It’s most likely a false positive. I can’t find that file in the same directory tho, mine’s empty, but I use CPF 3 and not CPF 2.4.
Too bad you deleted it, else you could’ve uploaded it on VrusTotal and see if it was a false positive or some virus hiding in the Comodo folder.
Having Googled it,that does appear to be genuine malware,rather than a false positive,since it’s listed by a few vendors. It appears to be a nasty malware that’s able to resurrect itself if it isn’t completely removed.
My suggestion would be to install Bitdefender AV free edition,which is an on demand scanner and won’t interfere with your existing AV.It also happens to be an excellent product and is great for a second opinion on suspect files.
I wasn’t suggesting for a minute that Comodo Firewall is malware!
The location of the suspect file,a Temp folder,would appear to correspond with it being a drive by download malware rather than an authorised download.The information is that it exploits security flaws in IE or MSN messenger etc. in order to infect a system.
Having infected a system it acts as a mass mailer on a botnet,this communication will be logged by Comodo firewall.
It might be a false positive,but since it’s listed by multiple vendors,under various names, it is probably a genuine malware.
I suspect it is a false positive, I have a file with the same name (CPF5.tmp) in that folder and have scanned it with multiple online scanners (including VirusTotal) and all came back negative. Bit defender has been reported in some reviews as giving a lot of false positives.
It isn’t just reported by Bitdefender though,it appears under various names with products such as NOD32 and Kaspersky and others.
Perhaps someone could find out off Melih what exactly CPF5.tmp is,then we’d know better.Is it some form of repository for downloaded files perhaps? It isn’t the CPF5.tmp itself that’s the malware since it is obviously generated by Comodo Firewall,it is the content within it that’s suspect.
As you have said “Trojan.Peed.Gen” is reported by these other products, not CPF5.tmp.
I have looked at two computers with CFP on them, one just has a file called “CPF8D.tmp” and the other has the same file plus CPF5.tmp, CPF11.tmp and CPF14.tmp. I have scanned all of these files on virustotal and all came back negative. Perhaps yours is infected but I think it more likely a false positive - perhaps you could submit the file to Bitdefender for them to check.
I am sure someone from Comodo will tell us what the temp files are for but I suspect they are pretty busy with various Betas so response may not be immediate. I will ask and see if someone will post some comments about these files.
I don’t have any of those files on my system but that’s probably due to the fact that I use Returnil.I hope this does turn out to be a false alarm for the sake of Soulman,but from what I can work out this trojan could be related to the Storm malware.I can’t think of what these temp files might be used for unless it’s as some sort of ‘holding area’ before analysis.Of course this may mean that any malware has been isolated by Comodo,which has anti-trojan protocols built in,hopefully this is the case.Plus it would explain why the file couldn’t be removed by Bitdefender if it’s been quarantined.
Rumour has it that Melih works 23 hours a day so hopefully he can spare a minute or two :SMLR
within da same area w same scanners, NTTW scan for nothing but andy found nasty then surely andy’s comp is infected: not a false positiv.
u use returnil so everytime u reboot da file is reinfected by dat nasty (unless u disabled returnil wen BD quarantined it) but no suspicious activity is reported. so i guess dat botnet is not so activ.
i suggest u disconnect internet, disable returnil,quarantine da botnet and activate returnil again.
Sorry i have not replied, i have had no email to say someone has got back to me?
When i try to send the file to virus total all i get is this :-
0 bytes size received / Se ha recibido un archivo vacio
Am i doing something wrong? This is the path to the file that i am trying to send :-
C:\Documents and Settings\shaun wade\Local Settings\Application Data\Comodo\Comodo Firewall\Temp\CPF5.tmp=>(gzip)=>(Embedded EXE g)
I have just scanned again using the bitdefender online scan and here are the results:-
BitDefender Online Scanner
Scan report generated at: Tue, Nov 06, 2007 - 02:58:30
According to the results you posted there the file has been deleted by the Bitdefender online scanner.Since I don’t speak Spanish I’m only guessing that “0 bytes size received / Se ha recibido un archivo vacio” refers to an empty archive? Perhaps you should just manually delete anything left in that particular folder.
Since they’re only TEMP files they’re not of any use so it’ll be no problem to just delete them,although it isn’t really necessary.
You should get yourself a good quality system cleaning util,such as the superb Ccleaner.It’s free and removes a lot of unnecessary junk files automatically.