update.exe

flagged as unclassifiedmalware :

Removed the attachment just in case (i have a copy if anyone needs it). Matty_R

CAMAS is a bit vague on it 88) http://camas.comodo.com/cgi-bin/submit?file=bf232753f3ddd42e151009c407a65879b37f84775884f5e87ee5edb54862f67a

I don’t think it is a FP http://www.virustotal.com/file-scan/report.html?id=bf232753f3ddd42e151009c407a65879b37f84775884f5e87ee5edb54862f67a-1279914865

Hi MOVEAX,

Thanks for reporting.We will check that and get back to you shortly.

Regards,
Vaishnavi.V.K

Hi,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <6785> of Comodo Internet Security
Version<5.0.162636.1135> and confirm it.

Thanks.

Kind Regards,
Comodo AntiVirus Lab
Erik M.

so wait you are telling me that Symantec, pc tools, prevx, bitdefender are all wrong?

Hi languy99,

1st, why not ? That’s very usual story

Then, I have 253 instances of the file called update.exe on XP
147 of them belong to Microsoft updates
It’s quite possible to find the same file as the file in question amongst those, if there is a bit more info about the file
(sure the file name itself doesn’t matter)

Anyway, the FP was confirmed already

Cheers!

You can’t go by names on files, only SHA keys, a file could be called many things and still be the same one over and over.

Who would argue?
Yes, & that’s what is written in brackets

It’s quite possible to find the same file as the file in question amongst those, if there is a bit more info about the file
(sure the file name itself doesn’t matter)

by info I meant precisely MD5 & SHA / Software it belongs to /file location (just in case ;)) /etc.
otherwise it is quite a job to check all 253 of them on XP (less though on Win7 … Avira’s update.exe is one of those)

Needless to say, that the initial request doesn’t contain any info about the system & platform, which is important when investigating FPs.

Cheers!