UnclassifiedMalware 105437190

rockram · May 9, 2010, 12:26am

Hi,

I’m having a problem with UnclassifiedMalware@105437190 virus alert coming up often on my Gateway NV52 running Windows 7. I’m running comodo internet security suite 4.0.141842.828 and have updated the antivirus database.

The files it complains about are named something like C:\Windows\Temp\CBAA4C.tmp. All the files are similarly named.

I’ve tried running a scan using comodo, avast, avira, and malwarebytes, but none of them have identified what’s causing this.

Any help you could give in tracking down what’s causing this would be greatly appreciated.

Rock

carlosman · May 10, 2010, 4:38pm

I have the same behavior on a Dell OptiPlex GX260 with Win XP Pro SP3. Could this, by any chance, be a false positive?

Citizen_K · May 10, 2010, 11:07pm

They are likely false positives. Try uploading the files to Virus Total and see what the other scanners think. Leave us the url of the analysis page so we can check with you.

Chiron494 · May 11, 2010, 3:50am

Also if you could upload it to the Comodo Malware/False-Positive Submission then Comodo staff can analyze it. If it is a false positive the detection will be removed and either way they will send you an email alerting you to the results of the analysis.

carlosman · May 11, 2010, 8:07pm

Hey, guys. Funny, thing… These CB??.tmp files seem to be generated when COMODO is updating it’s anti-virus database.

I think Comodo’ heuristics engine is detecting its own anti-virus signatures as malware. Would it be that C:\WINDOWS\Temp is not the right place for those files to go in, or that it needs whitelisting? Is this possible?

Maybe I got it wrong. Please let me know.

Chiron494 · May 11, 2010, 10:19pm

As EricJH suggested, can you please upload some of those files to virustotal and provide us with the link to the results pages.

rockram · May 11, 2010, 10:36pm

Thank you for the replies.

I wiped my hard drive and reloaded Windows 7 as a fresh install this morning and I haven’t gotten the error message yet, even when it was updating the virus database.

I’m running the same version of Comodo on a Gateway desktop and I haven’t gotten the error messages on it so I’m not sure that carlosman’s theory that it’s virus signatures that’s causing my problems, but it might be something to look into.

When I did the full virus scan after the fresh install it found 4 of the files in Windows.old. How do I upload the scan to the Comodo Malware/False-Positive Submission and the Virus Total for analysis?

Thank you for your help.

Chiron494 · May 12, 2010, 2:34am

For Comodo go to the Comodo Malware/False-Positive Submission and select False Positive. A box will appear under it in which you should type the name of the detection. For example UnclassifiedMalware 105437190 if that is what it is detected as. You then select the file, put in your email address, agree to the terms and conditions, and Upload that File. It’s as simple as that. If for some reason that doesn’t work you can also submit it using the email address for Comodo given in these Links to Report Malware to All Major AV’s.

For virustotal you merely go to http://www.virustotal.com/ , choose your file, and Submit. When it has finished displaying the results you merely copy the URL of that page and paste it into your post.

Let me know if I misunderstood your question. This is all assuming you can still navigate your way to these files. If you can’t then I’m not sure how to do this and I hope someone else can answer.

carlosman · May 12, 2010, 5:55pm

I completely forgot to send the file. Sorry. I submitted it to Comodo’s Malware/False-Positive page. The comments I sent along with the file are quoted below:

This kind of file shows up from time to time in my C:\WINDOWS\Temp\ folder. I have observed they always show up when I reboot the computer. I think they are related with some sort of COMODO update activity.
I uploaded one of the files (named CB110.tmp), to VirusTotal, as indicated in the forum, and it responded this file had already been analyzed. Here is the report.

Please, drop me a line with your findings, if possible.

carlosman · May 12, 2010, 6:03pm

As a side note… No. The file is not accessible.

I had to de-activate my anti-virus, in order to be able to pull the file from quarantine and send it. Then I re-activated it and clicked on the file to put it in quarantine again.

I had submitted the file from the quarantine screen, but since you suggested it needed sending to the Malware/False-Positive page, I thought it may get a different treatment if I states I think it is a false-positive.

carlosman · May 15, 2010, 3:43pm

I am happy to say that I consider this issue RESOLVED. In my case, the file I sent has been declared a false-positive. First, Florin Gogoseanu, from Comodo AntiVirus Lab, sent me a message on May 12, 2010 saying:

(CB110.tmp

SHA1: ad79f08fe8524d8d7dd6a488d1283727a5d5f186 ) is not a False Positive

Apparently, they continued with their analysis efforts, being the thorough fellows we all know them to be, and today I received another message, from hexinpeng, also from CAL, stating in its subject line:

False-Positive Fixed(<CB110.tmp> (SHA1: ))

Than you, Florin and hexipeng, for your efforts and for taking the time to let me know about them so promptly.

I will risk sounding repetitive…: :comodorocks: