Is this a false positive? Trojan in AEC.SYS?

Hi malware fighters,

Upon opening my normal user account of XP SP2 Comodo BOClean alerts for a trojan trying to start up from a file named AEC.SYS in C:\WINDOWS\SYSTEM32|DRIVERS\ . This is the Microsoft Accoustic Echo Canceller version 5.1.2601.2180. I do not see any wrong with it, neither are the scanners of Avast, DrWeb, Ewido, A-squared, ClamWin. Could not update to jotti or virustotal because their servers were busy, but I have a hunch that this could be a FP. Annoyingly BOClean starts to ask whether I want to delete this specific system file, because it said DLDR-GAMES D MALWARE was stopped starting from this file, every tine ComodoBOClean starts up. While I got the data of virustotal:
Antivirus Version Update Result
AhnLab-V3 2007.5.21.1 05.21.2007 no virus found
AntiVir 7.4.0.23 05.21.2007 no virus found
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.21.2007 no virus found
AVG 7.5.0.467 05.21.2007 no virus found
BitDefender 7.2 05.21.2007 no virus found
CAT-QuickHeal 9.00 05.21.2007 no virus found
ClamAV devel-20070416 05.21.2007 no virus found
DrWeb 4.33 05.21.2007 no virus found
eSafe 7.0.15.0 05.20.2007 no virus found
eTrust-Vet 30.7.3649 05.21.2007 no virus found
Ewido 4.0 05.21.2007 no virus found
FileAdvisor 1 05.21.2007 No threat detected
Fortinet 2.85.0.0 05.21.2007 no virus found
F-Prot 4.3.2.48 05.21.2007 no virus found
F-Secure 6.70.13030.0 05.21.2007 no virus found
Ikarus T3.1.1.7 05.21.2007 no virus found
Kaspersky 4.0.2.24 05.21.2007 no virus found
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.21.2007 no virus found
NOD32v2 2281 05.21.2007 no virus found
Norman 5.80.02 05.21.2007 no virus found
Panda 9.0.0.4 05.20.2007 no virus found
Prevx1 V2 05.21.2007 no virus found
Sophos 4.17.0 05.20.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.21.2007 no virus found
TheHacker 6.1.6.119 05.21.2007 no virus found
VBA32 3.12.0 05.21.2007 no virus found
VirusBuster 4.3.7:9 05.21.2007 no virus found
Webwasher-Gateway 6.0.1 05.21.2007 no virus found

File size: 142464 bytes
MD5: 1ee7b434ba961ef845de136224c30fec
SHA1: 49d7d3e3d1da9a8b7e9d5fcb8eac560634b84e24
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1ee7b434ba961ef845de136224c30fec

polonus

Hi malware fighters,

It is indeed a FP, after the update the alert has gone. So who has Comodo BOClean, check and double check the alerts.

polonus

I can’t recall (I didn’t have BOClean installed very long), but I believe that the default settings for what action to take if an infected file is found is ‘delete’ that is a really dangerous default action.

So if you don’t rummage around in the program settings to get to know the application (and many don’t) you may never know until a deleted file is required and you get an error can’t find file, etc.

So I assume you changed that default action to confirm/ask, either that or I’m wrong in my assumption (not uncommon ;D).

Hi DavidR,

I would not like to have any security program that starts deleting files from my computer. Whenever something comes up, I like to check, get a second opinion (from our community etc.) before the program is allowed to do anything to a file other than alert it. And I think that makes common sense, because else a security program could easily wreak havoc or damage the OS to cripple it.
As Norton recently demonstrated one completely wrong AV update could make you cannot longer work your OS.

polonus

You can open the BOClean GUI and there is something there to access settings, as I said I can’t be certain of the default settings as I uninstalled it ages ago, but it is worth checking.

Hi DavidR,

I am fully satisfied with the settings and workings of COMODO BOClean. Only tried to mention this FP, that disappeared after the next update was installed. The only thing is not to delete files or click yes to BOClean asking, because else you would have lost a system file.

polonus