Wondering if this is a false positive

For past couple days when scanning a file keeps getting reported as a malware(rootkit hidden)

The file name is: 28c8b86deab549a1.customDestinations-ms

After some searchng I found it has something to do with IE8. Now I don’t think I have IE8 which already got replaced by IE9.

Is this a false positive or is this threat real?

Quarantening didn’t help as the file keeps being generated again.

File location is

C:\Users[User name]\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Anyone can offer insight? Please?

That is where your jumplists are stored.

for those using windows 7/2008 server with mandatory profiles. i have just found where the jump lists are contained. i.e. adding a user specific word file to a pinned word app on the taskbar or a perticular folder to the windows explorer they are here.


a copy in on log-in and log-off works a treat!
or the whole recent folder

Source: http://www.apug.info/viewtopic.php?t=970&p=3493 .

It is likely a false positive. Please submit the file to Virus Total for a second opinion and leave the url to the report page here.

Thanks Eric, you’re the man still. Seems much of Comodo’s current community has been largely unhelpful.

I tried uploading to Virus total but couldn’t when selecting the file nothing gets selected in the Virus Total browser.

That is annoying when the file cannot be uploaded. Can you copy it to another folder and try uploading it from there or try another browser.

Can you install Unlocker? Then after installing navigate to the file using Explorer, click right on the file and choose Unlocker from context menu. Unlocker will tell if and what program has a handle on the file. You can also use Unlocker to copy the file to another folder so you can try uploading it again VT.

Woot I just checked back on this thread again.
Thanks Eric. I’ll try that.