hi, (:WAV) since the last update of comodo antivirus, my favorite browser portable firefox 2, the antivirus show
trojan.downloader.win32.agent.bcw
is real ???
false alarm???
thanks :■■■■
hi, (:WAV) since the last update of comodo antivirus, my favorite browser portable firefox 2, the antivirus show
trojan.downloader.win32.agent.bcw
is real ???
false alarm???
thanks :■■■■
You should submit the affected executable for Comodo to analyse. In the interim, if you feel this is a false positive, you can exclude the executable from the on-access and the on-demand scanner.
Hope this helps,
Ewen
the problem is that whenever I open the program within windows/temp/ directory it generates a temporary directory with random name that contains a called file system.dll (infected file according to antivirus) then I cannot assign within the antivirus onDemand or onAccess “exclude files” the absolute route of the file.
thanks to google translate and you
(:NRD)
Can you configure Portable FireFox to create its temporary files in a specific folder, rather than \windows\temp?
If so, you can exclude that folder from the on access and on demand folders.
Cheers,
Ewen
hi, panic
I believe that it is not possible to be changed :THNK
I do not wish to exclude full windows/temp/
some suggestion??
thanks for your time :■■■■
Hello,
I would be sure to check and see if it is or isn’t a virus first.
Complete scanning result of “system.dll”, received in VirusTotal at 01.16.2007, 05:07:32 (CET).
[tr][td]Antivirus[/td][td]Version[/td][td]Update[/td][td]Result[/td][/tr]
[tr][td]AntiVir[/td][td]7.3.0.21[/td][td]01.09.2007[/td][td]no virus found[/td][/tr][tr][td]Authentium[/td][td]4.93.8[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Avast[/td][td]4.7.936.0[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]AVG[/td][td]386[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]BitDefender[/td][td]7.2[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]CAT-QuickHeal[/td][td]9.00[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]ClamAV[/td][td]devel-20060426[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]DrWeb[/td][td]4.33[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]eSafe[/td][td]7.0.14.0[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]eTrust-InoculateIT[/td][td]23.73.113[/td][td]01.13.2007[/td][td]no virus found[/td][/tr][tr][td]eTrust-Vet[/td][td]30.3.3329[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Ewido[/td][td]4.0[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Fortinet[/td][td]2.82.0.0[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]F-Prot[/td][td]3.16f[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]F-Prot4[/td][td]4.2.1.29[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Ikarus[/td][td]T3.1.0.27[/td][td]01.09.2007[/td][td]no virus found[/td][/tr][tr][td]Kaspersky[/td][td]4.0.2.24[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]McAfee[/td][td]4939[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Microsoft[/td][td]1.1904[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]NOD32v2[/td][td]1981[/td][td]01.16.2007[/td][td]no virus found[/td][/tr][tr][td]Norman[/td][td]5.80.02[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Panda[/td][td]9.0.0.4[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]Prevx1[/td][td]V2[/td][td]01.16.2007[/td][td]Trojan.Downloader[/td][/tr][tr][td]Sophos[/td][td]4.13.0[/td][td]01.13.2007[/td][td]no virus found[/td][/tr][tr][td]Sunbelt[/td][td]2.2.907.0[/td][td]01.12.2007[/td][td]Freeprod/Toolbar888[/td][/tr][tr][td]TheHacker[/td][td]6.0.3.148[/td][td]01.14.2007[/td][td]no virus found[/td][/tr][tr][td]UNA[/td][td]1.83[/td][td]01.15.2007[/td][td]no virus found[/td][/tr][tr][td]VBA32[/td][td]3.11.2[/td][td]01.15.2007[/td][td]Trojan-Downloader.Win32.Agent.bcw[/td][/tr][tr][td]VirusBuster[/td][td]4.3.19:9[/td][td]01.15.2007[/td][td]no virus found[/td][/tr]
[tr][td]Aditional Information[/td][/tr]
[tr][td]File size: 10240 bytes[/td][/tr][tr][td]MD5: 61151aff8c92ca17b3fab51ce1ca7156[/td][/tr][tr][td]SHA1: 68a02015863c2877a20c27da45704028dbaa7eff[/td][/tr][tr][td]Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=69b449222290[/td][/tr][tr][td]Sunbelt
info: Freeprod/Toolbar888 is an adware application that installs a
Internet Explorer Toolbar and may hijack search results.[/td][/tr]
Hello,
If that is the case I recommend you completely remove Portable Firefox (backing up your bookmarks and other data of course) and then re-installing it.
If there is a virus in the new installation, then we can assume it is a false positive.
Justin
Hi,
Newest user to Comodo’s suite of software. First download was the Personal Firewall, thoroughly impressed with that. Found out about this from searchsecurity.com.
Next was the Antivirus… quite a big download for the installer, quite a big download for virus updates - total roughly 35MB! Expectation was that it must be pretty thorough in it’s job of protecting against virus infections.
After the install and updates, tried to use mIRC - the mirc.exe executable gets quarantined with the following info from the “On Access Virus Alert”:
Virus Name: not-a-virus:client-irc.win32.mirc.62
Ummm, “not-a-virus” reference leaves me scratching a deep groove in my head. If it’s not a virus, why is it getting quarantined?
Next step was to download a fresh copy of mirc from http://www.mirc.co.uk . Tried installing that and again quarantine kicked in, this time it was the file system.dll in “.\local settings\temp<random folder>” with the following info from the “On Access Virus Alert”:
Virus Name: trojan-downloader.win32.agent.bcw
Submitted the system.dll file to www.virustotal.com and reported no virus detected.
Have submitted the system.dll for analysis within the Comodo Anti-virus software.
Have googled for references to the virus name and discovered a few people on various forums have had similar problems with this file being picked up by mistake as a false positive.
Now comes another caveat of the Comodo Anti-virus software. I disabled the On Access Scanner in order to install mIRC, entered an exclusion for mirc.exe, re-enabled the On Access Scanner. The mirc.exe executable once again gets quarantined. Seems exclusions added into the software don’t become effective until after the PC has been rebooted. Feh!
Being in beta, I’m assuming this problem will get sorted soon enough. The Comodo Anti-Virus software does look promising - it does run faster than Avira’s Anti-Virus scanner which I had been using, and the interface is much better than Avira’s as well. Have yet to do a full system scan, though I am a bit dubious of how many more false-positives there will be. And, have yet to see how good the automatic updates are too, which is the primary motivation for checking out Comodo’s Anti-Virus software, am hoping it can be setup silently, unlike Avira which displays popups despite the “silent” mode - very annoying.
Cheers!