False positive in v3.99.35 beta (now FIXED)

Started by amino, October 07, 2010, 12:10:39 PM

Previous topic - Next topic

amino

The file plactivate.exe is a Malware dialer and had infected my firefox cache too!!!
I,m not happy about this.
The virus was found with commodo anti virus.

Scott

#1
Quote from: amino on October 07, 2010, 12:10:39 PM
The file plactivate.exe is a Malware dialer and had infected my firefox cache too!!!
I,m not happy about this.
The virus was found with commodo anti virus.

Assuming you got that file from Bitsum.com, it is absolutely a false positive.  No part of Process Lasso--of any version--is malware of any type.  Commode Antivirus probably detected the netcode in this file and blindly assumed it was malicious.

I just ran a scan of plactivate.exe (dated Oct 7 2010, from PL version 3.99.35 beta, MD5 ca7d08d9e818a6e60352c1aaf27b89e4) on VirusTotal.  None of the 43 scanners reports a direct identification of this file as malware.  Three of them mark it "suspicious" (again, probably because of the netcode) or throw a "generic" label on it, and one detects that it was compressed with a runtime packer.  None of these detections are meaningful.

And on VirusTotal, Commode doesn't detect anything.

Jeremy Collake

#2
This was confirmed as a false positive by Comodo. I've been in contact with them and a resolution is pending, if not already issued (a new signature database just went out, fix maybe in it).

UPDATE:

This FALSE ALARM has been resolved by COMODO, so update your COMODO Anti-Virus and it will go away.

Please, remember, take into consideration the trust of who you go the software from too. Don't jump to conclusions. Your security software isn't infallible. That's why in its own user interface they include an area to submit EITHER suspicious files OR false positives. -- Because false positive happen THAT often. They are EXTREMELY common. Ask anyone. Please.

Once you are satisfied this was a mistake at no fault of ours, and there was no malware, then I beg of you to update your web of trust rating where you say we have malware in our software.

I don't blame you for reacting like you did. I just hope you are now satisfied that it isn't actually malware, it was a false positive.
Software Engineer. Bitsum LLC.

Scott

Posting a review/rating on Web of Trust before Bitsum even had a chance to respond to the issue was rather inappropriate and unnecessary.  I invite users who understand what Bitsum is about and how beta software works to post their own rating/review there.

Jeremy Collake

#4
Email from COMODO confirming Fix in new signature database:

from Comodo AntiVirus Lab <info@*.comodo.com>
to support@bitsum.com
date Thu, Oct 7, 2010 at 10:02 PM

Hi,

This is to inform you that false-positive with
<plActivate.exe> (SHA1: <ca72dccd533d3aad086668a597e67b73f54d601a>)
has been fixed.
You can update to AV database Version <6317> of  Comodo Internet Security Version<5.0.162636.1135> and confirm it.

Regards,
jiaoguoqiang
Comodo AntiVirus Lab
2010-10-8


I commend Comodo for responding quickly to this false positive, sadly not every company is that quick ;o. Users remember --- Take the word of your anti-virus software as a 'suggestion', not as the word of God. If it tells you something is 'in' software downloaded from a vendor you trust -- ask questions first, because it is probably a false positive.
Software Engineer. Bitsum LLC.