rtcshare.exe - Heur.Suspicious[at]26655610 [SOLVED]

Win XP SP3, CIS 3.11
File: C:\WINDOWS\system32\rtcshare.exe
Size: 77312 bytes
File Version: 5.1.2600.5512 (xpsp.080413-0852)
MD5: A3C242597B89FEBCA5AE0A1404698352
SHA1: E6EBFF9A8DC9CA8AE051202675B86FD660FEC1E1

It’s a Windows system file.
Detected by Real-Time Scanner only, not by On-Demand Scanner. File was submitted about month ago via built-in submit service, but still detected.

File in attach, password: FP

[attachment deleted by admin]

Hello,

Thank you for your submission. We will check it out and get back to you after analysis.

Regards,
Sonia Botezatu.

Very interesting case here…

This file is still detected (Heur.Suspicious[at]26655610, AV database 2250).

Besides, on WinXP SP3 the file C:\WINDOWS\system32\rtcshare.exe is not accessable even with full administrative rights. I was forced to use WinXP Safe Mode to copy this file for next testing.

Like Xeno said, it’s detected only by Real-Time Scanner and not by On-Demand Scanner. It seems like they are using different heuristics algorithms, aren’t they? Or maybe this is a bug.

Moreover, I can’t add this file to My Pending Files list. I believe, this is so because this file is already in the Comodo Safe Files Database. If this is correct, Heuristics verdict has higher priority then the Safe database (To my mind, it should be vice versa).

Maybe someone can clarify this issue?

Thanks

Hello Xeno,

We encountered a small issue while fixing this FP. We are working to fix it and then we will get back to you with the proper answer when we will have a positive result.

Thanks and regards.
Sonia Botezatu.

Hello Sonia,
CIS 3.12.111745.560, bases 2355…

FIXED! Removed some of the reasons that make AV to report false positives
But still detected...

Hi Xeno,

This FP has been fixed.Please check in virus signature database 2375.

Thanks and Regards,
hailong.■■■■

Thnx. :wink:

I’m using 4.1.150349.920 version (Database 5838), WinXP SP2.

Scanning C:\WINDOWS\system32\dllcache\rtcshare.exe, results:

       Heur.Suspicious@27369199

After submit analisys on Virustotal.com, only Comodo indicates warning about this file.

Can anyone help me?

Ty

Hi urssaum ,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
FangFang

Hi urssaum,

Reported FP has been fixed in DB 5841. Please update and confirm it.

Regards,
Haja

Yeah, after updated to DB 5848 its running clean.

Thanks Haja. :-TU

??? On my system rtcshare.exe is still detected as a virus by the real-time scanner, with the last actualization installed.

Hello Clinamen,

Please submit the detected file using the next link: Comodo Antivirus Database | Submit Files for Malware Analysis

Also please provide the Comodo Internet Security version you are using and the version for the Virus Signature Database.

Best regards,
FlorinG

I just uploaded the file rtcshare.exe with following comment:
rtcshare.exe false positive, Heur.Suspicious@103141241
Comodo Internet Security Premium 4.1.150349.920
Signatures Base 5877

Thanks:

Hi,
This is to inform you that false-positive with <rtcshare.exe> (SHA1: <75c396b4890fd3a481bfd942fe91fdee2b82e355>) has been fixed.
You can update to AV database Version <5881> of Comodo Internet Security Version<4.1.150349.920> and confirm it.