Unclassified Malware@4243066

Hi. Comodo Internet Security had detected a malware on my computer: C:\WINDOWS\system32\shutdown.exe with the name “Unclassified Malware@4243066”
Could this be a false positive?


Yes it could be a FP.

What OS and CIS version and AV database number do you have?

Hi. I am using Windows XP Pro SP2. CIS Vr.3.5.57173.439 with database vr.959.
Thanks a lot (:HUG)

Simple test attached in zip folder is clean copy of same file from XP Pro.

When extracted if av goes off then FP.

MD5 signature 3fb410f5f7009e5eed0432c0b695afcf shutdown.zip

Please if FP submit to Comodo for analysis.
If no reaction to clean copy then please advise.

[attachment deleted by admin]

Hi. I extracted the file you have uploaded but it did not set of the AV.
The version that I had quarantined is 144kb big. When it quarantined, Windows seemed to have replaced it with a 20kb (edit: 19kb) version.

Interesting results.
So after you quarantined the over sized copy windows automatically replaced it with one identical to the clean one I upped?
And no further alerts at all?
Could you submit the quarantined file to Comodo for analysis. Even though I suspect the file was possibly just corrupted somehow, obvious with size diff.
For peace of mind personally I would do a few “second opinion scans” . Any or all of the first three applications as recommended in this post by eXPerience. Showing “clean” status would restore confidence.
If they Indicate more issues then please proceed with the cleanings and follow up actions also as per eXPerience’s suggestions.


Hi. I just found out that the file is part of Sysinternals - www.sysinternals.com

File Version :
Description : Shutdown, logoff and power manage local and remote systems
Copyright : Copyright (C) 1999-2004 Mark Russinovich

Will do the submitting and scans. Thanks (:HUG)

Yep. Send the file to the labs as an FP and it will be fixed.



Thanks for reporting the FP. It will be fixed in the next base release.


Hi. Thanks for the help :ilovecomodo:

Hi kuanhong92,

FalsePositive has been fixed in the DB ver ‘966’.You can verify with our Latest Update.

Thanks for reporting,