System Volume Information

I walked away from my NetBook for about 5 minutes and when I came back Comodo AV had a pop-up for the following. I did not know what to do with it and put it in exclisions hoping to be able to easily get a report (see below)

What do you think, is it a nasty or not ?
By the way, my NetBook is running great :slight_smile:

COMODO Internet Security Logs

Table: Antivirus Logs

Date Created: 9/12/2009 5:00:51 PM
Log Scope: Today

Records count: 2

Date/Time Action Location Malware Name Status
12/9/2009 4:37:05 PM Detect C:\System Volume Information_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP4\A0000093.exe Heur.Suspicious@84629554 Success
12/9/2009 4:38:54 PM Ignore C:\System Volume Information_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP4\A0000093.exe Heur.Suspicious@84629554 Success

End of The Report

All the best, woz of oz

Using the wonderful Everything Search Engine I dug deeper and found that A0000093.exe is a Restore backup of RootkitBuster by Trend Micro.

I have had RootkitBuster sitting in a folder in My Documents for over a week now (just in case I need it in the future) but I don’t know why Comodo AV decided to flag it in Restore at that moment.
As I said earlier, I was away from the NetBook for 5 minutes and came back to find the pop-up. This was not long enough for it to go into Standby Mode but would have been long enough for ScreenSaver to kick in, if that’s a clue.

Anyway, it’s perplexing and a bit annoying but it seems to be harmless
Any thoughts would be much appreciated :slight_smile:

By the way, you probably already know this but here is the VirusTotal scan of RootkitBuster which was 0/41:
http://www.virustotal.com/analisis/94df531ec3a98425df61e81ce66cd04a1f78b61737e88e06ce758e66acb60a5d-1260357158

All the best, woz of oz

May be false positive pls try to post the files here https://forums.comodo.com/antivirus-bugs-b150.0/ post CIS version and Virus DB version

Best regards,
Catalin

It is better to submit in the false positive board. I will move this topic there.

Yes, false positives should be submitted to:

Hi all,
It’s been one month since I reported thiis and it seems things have changed.

I took RootkitBuster out of my Ignore list and then scannned it with Commodo, there was no flag.
I guess it has already found it’s way into the Comodo Safe list.
Maybe I already reported it, I really can’t remember after all this time :wink:

Since there is no flag, I can’t get the Malware Name to fill out the report anyway.

All looks good and thanks for the responses :slight_smile:

All the best, woz of oz