Hi guys, got an odd false-positive from CAV.
It’s in two directories (one’s a big string of hex digits, the other is called “backups”) inside this directory:
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\
The file is named “mpasdlta.vdm”, the file modification date is January 11 (yesterday, and I believe my Windows Defender did update its definitions yesterday), and the file is digitally signed by Microsoft.
It appears ONLY the on-access part of CAV detects it as FP. It was detected when I happened to access the file as part of something that touches all files on the entire drive (turning off windows’ indexing for the C: drive).
When I right-click the file and select “Comodo Antivirus” for an on-demand scan, it finds nothing wrong with the file. Scheduled and manual whole-computer scans find nothing wrong, either. Curiously, though, realtime CAV doesn’t complain when I right-click and do “properties” on the file… but it did when I turned off indexing and Windows tried to clear the file’s indexing bit.
Also odd is how the detection looked. I didn’t get the usual CAV alert (bottom-right of screen, the usual look). Instead it was on the lower-left corner of the screen, and resembled one of CIS’s “balloon messages”. It stayed up for a few seconds, then disappeared. These weird-looking alerts WERE logged in “Antivirus Events”, but were NOT quarantined even though I have “automatically quarantine” set ON (the files were left in-place, and my quarantine is empty).
According to CAV Events log, “Malware Name” is: “UnclassifiedMalware[at]91598295”
File size: 1.51 MB (1,585,552 bytes)
Created: Monday, January 11, 2010, 12:00:36 PM
Modified: Monday, January 11, 2010, 12:00:31 PM
This almost certainly MUST be a false positive. Can you fix it, guys? Thanks.