TrojWare.Win32.TrojanDownloader.Agent.hylu@97495475 in wextract.exe

TrojWare.Win32.TrojanDownloader.Agent.hylu[at-bypass]97495475 in wextract.exe (Swedish, Win XP SP3)

wextract.exe      2008-04-14     2:5.1      Signerat      NT5.CAT      Microsoft Windows Component Publisher

Detected file compressed and attached.

Thanks. :slight_smile:

[attachment deleted by admin]

Hi JoWa,

We are going to check it out and will get back to you shortly.

Kind Regards,
Erik M.

Hi JoWa,
This false-positive has been fixed.
You can update to AV database Version <3924> of Comodo Internet Security
Version<3.14.130099.587> and confirm it.
Thanks.

Kind Regards,
Erik M.

Confirmed. Thanks! :slight_smile: :-TU

I still get warnings for wextract.exe. I’m running WinXP Pro SP2 with latest virus db.

I tried to submit the file to Comodo, but get submission error. Here’s some info about
the file:

File Description  : Win32 Cabinet Self-Extractor

File Version      : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name     : Wextract
Original File Name: WEXTRACT.EXE
Product Name      : Microsoft« Windows« Operating System
Product Version   : 6.00.2900.2180
Company Name      : Microsoft Corporation
Legal Copyright   : ⌐ Microsoft Corporation. All rights reserved.

File Size         : 64 KBytes (65536 bytes)
SHA1 sum          : 2f15e26af697b802b2f620c773d31a8b37245109
MD5 sum           : d49212322ba85bd4dbe5d5d8657fc0c5

Hi earlhood,

Thanks for reporting.We are going to check that and get back to you.

Regards,
Haja

I too have updated version of your AV database, <3932> and signature Version<3.14.130099.587>. But flagged Wextract.exe this morning as a Trojan downloader.

Any latest update on this?

Thanks guys.

We don’t have identical versions of the file.

You can submit the file here: Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year (check Palse-Positive)

Thanks Jowa, I’ve just submitted the file for analysis.
Let’s hope it is another false- positive :slight_smile:

I used the upload form to upload the wextract.exe file that is on my system.

File Description  : Win32 Cabinet Self-Extractor

File Version      : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name     : Wextract
Original File Name: WEXTRACT.EXE
Product Name      : Microsoft« Windows« Operating System
Product Version   : 6.00.2900.2180
Company Name      : Microsoft Corporation
Legal Copyright   : ⌐ Microsoft Corporation. All rights reserved.

File Size         : 64 KBytes (65536 bytes)
SHA1 sum          : 2f15e26af697b802b2f620c773d31a8b37245109
MD5 sum           : d49212322ba85bd4dbe5d5d8657fc0c5

Hi earlhood,
This false-positive has been fixed.
You can update to AV database Version <3937> of Comodo Internet Security
Version<3.14.130099.587> and confirm it.
Thanks.

Kind Regards,
Erik M.

I’m not getting the warnings anymore. Thanks.