Comodo found malware@0

Started by franck1530, December 09, 2021, 03:03:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

franck1530

December 09, 2021, 03:03:29 AM
for several days, I have Comodo which blocks the access API Win32, because it detects a malware@0 in the file 25bbf886.dll.
and that with different version. always the same file.
file is %user%\AppData\Local\Temp\par-6672616e63\cache-exiftool-12.37\25bbf886.dl

what is this file, and is a false positive ?

Thx

StarGeek

#1
December 09, 2021, 11:04:53 AM
Quote from: franck1530 on December 09, 2021, 03:03:29 AMwhat is this file, and is a false positive ?

It's a false positive.

Exiftool is a Perl program, even the Windows "executable" is Perl.  The way the Windows executable works is that it uses the Perl PAR::Packer to create a stand-alone executable.  The very first time your run the executable, it extracts the Perl program and a minimal Perl interpreter to actually run the program. The offending file is part of that interpreter. Some virus checkers flag this as possibly malicious behavior. 
"It didn't work" isn't helpful. What was the exact command used and the output.
Read FAQ #3 and use that cmd
Please use the Code button for exiftool output

Please include your OS/Exiftool version/filetype

obetz

#2
December 11, 2021, 12:24:21 PM
franck1530, you might want to try my "alternate installer". My main motivation was to avoid the silent extraction to %temp%.

The (Inno Setup based) installer gets sometimes false positives at VirusTotal (currenty only CrowdStrike Falcon), the ZIP archives nothing.

Oliver
Print
Go Up Pages1
User actions