Help → Virus?

Virus?

Hi, first thank you for a remarkable piece of software.
Anyway, tried to upgrade to version 1.1.1. When setup downloaded
inetc.dll comodo antivirus marked the file as a trojan.
First extract from POPFile installer log. Then Comodo Antivirus

POPFile v1.1.1 Installer Log

Command-line: "C:\DOCUME~1\nenne\LOCALS~1\Temp\7zOB.tmp\setup.exe"
Installed by: nenne (Admin)
UAC Username: nenne (Admin)
PFI Language: Swedish (1053)

Installation started 26-Nov-2009 @ 18:57:46

.......................................

"SSL Support" Section (entry)

Downloading IO-Socket-SSL.tar.gz file from http://ppm.tcool.org/archives/
Kunde inte ladda: C:\DOCUME~1\nenne\LOCALS~1\Temp\nshE.tmp\inetc.dll
Download of IO-Socket-SSL.tar.gz file failed
(error: /CAPTION)

"SSL Support" Section (exit)

'Add POPFile User' will be called to configure POPFile

Main program installation finished 26-Nov-2009 @ 18:58:34

Backup file 'install.log.bk3' updated
Backup file 'install.log.bk2' updated
Backup file 'install.log.bk1' updated
Log report saved in 'E:\Inet\POPFile\install.log'
Slutförd
..........................................
COMODO Internet Security Logs


Date Created: 2009-11-26 19:10:09
Log Scope: All The Times
Date/Time Action Location Malware Name Status
2009-11-26 18:57:56 Detect C:\Documents and Settings\nenne\Local Settings\Temp\nshE.tmp\inetc.dll TrojWare?.Win32.TrojanDownloader?.Bits.~A@4520618 Success
2009-11-26 18:58:22 Remove C:\Documents and Settings\nenne\Local Settings\Temp\nshE.tmp\inetc.dll TrojWare?.Win32.TrojanDownloader?.Bits.~A@4520618 Success
End of The Report

Is this a false positive or?

nenneb
11/26/09 19:21:37
Tree View Flat View (newer first) Flat View (older first)
  • Message #1122

    It is a false positive. Our Windows installer is built using an open source installer package (NSIS) and the inetc.dll is one of the open-source plugins used by the installer. Sadly some malware also uses NSIS and its download plugins.

    The Does POPFile contain a virus/trojan/adware ? page in our wiki discusses this kind of problem.

    If you want a second opinion there are several sites where you can upload a suspicious file and they will run dozens of different anti-virus scanners for you and generate a report. If only one or two scanners find a problem then the file is probably safe to use.

    http://www.virustotal.com/ is one such site (the last time I looked at it they used over 30 different scanners); there are similar sites but I don't have any other links handy.

    Brian

    brian
    11/26/09 20:00:34
    • Message #1123

      Thank you Brian for your quick response. I well check your hints.

      / nenne

      nenneb
      11/26/09 23:24:09
Tree View Flat View (newer first) Flat View (older first)