Trojan.win32.Stuh!IK detected among CIS files

I’m just posting here because this seems to be the closest forum for my topic.

Emsisoft, the anti-malware I use, detected trojans among CIS files.


Emsisoft Anti-Malware - Version 5.1
Last update: 4/8/2011 4:07:27 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:, D:
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 4/8/2011 4:08:25 PM

C:\Documents and Settings\All Users\Application Data\Comodo\Installer\CFP_Setup.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\Program Files\COMODO\COMODO Internet Security\repair\rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP3\A0000157.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000158.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000159.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000160.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK


Files: 65879
Traces: 703788
Cookies: 3
Processes: 51


Files: 6
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 4/8/2011 5:58:49 PM
Scan time: 1:50:24

C:\Documents and Settings\All Users\Application Data\Comodo\Installer\CFP_Setup.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\Program Files\COMODO\COMODO Internet Security\repair\rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP3\A0000157.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000158.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000159.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000160.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK


Files: 6
Traces: 0
Cookies: 0

I’m a computer newbie/dunce, so…

I downloaded the latest firewall from the site, and scanned my PC after I completed downloading the installer (clean). I didn’t find the first suspect file in the folder it was supposedly in, but I had the trojans deleted anyway and had to restart the PC because the ones hiding under the Comodo files couldn’t be deleted then and there.

Since I only found out about false positives and a forum like this (haven’t been around much), is this a false positive and did I just do something nasty to my firewall in deleting these files? In case the trojans were legitimate, just thought you should know.

Hi licica ,

Please check respective file’s properties and see if digital signature is ok like in the below image. If so, it’s for certain a false-positive.

Thanks and regards,

[attachment deleted by admin]

I, uh, deleted the files already so I can’t do anything there, but this’ll be handy the next time (God forbid, though) this happens. Is there a way to check if I did something to my firewall? Thanks.