vlc-cache-gen.exe

Gedstar · December 10, 2013, 7:46pm

Just installed the latest version of VLC Player and Comodo is flagging this as a Virus vlc-cache-gen.exe, is this a false positive, tried to submit to Comodo but failed. Never had any issues with VLC Player before and ran MalwareBytes and Superantispyware and neither of them reported this as risk, so what’s going on?

FlorinG · December 10, 2013, 8:06pm

Hello Gedstar,

Please try submitting the detected sample using the following link:

If that is not possible you can use any file-sharing website to upload the file then give us the link.

Thank you!

Best regards,
FlorinG

Gedstar · December 10, 2013, 8:18pm

Thanks for the quick response, file has been uploaded

manueljlopez · December 11, 2013, 3:27am

I have the same problem today. I quarantine the file. Also try to submit it thru CIS but failed. Why failed? I have been having this problem every time I try to submit a quarantine file. The item name is “Malcrypt.Indus@105441913” and the location is “vlc-cache-gen.exe”

Gedstar · December 11, 2013, 11:47am

So what happens now that the file has been submitted, I have not quarantined the file just added it to my exclusion list, as I think it’s a false positive, have checked with VLC player on another system and the same file is there. Have ran various other Malware and Antivirus utilities and none of them have flagged this as a risk.
So when do we find out whether it’s a false positive or not? :THNK

siketa · December 11, 2013, 11:54am

They will reply after analysis is over…probably today.

Gedstar · December 11, 2013, 12:26pm

Cheers :-TU

khanyash · December 11, 2013, 12:48pm

Did you upgraded VLC or it was a fresh install?

When 2.1 was released, the same file was detected here on upgrading but not detected on fresh install, so try fresh install.

Try restoring the file & check if detected again.

Read here…

https://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-t99545.0.html

Gedstar · December 11, 2013, 1:29pm

Had already read the link before posting here, firstly I did an upgrade and then after reading the above link I tried a fresh install, wasn’t detected during the fresh install but after about 5 mins Comodo flagged it as malware again.
Did not have any issues with the previous version on either my PC or Laptop
Have put the file into my excludes list as I’m sure it’s a false positive, will wait to see what Comodo comes back with

Just done an upgrade on my work PC and scanned with MSE, MalwareBytes and SuperAntispyware and no malware detected

Cheers for the response
gedtar

spywar · December 11, 2013, 6:00pm

Just wait until Comodo release a fix, if not done tomorrow, you should post it in the unfixed FP’s after 2 days…

FlorinG · December 11, 2013, 6:31pm

Hello Gedstar,

Can you confirm that the SHA1 of the detected file is: 71fb8e0be60e8d17268508b28a0a35b9d92e8524 ? If the answer is yes, a fix for this False Positive will be available soon.

Thank you,

Best regards,
FlorinG

khanyash · December 11, 2013, 7:08pm

Like recurring FPs for some programs, it has also started with VLC. Previous version of VLC, the same file was detected & again with this version of VLC.

Instead of fixing everytime, why dont Comodo do something about these recurring FPs? This is really annoying & irritating, not to mention waste of time to post the same file with every new version of the software.

Plzz do something better…

spywar · December 11, 2013, 7:13pm

Actually it seems like they are already dealing with such issues.
For example Siketa noticed that RogueKiller which was detected with every updates isn’t anymore now…Some others programs too.
So now they’ll have to do something with VLC for not getting detected with every new updates because of automated analysis systems…

khanyash · December 11, 2013, 7:29pm

This recurring FPs issue is quite from a long time. They have solved some programs but whats the difference if recurring FPs for other programs starts.

Sometimes I feel like switching to other AV as there are other probs too like sometimes double databases file in the scanners folder, sometimes GUI doesn’t start for quite a long time when net is not available, etc… & a strange prob that I have mentioned before too & it happened today too.

I clicked on Run Unlimited on the popup. After installation completed & VLC opened it was autosandboxed & I clicked on dont isolate again, it asked for password? Can anyone try this with VLC & also check if it is a bug? Make sure CIS is password protected.

Same thing happened with Adobe Flash. During update some gtb file was autosandboxed, I clicked on dont isolate again & it asked for password.

Citizen_K · December 11, 2013, 7:58pm

I found a bug last week that seems to affect CIS on the 64 bit platform. When installing a program using a trusted installer and “Trust files by trusted files” enabled CIS (x64 only) will not automatically add executables to the Trusted Files list.

I noticed that when installing GIMP on a 64 bit computer of a customer GIMP would not function properly because the plugin files all got sandboxed. I reproduced it at home to be specific for 64 bit installations of CIS.

G_arDian · December 12, 2013, 7:52am

I have the same exact issue and it was triggered when installing not the desktop version but rather the portable version (which contains the same main files) on the file (vlc-cache-gen.exe). I can’t give you a hash because despite telling Comodo to quarantine it, it deleted it. Although I was installing on a x64 machine, it was the portable version done through a platform installer, so the host OS shouldn’t be an issue.

[tr][td]Date[/td] [td]Location[/td] [td]Malware Name[/td] [td]Action[/td] [td]Status[/td] [/tr] [tr] [td]2013-12-11 14:38:48 [/td] [td]X:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe [/td] [td]MalCrypt.Indus![at]105441913 [/td] [td]Quarantine [/td] [td]Success [/td] [/tr] [tr] [td]2013-12-11 14:38:05 [/td] [td]X:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe [/td] [td]MalCrypt.Indus![at]105441913 [/td] [td]Ask [/td] [td]Success [/td] [/tr] [tr] [td]2013-12-11 14:38:03 [/td] [td]X:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe [/td] [td]MalCrypt.Indus![at]105441913 [/td] [td]Detect [/td] [td]Success [/td][/tr]

This seems to be the exact issue in this post, maybe someone can combine them? Apparently this also came up in the past (3 years ago) in this post also for a legit installer.

Gedstar · December 12, 2013, 11:08am

So what happens now?

Priyadharsini · December 12, 2013, 11:42am

Hi GµårÐïåñ,

Please update your AV database Version <17426> of Comodo Internet Security Version <6.3.302093.2976> and check again.
If detection is still present, please submit the file or installer on Comodo forums at https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detecte-b154.0/

Regards,
Priyadharsini G

Citizen_K · December 12, 2013, 4:41pm

Did you check with the latest database?

I just checked and it does not get detected anymore. It seems fixed.

Gedstar · December 12, 2013, 4:55pm

Hi all

Just checked today and I can confirm that all is good again, cheers for the update, have removed from the excluded list and ran a scan on the folder and it’s not getting detected anymore

Thanks to Comodo and all for the help

Gedstar