WinCDEmu-3.4-signed.exe

goodjohn1984 · November 21, 2010, 8:11pm

Comodo detected this as possible malware, I think it is just a false positive.

Heur.Suspicious@132525079

MD5 : 5334cc5a5064006ae1a801e7e9940bac
SHA1 : 8af59d2db8097d5be498c2b7246a3eb152f92cc3
SHA256: c73c290a2c648eed2dd9d6064333c7e0ebca0114b890eebc7afffcbb0353e202

http://www.virustotal.com/file-scan/report.html?id=c73c290a2c648eed2dd9d6064333c7e0ebca0114b890eebc7afffcbb0353e202-1289074182

http://camas.comodo.com/cgi-bin/submit?file=c73c290a2c648eed2dd9d6064333c7e0ebca0114b890eebc7afffcbb0353e202

http://wincdemu.sysprogs.org/portable/

[attachment deleted by admin]

Valentinchen · November 21, 2010, 8:53pm

Hey and Welcome to the forums!

I would recommend you to sandbox it in case you don’t know that it’s surely a safe application. I have scanned it with malwarebits, comodo AV, hitman pro and this webscanner.

http://virusscan.jotti.org/en/scanresult/0be506bf7b772f2b4f30dd08291ebdd58931e995

No malware was found so I would say that it’s a FP (false positive).

I have sent the file to comodo labs so they will check it out

I have attached hopefully a clean one (I have download it from sourceforge.org)

Regards,
Valentin

[attachment deleted by admin]

goodjohn1984 · November 21, 2010, 9:35pm

Thank you.

Valentinchen · November 21, 2010, 9:37pm

was it clean or did you get warning?

goodjohn1984 · November 21, 2010, 9:54pm

I have Malwarebytes, Hitman Pro, Norton Power Eraser, CIS, I uploaded it to VirusTotal and CAMAS; all shown that it was clean, except CIS auto-quarantined it (I have it set to auto-quarantine, and I have the Heuristics set to High).

I downloaded it from the official website, so I think it is just a false positive.

HeffeD · November 21, 2010, 10:01pm

If you’re going to run heuristics set to high, I wouldn’t recommend auto-quarantine as you are going to be getting a lot of false positives with the heuristics cranked up. I’d recommend leaving heuristics at the default low.

goodjohn1984 · November 21, 2010, 10:27pm

Hello thank you for the suggestion,

But, on every false positive that I have tested, CIS detected it even when set to low; so the heuristic setting has never matter in every case that I have tested.

I imagine it can be more likely to cause false positives for some but so far I have not had that problem really and even if I do, I know how to report the file to have it re-tested; that is what this section of the forum is for, so it will help the team deal with and prevent false positives in the future.

I use the quarantine option because I know I can un-quarantine it, if it turns out to be a false positive, so it is not a problem for me really.

I enjoy doing my part and helping alert the team to issues/problems/etc.

Thanks for commenting.

Valentinchen · November 21, 2010, 10:30pm

We are here to help each other

goodjohn1984 · November 22, 2010, 7:08pm

Ooops, I uploaded the wrong file, the Portable version is what is being detected as possible malware, not this version.

I will create another report for that file, so this one can now be closed.