Starting today Comodo picks up wwdc.exe as unclassified malware

it’s windows worm doors cleaner, a very small security tweaking program.

Have it on my PC since 2 years.

Hello slightly_concerned,

Thank you for your submission. Please upload the file as False Positive using the following link so we can check this:

Best regards,


The date on my wwdc.exe said “created” and “last modified” both in 2009,which was after my last Windows install. I know this was a perfectly fine (albeit perhaps not necessary anymore) application that just closed some ports.

The file is 50 KB, I could not upload the file because of the small size, I thought at first, but then I realized I can not even open it anyomore, even after I restored it from the CIS quarantine. Hell, I could not even normally delete it. So I opted for “disinfection” instead of “quarantine” and it was gone.

I thought my file got somehow corrupted so I googled a little and wanted to download the wwdc.exe again, but immediately upon downloading my CIS alerts me of this “malware” again.

It calls it UnclassifiedMalware[at]173996820 and then TrojWare.Win32.Agent.cytu[at]1

here’s some site offering the WWDC download, you can download it and analyze it by yourself.


This is to inform you that false-positive with
<wwdc.exe> (SHA1: )
has been fixed.
You can update to AV database Version <8019> of Comodo Internet Security Version<5.0.181415.1237> and confirm it.

Comodo AntiVirus Lab

Thanks Chunli,

it’s solved :slight_smile:

BTW I still have this “rootkit” (?) showing on my scans