Comodo found malware@0

Started by franck1530, December 09, 2021, 03:03:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

franck1530

December 09, 2021, 03:03:29 AM
for several days, I have Comodo which blocks the access API Win32, because it detects a malware@0 in the file 25bbf886.dll.
and that with different version. always the same file.
file is %user%\AppData\Local\Temp\par-6672616e63\cache-exiftool-12.37\25bbf886.dl

what is this file, and is a false positive ?

Thx

StarGeek

#1
December 09, 2021, 11:04:53 AM
Quote from: franck1530 on December 09, 2021, 03:03:29 AMwhat is this file, and is a false positive ?

It's a false positive.

Exiftool is a Perl program, even the Windows "executable" is Perl.  The way the Windows executable works is that it uses the Perl PAR::Packer to create a stand-alone executable.  The very first time your run the executable, it extracts the Perl program and a minimal Perl interpreter to actually run the program. The offending file is part of that interpreter. Some virus checkers flag this as possibly malicious behavior. 
* Did you read FAQ #3 and use the command listed there?
* Please use the Code button for exiftool code/output.
 
* Please include your OS, Exiftool version, and type of file you're processing (MP4, JPG, etc).

obetz

#2
December 11, 2021, 12:24:21 PM
franck1530, you might want to try my "alternate installer". My main motivation was to avoid the silent extraction to %temp%.

The (Inno Setup based) installer gets sometimes false positives at VirusTotal (currenty only CrowdStrike Falcon), the ZIP archives nothing.

Oliver
Print
Go Up Pages1
User actions