to you.

Please could someone tell me any info on these results from bit defender

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

Infected with: Trojan.Peed.Gen

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

Disinfection failed

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

Deleted

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)

MANY THANKS.

Greetings,

It’s most likely a false positive. I can’t find that file in the same directory tho, mine’s empty, but I use CPF 3 and not CPF 2.4.
Too bad you deleted it, else you could’ve uploaded it on VrusTotal and see if it was a false positive or some virus hiding in the Comodo folder.

Ragwing

Good morning to you, and thanks for your help Ragwing.

I have just checked and the CPF5.tmp file is still there? Do you think its worth sending to virus total.

MANY thanks,

Soulman.

sure u should send it to virus total!
and post da result.
If only Bitdefender reports it as mal-ware, its sure a false positive and we need to inform BD abt dis.

Having Googled it,that does appear to be genuine malware,rather than a false positive,since it’s listed by a few vendors. It appears to be a nasty malware that’s able to resurrect itself if it isn’t completely removed.
My suggestion would be to install Bitdefender AV free edition,which is an on demand scanner and won’t interfere with your existing AV.It also happens to be an excellent product and is great for a second opinion on suspect files.

http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

COMODO firewall is not a piece of malware.

So there is several possibilities.

  1. False posititve
  2. A virus infected a file in the CPF directory

I wasn’t suggesting for a minute that Comodo Firewall is malware!

The location of the suspect file,a Temp folder,would appear to correspond with it being a drive by download malware rather than an authorised download.The information is that it exploits security flaws in IE or MSN messenger etc. in order to infect a system.

Having infected a system it acts as a mass mailer on a botnet,this communication will be logged by Comodo firewall.

It might be a false positive,but since it’s listed by multiple vendors,under various names, it is probably a genuine malware.

http://www.iss.net/threats/W32.Worm.Nuwar.Gen.html

I suspect it is a false positive, I have a file with the same name (CPF5.tmp) in that folder and have scanned it with multiple online scanners (including VirusTotal) and all came back negative. Bit defender has been reported in some reviews as giving a lot of false positives.

:SMLR

It isn’t just reported by Bitdefender though,it appears under various names with products such as NOD32 and Kaspersky and others.

Perhaps someone could find out off Melih what exactly CPF5.tmp is,then we’d know better.Is it some form of repository for downloaded files perhaps? It isn’t the CPF5.tmp itself that’s the malware since it is obviously generated by Comodo Firewall,it is the content within it that’s suspect.

As you have said “Trojan.Peed.Gen” is reported by these other products, not CPF5.tmp.

I have looked at two computers with CFP on them, one just has a file called “CPF8D.tmp” and the other has the same file plus CPF5.tmp, CPF11.tmp and CPF14.tmp. I have scanned all of these files on virustotal and all came back negative. Perhaps yours is infected but I think it more likely a false positive - perhaps you could submit the file to Bitdefender for them to check.
I am sure someone from Comodo will tell us what the temp files are for but I suspect they are pretty busy with various Betas so response may not be immediate. I will ask and see if someone will post some comments about these files.

:SMLR

I don’t have any of those files on my system but that’s probably due to the fact that I use Returnil.I hope this does turn out to be a false alarm for the sake of Soulman,but from what I can work out this trojan could be related to the Storm malware.I can’t think of what these temp files might be used for unless it’s as some sort of ‘holding area’ before analysis.Of course this may mean that any malware has been isolated by Comodo,which has anti-trojan protocols built in,hopefully this is the case.Plus it would explain why the file couldn’t be removed by Bitdefender if it’s been quarantined.

Rumour has it that Melih works 23 hours a day so hopefully he can spare a minute or two :SMLR

within da same area w same scanners, NTTW scan for nothing but andy found nasty then surely andy’s comp is infected: not a false positiv.

But

u use returnil so everytime u reboot da file is reinfected by dat nasty (unless u disabled returnil wen BD quarantined it) but no suspicious activity is reported. so i guess dat botnet is not so activ.

i suggest u disconnect internet, disable returnil,quarantine da botnet and activate returnil again.

Sorry there has been some confusion it isn’t my system that’s infected with that file,it is Soulman,thanks anyway :■■■■

Good point on Returnil though,it should only ever be run on a clean system since any ‘real’ malware ‘removed’ from within the cloned system would reappear on reboot if protection was enabled.

Sorry i have not replied, i have had no email to say someone has got back to me?

When i try to send the file to virus total all i get is this :-
0 bytes size received / Se ha recibido un archivo vacio

Am i doing something wrong? This is the path to the file that i am trying to send :-
C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

I have just scanned again using the bitdefender online scan and here are the results:-

BitDefender Online Scanner

Scan report generated at: Tue, Nov 06, 2007 - 02:58:30

Scan path: C:;D:;F:;G:;H:;

Statistics

Time

01:22:03

Files

343405

Folders

8331

Boot Sectors

3

Archives

9236

Packed Files

18382

Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

860306

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

14

Archive plugins

38

Unpack plugins

7

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

Infected with: Trojan.Peed.Gen

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

Disinfection failed

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)

Deleted

C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)

Update failed

Thanks for all the help here, and i will check in after work and not rely on email notification.

Ps… i have scanned this file with my AVG free, and it found nothing

Cheers, Soulman.

According to the results you posted there the file has been deleted by the Bitdefender online scanner.Since I don’t speak Spanish I’m only guessing that “0 bytes size received / Se ha recibido un archivo vacio” refers to an empty archive? Perhaps you should just manually delete anything left in that particular folder.

Morning andyman35.

Would it be ok to delete the whole folder? there is 20 temp files inside.

Many thanks for your time,
Soulman.

Since they’re only TEMP files they’re not of any use so it’ll be no problem to just delete them,although it isn’t really necessary.
You should get yourself a good quality system cleaning util,such as the superb Ccleaner.It’s free and removes a lot of unnecessary junk files automatically.

Morning.

Deleted those temp files, i already have Ccleaner and Atf, and use them quite alot.

Ill try another bit defender online scan when i get a chance and let you know the outcome.

Many thanks,
Soulman.

I’ve not heard of ATF,is it similar to Ccleaner?

Morning andyman35.

Yes mate, i always run both as atf always clears more of the dross left on my pc.

http://www.atribune.org/content/view/19/2/

I have just run the online scan. but it didden’t finnish and went off! I have had this before, as it takes a long time ill have to have another go when i have time, ll post the results

Thanks.