Windows update KB915597 must be a FP surely? [fixed]

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
#1

COMODO Internet Security Logs
Table : Antivirus Logs
Date Created : 13/01/2010 08:45:20
Log Scope : Today
Records count : 22
Date/Time Action Location Malware Name Status
1/13/2010 7:52:36 AM Detect C:\ed30544af41e5deeb920a71b5a29\1E2BA435-F964-4DC1-AADF-C149A274878Empasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 7:53:37 AM Detect C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\BITE114.tmp UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:03 AM Ignore C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\BITE114.tmp UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:03 AM Detect C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\BITE114.tmp UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:06 AM Ignore C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\BITE114.tmp UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:06 AM Detect C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\BITE114.tmp UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:13 AM Ignore C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\BITE114.tmp UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:13 AM Detect C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\ebe7e8ae83e7dd1eed5a656aa198a1b92e448540 UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:18 AM Ignore C:\Windows\SoftwareDistribution\Download\a383503de042b0ccf6cf7e0dc502adae\ebe7e8ae83e7dd1eed5a656aa198a1b92e448540 UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:19 AM Detect C:\Windows\SoftwareDistribution\Download\ebe7e8ae83e7dd1eed5a656aa198a1b92e448540 UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:30 AM Ignore C:\Windows\SoftwareDistribution\Download\ebe7e8ae83e7dd1eed5a656aa198a1b92e448540 UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:42 AM Detect C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:48 AM Ignore C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe UnclassifiedMalware[at]91598294 Success
1/13/2010 7:54:52 AM Detect C:\e92ab48f1e49abdf47d0\mpasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 7:55:34 AM Detect C:\c24e345301748099d459e2\mpasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 7:55:47 AM Detect \Device\HarddiskVolumeShadowCopy22\Windows\SoftwareDistribution\Download\Install\mpas-d.exe UnclassifiedMalware[at]91598294 Success
1/13/2010 7:57:30 AM Detect C:\630560b8b2767c158f9095cd\mpasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 7:57:32 AM Detect \Device\HarddiskVolumeShadowCopy23\Windows\SoftwareDistribution\Download\Install\mpas-d.exe UnclassifiedMalware[at]91598294 Success
1/13/2010 7:58:44 AM Detect C:\0dbd4e4e7b66859129a499510af2\mpasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 7:58:47 AM Detect \Device\HarddiskVolumeShadowCopy24\Windows\SoftwareDistribution\Download\Install\mpas-d.exe UnclassifiedMalware[at]91598294 Success
1/13/2010 7:58:48 AM Quarantine \Device\HarddiskVolumeShadowCopy24\Windows\SoftwareDistribution\Download\Install\mpas-d.exe UnclassifiedMalware[at]91598294 Success
1/13/2010 7:59:29 AM Detect C:\Windows\SoftwareDistribution\Download\ebe7e8ae83e7dd1eed5a656aa198a1b92e448540

#2

Hi patrice58,

Thanks for reporting.We are going to check that and get back to you.

Regards,
Haja

#3

Thank you for such a quick reply.

#4

Yes I also got this file (mpasdlta.vdm ) today. Only when I try to update my Windows 7. Something breaks Window’s updating process and then COMODO detects this file and claims that it is malicious.

#5

Yep that’s the one. Lets see what is said about this.

#6

I just wanted to confirm that I had the same issue this morning as well. It detected the same file “…mpasdlta.vdm”. I’m running Windows 7 Ultimate 64-bit.

Thanks.

#7

similar situation here also,
win7, booted this morning, to find this

1/13/2010 3:12:13 AM Detect C:\ProgramData\Microsoft\Windows Defender\Definition Updates{84067CFB-05BE-4047-9DBF-8BBAC8F6401C}\mpasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 1:04:47 PM Detect C:\ProgramData\Microsoft\Windows Defender\Definition Updates{84067CFB-05BE-4047-9DBF-8BBAC8F6401C}\mpasdlta.vdm UnclassifiedMalware[at]91598295 Success
1/13/2010 1:06:35 PM Detect E:\57e990c8a0c92878d64f81dac4931a48\3C8A03C2-2A7B-4CFC-A569-6C33460E4D4Cmpasdlta.vdm UnclassifiedMalware[at]91598295 Success

… it seems to be a definition update for windows defender. has to be a false positive, right?

Its present on E:/ which is a removable USB drive due to the strange way windows updater unpacks/ likes to use the largest drive…

#8

Hi patrice58,

The false-positives were fixed with DB 3570. You can check to confirm.

#9

Hi slowdow,

The false-positive mentioned here is the same as the one reported on the beginning of this topic, FP which is already fixed. You can update CIS virus database to verify.

Regards,
Ionel

#10

Great work team. Thread locked if anyone wants to reopen this thread give me or a mod a pm.